Privacy and Security Analysis of the IATA Travel Pass Android App

Lin, Pellaeon

Privacy and Security Analysis of the IATA Travel Pass Android App

Files

Report#154--IATA-analysis.pdf (1.76 MB)

Date

2022-04-13

Authors

Lin, Pellaeon

Abstract

The IATA Travel Pass (ITP), a global, opt-in app to receive, store, and share digital COVID-19 test certificates for flights, has a critical flaw in its registration process which allows an attacker to impersonate another user, needing only to know the user’s passport details but not possess the passport itself.

Keywords

IATA Travel Pass, COVID-19, travel, security vulnerability

Citation

Pellaeon Lin. “Privacy and Security Analysis of the IATA Travel Pass Android App,” Citizen Lab Report No. 154, University of Toronto, April 2022.

URI

http://hdl.handle.net/1807/123969

Creative Commons

Attribution-ShareAlike 4.0 International

Creative Commons URI

http://creativecommons.org/licenses/by-sa/4.0/

Collections

Citizen Lab

Full item page

Privacy and Security Analysis of the IATA Travel Pass Android App

Files

Date

Authors

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

Description

Keywords

Citation

URI

DOI

ISSN

Creative Commons

Creative Commons URI

Collections