The paper at hand offers an analysis of all Android contact tracing apps deployed hitherto by European countries. Each app was closely scrutinised both statically and dynamically by means of dynamic instrumentation. The results reported from static analysis include permissions, API calls, and possible connections to external URLs. Dynamic analysis collected data pertaining to Java classes, network traffic, and intents. We present several key findings regarding static analysis. On the other hand, due also to the fact that we utilised virtual machines to run the apps, the dynamic analysis did not yield significant results and is to be further addressed in future work.
View on arXiv