In May, Mr. Rechtenstein returned to his home in Seoul from a trip abroad. While self-isolating at home, he became curious about the government’s seemingly simple app and what extra features it might have. That prompted Mr. Rechtenstein to peek under the hood of the code, which is how he discovered several major security flaws.
He found that the software’s developers were assigning users ID numbers that were easily guessable. After guessing a person’s credentials, a hacker could have retrieved the information provided upon registration, including name, date of birth, sex, nationality, address, phone number, real-time location and medical symptoms.
It would seem that each country has had its sway.
The Times found this spring that a virus-tracing app in India could leak users’ precise locations, prompting the Indian government to fix the problem. Amnesty International discovered flaws in an exposure-alert app in Qatar, which the authorities there quickly updated. Other nations, including Norway and Britain, have had to change course on their virus apps after public outcry about privacy.
Although Australia’s issue seems to have been that it does not work.