Community transmission is the thing that could set COVID-19 free in our country so to get the disease under control we need to prevent as much community transmission as possible. To do that the Australian Government yesterday released a tracking app called COVIDSafe. Two of the questions on everyone’s mind is “Is it safe?” and “Can we trust the government to keep our data safe?”, along with many more of course.

The questions are good questions and need to be asked, given our government’s penchant for sharing our data and using it for things other than it was intended for. After the app was released yesterday a couple of developers we follow on the socials decided to break it down.

First up we had @xssfox who tackled it from a security standpoint. He first noted that the UAT environment end point being leaked:

No location tracking is used, just Bluetooth and it switches between client (scanning) and server modes. This does not mean that they cannot roll out an update with more invasive tracking since location permissions are already granted — but you can be sure the security peeps will be all over this should the government try and pull a swift like that.

@xssfox was easily able to find the COVIDSafe Administration console which is a worry that it was that easy. In the end though @xssfox was generally fine with the app but was concerned a bit over the device-id being sent to API which could give you the same “temp” ID over and over again which might allow better tracking but be less secure.

Another Twitter developer, Matthew Robbins also decided to delve into the app from an app developers standpoint. He found that “COVIDSafe only picks up and records other phones that have given their permission to broadcast.” His final conclusion was that the app is “above board, very transparent and follows industry standard.”

Interestingly the iOS version apparently requires the user to leave the app open and the screen — not good if you want a large proportion of the population to use it.

While the app may have a few things that some may not like it seem to be generally well written and also secure. That may surprise some but you can be sure the Government made sure they go this right — get it wrong and they would most likely not get a second chance.

COVIDSafe appears to be safe at this stage to use it and we encourage people to install it to help keep themselves and others safe.

COVIDSafe
COVIDSafe
10 Comments
newest
oldest
Inline Feedbacks
View all comments
Mi

It doesn’t eat my battery maybe you have too much data on your phone that’s eating your battery

Vince

The app is meant to alert us if there is anyone with the virus that we came in close contact in the past 2 weeks.
If it only uses bluetooth, how will it know the location that I had been?

frank

It uses the inbuilt GPS signal along with the Bluetooth ID of the other party and stores it locally, on device for 3 (yes 3) weeks and if you do not encounter one who has been in contact with a COVID-19 person or has been to an area when the COVID-19 infection is quite high, it will delete the data on device, so no uploading, if you have been “compromised” then they will receive the data but anonymised data except for your contact, so they can advise you what to do.

Scooby

I don’t understand why all these clowns keep prattling on about how it is not compulsory? How could it ever be compulsory, unless they were going to Make it compulsory to own a mobile phone. Make it compulsory to carry your mobile phone everywhere with you. Make it compulsory to have your mobile phone always turned on. etc, etc. I mean they keep going on about it not being compulsory, mandatory etc like they are doing you a great favor, they couldn’t make it compulsory if they tried, bunch of idiots. I’ll never be installing it, just look at all… Read more »

M i

It’s not you it’s all of your family don’t you want them to be safe

Kev

I just heard on Channel 7 a comment that the app will alert someone when you are 20k from home. I am no techy so can you please advise if this could be included under the covers?

Geoffrey Huntley
Philip Clark

Re the iOS issues, according to this Guardian article the govt will be implementing the Apple/Android framework in the coming weeks which will allow the app to run in the background on iPhones: https://www.theguardian.com/australia-news/2020/apr/27/covid-safe-app-australian-government-covidsafe-tracing-download-install-ios-app-store-google-play-android-australia-coronavirus-tracking

They probably should have done that before they released it in the first place.

frank

GOOGLE and APPLE are working on operating system level services to allow this to happen, they are about 1-2 weeks from releasing an OS upgrade so that can happen.

Oliver Ward

I work in healthcare dealing almost daily with potential carriers, but I also work with the long term & terminally ill – it’s for this last point I decided to install the app as I have a responsibility to not pass it on to people who literally could die. I wouldn’t touch it otherwise given our Gov’s track record in technology & security breaches. I’ve only had it installed for a few hours but already I suspect it’s a battery pig.