Thread looking at the app starting now https://twitter.com/Q3w3e3/status/1293650546260353024
Let's start with the manifest... that should give a decent overview.
Nothing unexpected...
bluetooth "admin" just means the app can discover and pair devices... but NOT without user interaction (that would be "android.permission.BLUETOOTH_PRIVILEGED" and that cannot be done by third party apps.
before i go further... this is going here for safekeeping:
endpoint: ' https://sns.us-west-2.amazonaws.com ',
accessKeyId: '[REMOVED FOR REASONS]',
secretAccessKey: '[REMOVED FOR REASONS]',
region: 'us-west-2'
When i say reasons @albioncollege and @albioncollegeit I mean that these keys in the app exposes..... New Case info... testing info... and medical insurance info...

please... PLEASE consider not using this app..
"The application will rapidly deliver results from our lab partners while maintaining HIPAA compliance."

I'm not convinced
like with those keys... someone can own *everything* that belongs to this app...

even the EC2 instances it runs on...

THIS IS NOT SAFE
do i even have to dig further @albioncollege

or will you revoke your stance on the use of this app?
There is likely PII accessible with this shit....
how do i report a hipaa violation?
You can follow @Q3w3e3.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more