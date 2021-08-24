Three researchers have published a study that points to flaws that could lead to data leaks in the TousAntiCovid application.

Since June, the TousAntiCovid application has been equipped with a statistics collection system. But a study relayed by the specialized site 01net affirms that this addition would make it possible to link several data transmitted to the server and therefore to reveal certain information about the users. The partitioning of data between the different services of the application would not be hermetic.





“By crossing the log events, data leaks appear ” explain the authors of the study. If, for example, a group of people often go to a restaurant together, their diary on the app would be very similar, inferring that they were together in the same place at the same time.

Insecure personal data

Finally, more seriously, the personal identity (name / first name, date of birth) of a user can be found via the event log. And, by deduction, to know the frequentations of the targeted user.

Faced with all these flaws, the researchers believe that improvements are necessary on the TousAntiCovid application downloaded by more than 20 million French people.