Hundreds of third-party apps in Android devices were given access to sensitive data logged by contact-tracing apps built on Google and Apple’s API, according to security researchers.
AppCensus, a US-based start-up that specializes in analyzing the privacy practices of Android apps, was granted almost $200,000 by the Department of Homeland Security earlier this year to test and validate the reliability of contact-tracing apps.
The company’s researchers found that Android phones logging data from apps using Google and Apple’s Exposure Notifications System (ENS) were recording key contact-tracing information within the device’s system logs – which is used for debugging purposes, and is normally where apps receive information about user analytics and crash reports.
SEE: 5G smartphones: A cheat sheet (free PDF) (TechRepublic)
Not all apps can read system logs; but in Android, Google allows some hardware manufacturers, network operators and commercial partners to pre-install “privileged” apps. Part of the privilege is access to system logs.
In any stock Xiaomi Redmi Note 9, for example, 54 apps are allowed to read system logs, while this is the case of 89 apps in a Samsung Galaxy A11. “They are now receiving users’ medical and other sensitive information as a result of Google implementation,” said AppCensus co-founder and forensics lead Joel Reardon in a blog post.
Google and Apple jointly released ENS last year, as a way of assisting health authorities around the world in building contact-tracing apps compatible with the privacy imperative that, according to both companies, underpins the Android and iOS ecosystems.
The API developed by Apple and Google enables governments to create decentralized contact-tracing apps that rely on Bluetooth signals.
Devices fitted with the app emit anonymous identifiers that change periodically, called rolling proximity identifiers (RPIs), which are broadcast through Bluetooth so that they can be “heard” by surrounding phones that are also using the app. As well as broadcasting RPIs, therefore, handsets also log all the RPIs that they hear.
If a user later tests positive for COVID-19, the health authorities issue a list of all the RPIs attached to that user’s phone. On each device, a comparison is drawn between the list of infectious RPIs and those logged by the app, and a notification is issued to the user if a risky contact is detected.
All of the match-making is carried out locally on the phone, and in principle, no data should leave the device unless a user decides to share with health services that they have tested positive for COVID-19. This is why Google and Apple call their system decentralized, and have pitched ENS as protecting privacy by design.
A large number of users have now downloaded contact-tracing apps that were created thanks to Apple and Google’s ENS. In the UK, the NHS COVID-19 app was downloaded over 21 million times, for instance, while Germany’s CoronaWarn app is used by over 25 million residents.
AppCensus’s findings now show that the privacy promise made by the two tech giants has some shortcomings. Reardon and his team found that both RPIs that are broadcast and those that are heard can be found in Android phones’ system logs – and for the RPIs that were heard, the device also logs the current Bluetooth MAC address of the sending device.
“Of course, the information has to be logged somewhere in order to do the contact-tracing, but that should be internally in the ENS,” Gaetan Leurent, researcher at the French National Institute for Research in Digital Science and Technology (INRIA), who did not participate in the research, tells ZDNet. “It is unsettling that this information was stored in the system log. There is no good reason to put it there.”
Although the RPIs and the Bluetooth MAC addresses are random and anonymized, AppCensus identified several ways that the data could be used and computed to carry out privacy attacks.
Combined with different datasets, the RPIs could be used to figure out whether a user has tested positive for COVID-19, whether they have been in contact with an infectious person, or even – with access to several users’ system logs – whether two people encountered each other.
“The whole contact-tracing system is supposed to be privacy-preserving, and it’s supposed to avoid exactly this kind of information leaking,” says Leurent. “So it really defeats the whole protection that is supposed to be at the basis of this protocol.”
In this case, the fix is easy: all it takes is for Google to stop ENS from logging data in the device’s system log. Reardon stressed that the issue was not an inherent flaw of contact-tracing, but rather an implementation error in the system.
Yet AppCensus reports that when the researchers disclosed the issue to Google the search giant failed to acknowledge or fix the issue. After 60 days elapsed, the analysts decided to follow Google’s own recommendations on bug bounties and make their findings public.
