Perry said he and his team hope to expand on the services offered by the app.
“We can add any office that’s prominent and frequently used by our students to make those resources available,” Perry said. “I’m sure within the next week, we’re going to have different icons listed for general orders, a lost and found database. We’re gonna link students and employees to important data through the North Carolina State Bureau of Investigation and traffic stop data. We’re gonna create a registry where students can engrave and keep up with their personal property.”
Perry said the app would serve as an additional resource for students and would not replace physical blue lights around campus or Alert Carolina.
At other universities
At the University of Florida, the GatorSAFE app — also developed on the AppArmor platform — was released in 2016. It offers similar features, such as the Mobile BlueLight system.
Enasha Shah, a student at UF, said in a message to The Daily Tar Heel that she finds the app’s personalized safety features the most useful and appreciates the extra security it offers to students.
“As a college student, I’ve had my fair shares of staying at the library too late or waiting for an Uber after a night out,” she said. “At times like these, I always felt a little uneasy — especially if I was alone and it was dark. Knowing now that there’s an application available for students that allows them to look after their friends is super comforting and I hope people put it to good use, because I am very confident that it could save lives and prevent traumatic experiences.”
“It’s a toolkit, right in the palm of your hand. With the Carolina Ready app, you have access to resources and can make your own connections, or find data, or watch videos on how to secure your bike or how to stay safe.”
UNC Police Chief David Perry
However, for some UNC community members, the security of the app and student information raises red flags.
Preeyanka Rao, undergraduate student body vice president, voiced her concerns at the July 30 meeting of the Commission on Campus Equality and Student Equity.
To get the day's news and headlines in your inbox each morning, sign up for our email newsletters.
She said her friends had run an audit of the app, revealing security issues that could potentially leave users open to hackers.
The DTH performed a static analysis on the Android version of the Carolina Ready Safety App using Mobile Security Framework, an open-source security analysis framework. The Carolina Ready Safety App received an overall security score of 10 out of 100, with an average common vulnerability scoring system score of 6.1, putting it at medium vulnerability. CVSS measures the software vulnerabilities of applications.
One of the major issues that MobSF identified was that the app enables cleartext network traffic, which means that data may be transmitted in a cleartext format. Cleartext means that the data travels unencrypted. Thus, adversaries can intercept or alter the data.
Regarding potential security vulnerabilities, Perry said AppArmor is a "secure platform. It’s a reliable company that has a very strong reputation.”
He also emphasized that, to his knowledge, no safety breaches or violations of student or employee data have been reported on AppArmor apps.
UNC ITS also stated that AppArmor runs Qualys scans on the app — Qualys is an information security software company — and that Apple and Google required the app to undergo security testing before making it available in their respective app stores.
Some students also worry about user privacy. UNC Police has faced criticism in the past for its use of geo-fencing to monitor the social media posts of Silent Sam protesters for specific words and phrases.
But UNC Police will not have access to user location data except in specific cases, Perry said, such as when the user explicitly provides the data to UNC Police in the case of Friend Walk or WorkAlone.
“You're going to provide us that access so we can check on you, and have your GPS location during that time frame only,” Perry said. “Aside from that, we can't reverse call you, we can't look you up. There's no way for us to use our data and we would not want to retain it.”
UNC ITS stated that the University can see the locations where Friend Walk is being used, but not any associated user information.
Perry emphasized that in any other situation, UNC Police would have to obtain a subpoena to access student location records. UNC ITS stated that student data is hosted on AppArmor servers, not within UNC's systems.
Overall, Perry said, he hopes this app will prove useful for the UNC community.
“It’s a toolkit, right in the palm of your hand,” he said. “With the Carolina Ready app, you have access to resources and can make your own connections, or find data, or watch videos on how to secure your bike or how to stay safe.”
@seaynthia
university@dailytarheel.com