press enter to search

What to know before using PeduliLindungi surveillance app, according to cybersecurity expert

Ni Nyoman Wira
Ni Nyoman Wira

The Jakarta Post

Jakarta  /  Tue, April 21, 2020  /  04:58 pm
What to know before using PeduliLindungi surveillance app, according to cybersecurity expert

PeduliLindungi's user interface. The app will inform its users about the COVID-19 classification of the area they are in (left) and steps on how to use the app (right). (JP/Ni Nyoman Wira)

Following the launch of the government’s PeduliLindungi surveillance app, which aims to trace and track suspected patients as well as confirmed cases of COVID-19, questions arose over the safety of the users’ personal data stored in the app.

Developed by the Communications and Information Ministry in collaboration with the State-Owned Enterprises (SOEs) Ministry and downloaded by over 1.9 million people, the app cross-references the data stored on its users’ mobile devices through Bluetooth connection. When a user is in the vicinity of another user whose data has been uploaded to PeduliLindungi, the app enables an anonymous exchange of identities, according to its official website. If a user is found to have been in close proximity with confirmed or suspected cases under surveillance, the app will identify them -- a feature that is expected to help fill in the blanks regarding travel history and close contact that are vital to contact tracing and case tracking.

According to Alfons Tanujaya, a cybersecurity expert at computer security firm Vaksin.com, the use of Bluetooth connection can be risky, especially for users who rarely update their Bluetooth app.

“PeduliLindungi requires its users to keep activating their Bluetooth connection. If a user hasn’t updated their Bluetooth app, it would be an opportunity for someone to send them malware,” Alfons told The Jakarta Post on Tuesday. 

Usually, users are notified if their smartphone is ready to be paired, either with their wireless earphones or other people’s smartphones using Bluetooth. However, it’s possible they won’t receive such a notification if they are not using the latest version of the Bluetooth app, said Alfons.

When malware is successfully sent to a smartphone, the owner’s confidential information, such as bank account details, passwords and credit card details, will be at risk.

Therefore, prior to downloading the PeduliLindungi app, Alfons suggested users activate the automatic update option on their smartphone, which will allow their apps to be immediately updated whenever there's an internet connection via mobile network or WiFi.

“Perhaps PeduliLindungi can check whether their users’ Bluetooth has been updated or not and warn them about it,” he said, adding that the app should also give added value to its users by providing more information, including about the spread of the coronavirus.

Kominfo recently announced that PeduliLindungi was “highly secured from phishing and malware” as it used a layered security system and had been reviewed by both Apple's App Store and Google Play store.

Phishing is a cybercrime through which someone’s private information can be obtained; usually via e-mail.

Communications and Information Minister Johnny G. Plate also stated on Saturday that all of the users’ data would be deleted once the pandemic ended. (kes)

Your premium period will expire in 0 day(s)

close x
Subscribe to get unlimited access Get 50% off now