A Google spokesperson told ZDNet: “We were notified of an issue where the Bluetooth identifiers were temporarily accessible to some pre-installed applications for debugging purposes. Immediately upon being made aware of this research, we began the necessary process to review the issue, consider mitigations and ultimately update the code.”
“These Bluetooth identifiers do not reveal a user’s location or provide any other identifying information and we have no indication that they were used in any way – nor that any app was even aware of this.”
According to Google, the roll out of the update to Android devices began several weeks ago and will be complete in the coming days.
For Leurent, who has undertaken extensive research on the privacy issues that come with contact-tracing apps, this only ties in with a wider debate that needs to be held about the benefits and risks of the technology.
The researcher’s previous publications showed that no matter the implementation, there will inevitably be a privacy risk when it comes to using digital technologies for contact tracing. “Now, whether this is a big deal or not is something to be discussed,” he says, “but I think we really need a debate evaluating those risks and benefits. For contact-tracing apps, we’ve never really had those discussions.
“These apps have been used for one year now and we still have very little information about how well they work. My intuition is that the benefits are not very high.”
Research published by scientists from the Alan Turing Institute and Oxford University in the UK recently showed encouraging preliminary results for the NHS COVID-19 app, with experimental calculations concluding that the technology had potentially prevented up to 600,000 positive cases across the country.
However, the researchers themselves admitted that obtaining a complete understanding of the app’s efficiency was scientifically difficult, due to the many factors that could have influenced the results.
Critics, on the other hand, have repeatedly put forward that contact-tracing apps lack accuracy and fail to show relevant benefits unless there is uptake among the vast majority of the population.
The Himalaya Drug Company appoints Rahul Kapoor as CPO
The Himalaya Drug Company has appointed Rahul Kapoor as chief people officer. He will lead the pharmaceutical company’s people and culture agenda, from Dubai.
Kapoor has moved to this new role from Dr Reddy’s Laboratories, where he was the VP, human resources for almost a year. There too, he was responsible for the people and culture agenda for the Company across 25 countries.
Before joining Dr Reddy’s, Kapoor successfully served as executive vice president – India Subcontinent, GlaxoSmithKline (GSK). He spent 12 years in the Company, having joined as head – talent acquisition in February 2008. Less than three years later, he was the HR business partner sales, value chain, procurement , Bangladesh & Nepal. After four years in this role, he found himself heading compensation & benefits , ISC & HRBP – marketing , R&D & global support functions. In 2014, he became HR director – consumer healthcare, South East Asia , Hong Kong , Taiwan, and within eight months he became HR director for Japan , Korea and South East Asia, based out of Singapore. It was in May 2018 that he relocated to Gurugram, when he took over as executive VP – HR, India Subcontinent.
An alumnus of Symbiosis Institute of Business Management, Pune, Kapoor started his journey in HR with ITC, way back in 2001, when he joined as regional HR manager (foods division HO). After a four-year successful stint at ITC, he moved to GE Capital as AVP- HR before entering GSK, where he served the longest stint of his career.
Stressed out docs, medical workers across India seek better treatment, pay
Even amidst the second wave of the pandemic, frontline workers, especially those associated with the medical field and the medical fraternity seem to be disgruntled or ignored. In Surat, around 73 contractual medical officers (MO) from the Surat Municipal Institute of Medical Education and Research (SMIMER) hospital called a flash strike on May 6, asking for a pay hike similar to what the Gujarat government announced for the doctors appointed on contract.
While the MOs have been drawing Rs 60,000 per month, the state government had announced a salary of Rs 1.25 lakh for the contractual doctors. Therefore, the MOs were protesting the fact that their salary was lower than that of the freshers. The Health Department has requested the doctors to refrain from going on strike and that necessary steps would be taken to look into their demands.
Elsewhere, in Bhopal, Madhya Pradesh, junior doctors from six hospitals affiliated with government medical colleges in the State had gone on an indefinite strike demanding better treatment facilities for their colleagues who had been infected during duty. According to the doctors about 25 per cent of the junior doctors were suffering from COVID and hence, they were demanding a guarantee that beds would be allotted to them for treatment.
