Recently, I deployed misinformation about the new Coronavirus Contact Confirmation App (COCOA) and (I clarified the error in the original article).
Here's what I've found out after (which I believe to be correct)
(1) The source code seems to be here.
(2) Licensed under the Mozilla Public License Version 2.0
(3) Is it developed in C#?
I was quite surprised to see that they are developing a smartphone app in the "C" language system. Of course, for me, C is a welcome addition.
The server system... is notreally. COCOA is a native smartphone app, to begin with.
(4) It's unlikely to register as a malicious (prank) infected person.
If you don't put in the ID number given by the health department, you will not be registered as an infected person.
Even if you put in a bullshit number, it will say "registered", but it won't actually register.
(5) After 14 days, the information on the infected person's registration will disappear.
After 14 days, you will no longer be treated as an infected person. It is a reality.
(6) Infection information is not tied to the solid number of the device (smartphone).
The app hack will not be able to identify the infected people.
I might be able to hack the Public Address (like Ethernet MAC address), however, I think that it's impossible to find a model and get to a personal identification.
How impossible can it be? It requires a lot of annoying works, like, asking each person on your side of the line, and saying "Excuse me, can I borrow your phone?" and work on the analysis with the radio analyzer.
Even if you were to force it, I don't think it would be possible to read a fixed Public Address, because it would normally use the Random Address that your phone automatically generates.
It's not "full security," but "no worth to hack it"
(To be continued)