COVID-KAYA is a platform used by frontline healthcare workers in the Philippines to collect and share data about cases with the Philippines Department of Health. Both web and Android versions of the platform contain vulnerabilities disclosing data otherwise protected by superuser credentials. We are concerned (but did not confirm) that an attacker could also leveraged this vulnerability to cause the app to reveal sensitive patient data. We first disclosed the web app vulnerability to the apps developers on August 18, 2020, and the Android. Both vulnerabilities were acknowledged by Dure Technologies within a day of our disclosure.”]