The Medical Education Minister of the state assured them that their demands would be looked into, following which the doctors called off their strike. The Minister also pointed out to the doctors that a strike amidst a raging pandemic was not fair, and thanked them for being understanding. In Indore, a senior government doctor put in her papers while another threatened to do so accusing misbehaviour on the part of the district administration. The doctor accused the District Collector of Indore of shouting at her in public and calling her incompetent, which she found inacceptable, especially since she has been performing her duties sincerely. The Health Commissioner has yet to accept he resignation.
Meanwhile, in Gurugram, private ambulance operators who had been on strike for two days, returned to work after the Haryana government increased their rates.
As per the Gurugram administration’s directives, ambulances are allowed to charge Rs 500 per km up to 3 km and Rs 25 per km after that. They may charge Rs 750 for a distance of 3 km to 7 km, after which the fare would be Rs 25 per km. For a 7 km distance, the charge would be Rs 1,000 and then Rs 25 per km beyond that.
However, the operators, are demanding further hike. The Private Ambulance Welfare Association, with a fleet of about 250 ambulances in the city, is demanding a rate of Rs 3,500 up to 15 km and Rs 16 per km after that for small ambulances. As for bigger ambulances, they want the rate to be Rs 5,000 for 15 km and Rs 35 per km beyond that. For Advanced Cardiovascular Life Support ( ACLS), they wish to charge Rs 5,500 up to 15 km and Rs 50 per km beyond that.
The operators claim that the strike has only been called off temporarily, and that they would not hesitate to go on strike again if their demands are not met.
The Challenges Businesses Face Re-hiring Post Covid
The coronavirus pandemic has hit many businesses hard, affecting retail, hospitality, tourism and events industries particularly badly. Many businesses have been forced to close or cut back to a few key staff. A YouGov survey in 2020 found that half of businesses said they would have to lay off staff within three months of the furlough scheme ending. Just 34 per cent of 503 business leaders polled said they would not get rid of anyone, while 21 per cent said they would have to cut 10 or more jobs.
But as we come out of all this and the economy opens up again, companies will have to resume business as usual. Many will have little or no staff to fill key roles and will have to recruit quickly. Alan Jenkins, MD of exhibition stand designer Quadrant2Design sums up the worry that many business owners currently have ‘We know we will need to hire in all departments over the coming months, but we don’t exactly know when and how well our industry will return, so every decision requires careful planning’.
So, when is the best time to recruit? Doing it too soon will risk having staff with little to do, but taking too long could jeopardise the running of the business. It will take time to train new teams of staff. If existing staff are over-stretched then customer service and ability to fulfil requirements will be impacted. This could damage the reputation of your business, just when you need to make the most of new opportunities.
The steps you take now will be crucial to coming out on top post pandemic. Things to consider when setting a recruitment strategy:
- Recognise the skills gap in your business
Now is the time to look at the skills gaps you have across the business. Assessing these will allow you to streamline the recruitment process and identify specific gaps. This will ensure that you’re making the correct hire technically as well as culturally. It can be easy to fall into the trap of wanting to grow quickly, without any real regard as to how you’ll do that sustainably.
- Can you upskill internally?
Do you need to recruit someone completely new or can you find a candidate from within the business? Defining that can take some time, ask yourself the following questions before hiring someone new:
- Are the requirements going to take longer than 3 months for my team to learn?
- Are the requirements too niche/technical?
- Are the requirements permanent or temporary?
- Will I/my team be over-stretched if we take on this responsibility together?
If you find that you’re answering “yes” to more than two of these questions, then it’s probably time to start writing a job description.
- Re-assess your interview process
Behavioural interviews are defined as “a technique used in which the candidate has the opportunity to demonstrate their potential for succeeding in the new role, by providing specific examples of how they handled similar situations based on their past experience”
A lot of interviews are based on technical skill and cultural fit, but these are only surface level assessments. Using behavioural interview techniques will not only allow you to understand your candidate pool better, but also give you an insight into how the individual deals with challenges.
Another step that can improve your recruitment process is psychometric testing, also known as aptitude tests. The benefit these have is that there’s no right or wrong answer; it allows you to gain a deeper understanding of the individual being interviewed, as certain tests can reveal how they like to be managed, as well as behavioural style and mental capabilities.
