Read the original article: API Security Weekly: Issue #83
Vulnerability: India’s Coronavirus Tracing App
Elliot Alderson discovered API flaws in India’s COVID-19 tracking app, Aarogya Setu. In certain regions, the app is mandatory, and not having it installed can lead to fines or even jail time.
The app can tell users how many people who have tested positive for COVID-19, or who have self-assessed to feel unwell, are nearby within the radius of from 500 meters to 10 kilometers. Or at least that is the theory. In practice, attackers can make the app to show them more.
Read the original article: API Security Weekly: Issue #83