The Hong Kong government has criticized a report by a good overseas cybersecurity firm as “inaccurate” after the company claimed the city’s Leave Home Safe Covid-19 risk-exposure app was vulnerable to data leaks plus phishing attacks.
The Office of the Authorities Chief Information Officer on Thursday issued a statement that will maintained the cellular app was safe and reliable, adding it had flushed various risk assessments and audits by independent professionals.
“Protection of personal privacy has always been the prime goal in the app’s style, development and use. No registration is necessary and all data related to personal privacy stored in the app will be masked and encrypted, ” the government body said.
The particular statement followed the release of a report on Wednesday by Poland-based 7Asecurity which claimed to have uncovered at least 12 vulnerabilities in the risk-exposure app which could lead to phishing attacks or data leaks.
The cybersecurity firm also recommended the app may not have been properly checked by a “competent security firm”, adding the program also had the particular “presence of encounter recognition code”.
But the government office said it was “strongly opposed to the incorrect report and unjust accusation”.
“The number of downloads has exceeded eight million since its launch more than one year ago, and as a digital tool commonly used by the public on a daily basis, no security or privacy-related situations have been reported. ”
A spokesman for the body also reiterated that the Leave Home Secure app, which was first launched in late 2020, had strictly followed government requirements on info security and personal privacy protection.
He added that the app’s facial recognition perform had never been used and has been removed in May.
“Prior to the launch of all major updated versions, the application has passed privacy impact assessments, security risk assessments and audits conducted simply by independent professional 3rd parties to ensure that the particular app is safe plus reliable, ” he said.
Francis Fong Po-kiu, honorary president of the Hong Kong Information Technology Federation, stated elements of 7Asecurity’s report was based on outdated data.
“The face recognition tale was back in May and the module had been removed since, ” he said, adding he was pleased with the transparency of the government’s security and privacy risk tests.
“The relevant reports have been uploaded online for public reference. ”
The project by 7ASecurity was sponsored by the US Open up Technology Fund, an independent non-profit organisation that advocates counteracting repressive censorship and monitoring.
The account is supported by a grant from the United states of america Agency for Global Media, an independent agency of the US government, which also oversees Voice of The united states, Radio Free Asia and the Office of Cuba Broadcasting. – South China Early morning Post