- Onboarding and post-placement care
Your recruitment process shouldn’t cease when a candidate becomes an employee. Post-placement care is vital to ensuring that your new employee feels included and can settle in with ease. What does your candidate experience currently look like? This is especially important if your staff are working remotely.
How can you improve and adapt it? Knowing where to start can be difficult.
- Ask your current employees what they think the candidate experience would be if they were to join the business now.
- Ask candidates during an interview process what their expectations are so you can get an insight into how they think.
Post-Covid, recruitment and training are going to be major issues for many companies. Businesses may have survived the past year with just a few key staff. Training teams of new employees will take time and money. You may be lucky enough to rehire experienced staff or bring them back from furlough. But if you’re starting from scratch you will need a strategy in place.
The best places to retire to in the UK
At Fenetic Wellbeing, we understand how important it is to pick the right place to retire to. With this in mind, we got thinking about what makes a location good to retire to. To figure this out, we asked 1,000 survey participants what makes an area good to retire to and to pick three options, and we found that crime rate was the biggest factor when deciphering what makes somewhere good to retire to. 59.3% of participants said if a location had lower crime rate than where the currently reside, they would consider moving.
We also asked the 1,000 participants if they would consider moving to a different part of the UK if life expectancy in that area was higher than where they currently reside. 79.84% of participants said yes, and 20.16% said no, suggesting many people do not have strong ties to their hometown.
Keeping these factors in mind, we looked at every county in the UK to see which 10 were the best to retire to, and which 10 would be the worst to retire to.
Which counties are the best to retire to?
|Top 10 best counties||Crime Rate|
Rutland comes out on top with a mere 49% crime rate. Rutland has named itself the ‘County of Good Taste’ and boasts that is a great rural escape, and the perfect place to spend time enjoying the great outdoors. The only two towns in Rutland are Oakham and Uppingham, and both towns have their own hidden treasures, cycling routes, boutiques and even a castle! Life expectancy in Rutland averages at 82.2 years which is slightly above the national average of 81.52 years.
Gloucestershire is a county in South West England and is famous for many Cotswold towns and villages such as Bourton-on-the-Water and Cheltenham. The county has many attractions, including the Berkley Castle, and the ruins of Witcombe Roman Villa. Life expectancy is Gloucestershire is 81.2 years, which is nearly on par with the national average of 81.52 years.
Surrey is also a county in South East England and is renowned for being a relatively affluent county. Surrey is very close to the UK capital, London, but despite this, Surrey contains a great deal of mature woodland. The average life expectancy in Surrey 83.15 years, which is way above the national average.
Cornwall is a county in South East England and is on the UK’s most westerly points. The county built its reputation on fishing mining and farming and is known for being one of the most beautiful locations in the UK. The average life expectancy in Cornwall is 81.55 years, slightly above national average.
Wiltshire is a county in South West England, and is very famous for its iconic prehistoric monuments, including Stonehenge. Other famous spots in Wiltshire include the villages of Lacock and Castle Combe, both referred to as the “prettiest villages in England”. Life expectancy in Wiltshire Is 80.8 years, slightly under the national average.
Cambridgeshire is a county in the East of England, and is full of cathedral towns, medieval markets and one of the worlds greatest centres of learning, the University of Cambridge. Life expectancy is 81.2 years, slightly below the national average.
Oxfordshire is a landlocked county in South East England. The county is famous for its centrally located town of Oxford, that homes one of the most famous Universities in the World, Oxford University. The town also boasts a wealth of historical heritage sites, including Oxford Castle and Prison, and the Bodleian Library. Average life expectancy in Oxfordshire is slightly above the national average, coming in at 82.35 years.
Devon is a county in South West England, and is an assortment of spectacular coastline, beautiful beaches and it makes a popular holiday destination. Devon is home to two cities, Exeter and Plymouth, and it has a selection of market towns including Barnstaple, Tiverton and Bideford. The average life expectancy in Devon is 78.5 years, slightly lower than the national average.
Somerset is a rural county in South West England, and is home to two cities, Bath and Wells. Notable towns of Somerset include Yeovil, Bridgwater, Weston-Super-Mare and Chard. Life expectancy in Somerset is 82.2 years, on par with the national average.
