It seems Australians are not that paranoid about technological security. The government’s COVID-19 tracing app COVIDSafe, sharply opposed by some, was downloaded by more than a million people within five hours on Sunday evening.
Health minister Greg Hunt is spruiking COVIDSafe as possessing the “strongest data protection both physically and in law that Australia has ever had”. He’d hoped for one million users after five days.
Last week, experts such as law professor Graham Greenleaf from the University of New South Wales, sought “legal guarantees” to safeguard the rights of citizens using the software. Deputy speaker Llew O’Brien said the app was too “Big-Brotherish” for him and there was a “snowflake’s chance in hell” he would use it. The Law Council of Australia urged the government to institute “core design principles” in the app to safeguard privacy.
COVIDSafe is downloaded to a mobile phone. It uses bluetooth short-range wireless communication technology to anonymously record users who are within 1.5 metres of each other for about 15 minutes.
It aims to identify those exposed to COVID-19 once someone is diagnosed. Increased contact tracing, alongside widespread COVID-19 testing, will help allow an earlier easing of social distancing restrictions.
Users provide their name, phone number, their age range and postcode.
This allows public health officials to contact you if you have been exposed to the virus, Mr Hunt said.
Digital rights advocates have been demanding the release of the app’s source code.
Mr Hunt says that is coming within two weeks.
“The reason for that is that there’s a constant review of the safety and security,” he said.
“Our first task is to make sure the security assessment is done and that there is absolute protection of privacy above all else.
“The data has to be in Australia, has to stay in Australia. There’s a five-year jail term for anyone who breaches that security.”
The government says the app does not collect location data, that an infected person must consent to having their information shared and only health authorities would have access to the data.
Melbourne law firm Maddocks completed a 78-page Privacy Impact Assessment (PIA) of the app. “We are satisfied that Australian government has considered the range of privacy risks associated with the app and has already taken steps to mitigate some of these risks,” Maddocks wrote.
The Australian Financial Review’s government editor, Tom Burton, reported the “gold standard” security measures being enacted. “The COVIDSafe app cannot be used to enforce quarantine or isolation restrictions, or any other laws. This will mean it will be unlawful for anyone to force the use of the app, for example for gaining entry to venues or work.
“Also prohibited is the handing over of any data to anyone other than state health agencies, including to any overseas entity or person.”
Stephen Fenech from techguide.com.au said the app “lived up to its promise of privacy and security”.
He quoted Matthew Robbins, a developer for MFractor, which downloaded and “decompiled” the app: “From what I can see, everything in the #covidsafe app is above board, very transparent and follows industry standard”.
Mr Robbins confirmed the data collected by the app is encrypted in a secure section of mobile phones and is not accessible by other apps; the app broadcasts a Bluetooth address, not a device name, and data is automatically deleted every 21 days.
Mr Fenech did find technological issues in the early hours of the app’s operation.
“The COVIDSafe app will only work with Android 6 and later.
“Android 6 was released in 2015, so if you if you are using a five-year old Android phone you might not be able to run the app.
“Another issue could arise from battery-saving features on various smartphones which may flag the COVIDSafe because it needs to be running constantly in the background to work.”
Apple and Google have announced new privacy tweaks to opt in contact tracing technology they are developing. Earlier this month they announced their decentralised contact tracing apps would be ‘anonymised’, and the service would be disabled once the virus has been contained. A US Senator, Josh Hawley of Missouri, pushed for the companies’ CEOs to be personally liable for data collected as part of the project. Germany is reportedly tweaking its app to use the decentralised system.
COVIDSafe app: how it works
- COVIDSafe is an app for your mobile phone. Download it from the Apple App Store (iPhone) or the Google Play Store (Android). Search for COVIDSafe. If you don’t have an iPhone, your phone is most likely an Android.
- Once the application is loaded, it will ask for consent to collect your details and to collect contact information gathered from other COVIDSafe app users.
- You then supply your full name, mobile phone number, age and postcode. Once your number is submitted, you are sent a code by SMS to verify your registration.
- The app needs to be running all the time on your phone. Keep notifications on so it keeps working in the background.
- The app uses the Bluetooth on your smartphone to scan and detect anyone who is also running the app within 1.5 metres for 15 minutes.
- If you need to be contacted after testing positive or being in contact with someone who tests positive, you will be asked to complete a two-factor authentication. You will then be asked to consent to upload the data in the app.
- The app is voluntary, not mandatory. The purpose of the app is “To identify people who may have come into contact with someone who has COVID-19 so that they can be advised to take measures to help stop the spread of the disease or get tested”.
- No location data will be collected at any time.
- Contact data stored on a device will be deleted after 21 days.
- All data stored will be deleted once the pandemic has concluded.
- A battery saving feature of some smartphones may flag the COVID Safe app because it is constantly running in the background.
Have you downloaded COVIDSafe? Will you? If not, why not?
If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.