The Australian government is about to release an app to help reduce the spread of COVID. The media has had a field day over largely unfounded privacy concerns. The realities are that its an app to help track COVID – not us.
So is this COVID app worth installing? Should you worry about trust concerns?
I have put together a quick summary video of the COVID app and what we know so far.
[Updated] Things to know about the Australian Government COVID app:
- It’s not a ‘tracking app’. It is a ‘contact tracing’ app. This means that it doesn’t use GPS to know where you are or what you’re doing.
- Once installed, the app harnesses your phone’s Bluetooth signals to look for other phones in your immediate vicinity that also have the app.
- The app will determine if you and another person with the app installed are within 1.5 meters of each other for 15 minutes. Then it transmits your unique ID to the other phone (and vice versa) to make a record of the contact in case it’s ever needed.
- The unique IDs are stored in a secure area on your phone, are encrypted and can’t be viewed via the app or by looking at the files stored on your phone.
- The app will only keep contact information for the last 21 days, and will automatically delete anything later.
- If you become COVID positive, you can decide to share your contact history with medical professionals and upload it directly from the app. (You will be given a code by health professionals to make the transfer)
- This information is stored on a secure server managed by the Department of Health. The government says that this information will not be available to the police or any other government agency. Legislation for the safekeeping of this information is underway.
- Health professionals will re-link the unique IDs to names and mobile numbers and quickly contact the people you have been in contact with to limit the spread of the virus.
- The app has been downloaded over 2 million times so far.
- While the Government would like 40% or more of us to have the app it remains your choice.
You can access the Government’s COVID information here and its current info app here.
You can read GadgetGuy’s COVID ‘tech’ coverage here
Image credit: www.tracetogether.gov.sg
Can you please check the info in your article. You say “It activates if you and another person with the app installed are within 1.5 meters of each other for 15 minutes. Then it transmits your unique ID, phone number, name and postcode to the other phone. And their information to yours.” The government’s web-site says “COVIDSafe recognises other devices with the COVIDSafe app installed and Bluetooth enabled. When the app recognises another user, it notes the date, time, distance and duration of the contact and the other user’s reference code. The COVIDSafe app does not collect your location.”
You think it’s a ‘contact tracing app’. This could be a good idea, but the trust deficit with this government is effectively bottomless, and they’ve shown on many occasions that they’ll abuse their own legislation to benefit themselves.
I’m suspending judgment until I’ve seen the legislation, with the safeguards and the sunset clauses. And the source code. And a few firewall logs from an instance.
And we will take that as a comment.
Can you please check the info in your article. You say “It activates if you and another person with the app installed are within 1.5 meters of each other for 15 minutes. Then it transmits your unique ID, phone number, name and postcode to the other phone. And their information to yours.” The government’s web-site says “COVIDSafe recognises other devices with the COVIDSafe app installed and Bluetooth enabled. When the app recognises another user, it notes the date, time, distance and duration of the contact and the other user’s reference code. The COVIDSafe app does not collect your location.” It appears the only data transferred is the other user’s reference code
The article / video was actually published before the app was released, and as such, unfortunately there were a few details that had not yet been clarified.
The actual information transferred between phones is just yours and the other person’s unique ID, the time and date of the transfer, along with the Bluetooth signal strength and connection duration. The signal strength is what the phones use to determine the ‘distance’ between devices, and the app starts a timer once the signal strength is strong enough to suggest that the two people are in close proximity to each other (1.5 meters). The timer measures if they stay together for 15 min. I believe the counter will stop timing once the exposure reaches 30 minutes. Other information that is shared between devices is the phone make and model. The user ID is encrypted, however the phone’s make and model is not. User IDs are swapped for a new anonymised ID ever 2 hours provided that the app is active and able to receive it.
Lastly, the anonymised user ID links to a person’s name, age range and postcode, however, this can only be accessed once the ID has been uploaded to a medical professional, and these details are not shared, stored or available via the app or on the phones.
We have passed this to the author for comment – its above my paygrade.