Hertfordshire is a county in the East of England, and is full to the brim with stately homes, famous monuments, and traditional English villages. Average life expectancy in Hertfordshire is 82.5 years, which is just above the national average.
Which county comes out on top?
Out of all the counties will the lowest crime rate, Surrey has the highest life expectancy, which in our eyes, makes it the best county to retire to in the UK. Surrey is home to some of the country’s most picturesque towns and villages, including the ones listed here.
All the towns in Surrey have great history, from the medieval to Victorian, and the old sits part of the new modern and vibrant way of life. From the second largest church spire in England, St Martins in Dorking, to Guildford having one of the youngest Cathedrals in England; Farnham with a castle, and Kingston with the Thames. Woking’s town centre square has recently been re-developed, Guildford has the beautiful River Wey and Navigations, while the area near Egham in Runnymede was the site for the Magna Carta.
Surrey has many idyllic villages, with thatched cottages, village halls, village greens with cricket pitches, local pubs, and country walks. Sounds like the perfect place to retire to, right?
Which counties are the worst to retire to?
|Top 10 Worst Counties||Crime Rate|
West Yorkshire takes the top spot for having the highest crime rate amongst every county in the UK. Although this might seem concerning, West Yorkshire Police record that crime is continuing to fall across the county, and police staff are being commended for their efforts to tackle crime and safeguard vulnerable people.
West Yorkshire is full to the brim of vibrant cities, industrial heritage towns, idyllic villages and stunning walkways and cycle ways. So, regardless of the crime rate, you are sure to find beauty and entertainment across the county, and it could still make a good place to retire to if you find the right town or village for you.
So, taking into consideration the top 10 places to retire to above, would you move away from your home town to enjoy a better life expecatny and low crime rate?
American Airlines Passenger Arrested After Alleged Crew Attack
The Reason for Ethereum’s Recent Rally to ATH According to Changpeng Zhao
Chiliz Price Prediction 2021-2025: $1.76 By the End of 2025
Mining Bitcoin: How to Mine Bitcoin
Mining Bitcoin: How to Mine Bitcoin
Teamsters Lead Historic Defeat of CEO Pay at Marathon Petroleum
Talking Fintech: Customer Experience and the Productivity Revolution
Mining Bitcoin: How to Mine Bitcoin
Alaska Court System Temporarily Disconnected the Internet After a Cybersecurity Threat
Amid XRP lawsuit, Ripple appoints former US Treasurer to its board, and names new CFO
Apple is giving a laser company that builds some of its AR tech $410 million
TFT 11.9 B-patch nerfs Mordekaiser and LeBlanc
Incident Detection and Response Basics Greatly Matter
Galaxy Digital Set To Buy BitGo for $1.2 Billion
Education lender Climb Credit taps Zest AI for credit underwriting
When does Destiny 2 Season of the Splicer start and end?
‘DeFi may lead to a paradigm shift’ says Federal Reserve Bank paper
Brembo Debuts Light-Up LED Brake Calipers
Launch of Crypto Trading Team by Goldman Sachs
Overwatch League partners with University of Hawai’i Esports
Big Data1 week ago
AT&T shareholders vote against approving executive compensation
Energy1 week ago
Ozop Energy (OZSC) Secures $2.1 Million in Purchase Orders for Photo-Voltaic Energy System Components
Blockchain1 week ago
Polygon Rolls Out $100 Million DeFi Adoption Fund
Aviation1 week ago
A Clean Sheet Widebody: The Story Of The Airbus A350
Blockchain6 days ago
Munger ‘Anti-Bitcoin’ and Buffett ‘Annoyance’ Towards Crypto Industry
Blockchain6 days ago
Ethereum hits $3,000 for the first time, now larger than Bank of America
Blockchain1 week ago
Derivatives Exchange GlobeDX Raises $18M in Seed Round Led by Blockchain VCs
SaaS1 week ago
AR/VR1 week ago
HTC Teases Reveal of “game-changing VR headsets” at VIVECON
SaaS1 week ago
SaaS1 week ago
SaaS1 week ago