April 15, 2024
Students: Nicolas Serrano
Tutors: <a href=https://www.fing.edu.uy/inco/grupos/gsi/en/team/gustavo-betarte/>Gustavo Betarte</a>, <a href=https://www.fing.edu.uy/inco/grupos/gsi/en/team/juan-diego-campo/>Juan Diego Campo</a>
Since 2019, the world has been experiencing a pandemic without precedents in our current technological era. Governments and other high-profile organizations devoted special efforts to developing and sponsoring mobile applications that, while varying in their goals, tried to help contain the spread of COVID-19 and enable people to have the best quality of life possible. However, while third-party libraries and their impact on the user’s privacy have been studied before, especially those considered trackers, these have found their way into COVID-19 applications backed by high-profile orga- nizations. By trackers we considered third-party libraries included in applications to provide certain functionalities that, in addition, gather information regarding the ap- plication, the device and their use, and send it to their servers. The research for this thesis found that 402 out of 595 studied applications contained at least one tracker. In addition, it was confirmed that sensitive information was transferred to the tracker servers, potentially disclosing the health status of the application users. On the other hand, evidence indicates that governments can improve their data protection impact assessments and the disclosure they make in their privacy policies; the latter also ap- plies to trackers. Finally, SAPITO, an easy-to-use open-source tool, is presented. Based on the knowledge and lessons learned during this research, it was created with the ob- jective of helping privacy teams and researchers to detect automatically data leakages when analyzing third-party libraries in Android applications.