Senior disinformation researcher Dr. Sanjana Hattotuwa has questioned the credibility of the Sri Lanka Police’s new app called ‘eTraffic’, launched recently, to facilitate reporting traffic offences.
Sharing his opinion, Hattotuwa points out that Sri Lanka Police failed to protect its own social media accounts, after being targets of cyber attacks recently, raising concerns over privacy and data protection.
He said amid this, the Police have launched its ‘eTraffic’ app, which isn’t available yet on the Google Play Store, contrary to what the logo featured in a notice on (x) by the Sri Lanka Police suggests.
He said instead, the app can only be downloaded as an APK from the https://srilanka-etraffic-app.vercel.app website.
Explaining further, Sanjana Hattotuwa highlighted that if not correctly managed, personal data harvested by the app, in addition to user-generated, and user-submitted data could create significant privacy vulnerabilities, and violations especially through an app designed by, and for police use.
“Significant privacy concerns around just the APK, studied in the context of surveillance present in the country, and the rights disrespecting nature of the Sri Lankan Police, centre on the app’s ability to collect sensitive data (location, images, personal files), store it (potentially unencrypted) on a device’s external storage, and transmit it through external services without any clear subscription to comprehensive encryption,” he pointed out.
Sanjana Hattotuwa further highlighted that the Sri Lankan Police’s ‘eTraffic’ app is incompatible with the Personal Data Protection Act’s (PDPA) provisions once they come into full effect in March this year.
“Because the PDPA explicitly aims to protect individual privacy and sets robust standards for lawful, transparent, and minimal data processing, any persistent, large-scale access to personal data—especially sensitive location data—could constitute a violation if not rigorously aligned with the Act’s prescriptions. The potential for additional data retention on cloud services outside Sri Lanka further heightens the likelihood of non-compliance,” he explained.
Stating that the manner of the app’s release is particularly revealing, Sanjana Hattotuwa said the APK’s availability prior to approval by Google’s Play Store suggests an interest in getting the app out to the public in ways that are not standard practice and leads to behaviours that can compromise the integrity of personal devices.
Read more : https://shorturl.at/tzTKK (Newswire)