Within 48h after its release on Sunday night almost two million Australians installed contact-tracing app COVIDSafe on their phone. Downloading the app is voluntarily, but an uptake of 40% of the population – about 10 million people – is needed for the app to be successful. In the meantime, technology experts are checking out the app to see if the government has delivered on its promises regarding security and privacy.
Every country has its own method of fighting the coronavirus. Technology and in particular contact-tracing apps often play an important role in this. At the moment, there are two types of apps out there: contact tracing apps and communication apps.
The general idea is to notify users when they have been in contact with someone who has been infected with the coronavirus. However, in some countries, the app is used to monitor people’s movements in various ways.
It is therefore no wonder that privacy organizations are voicing concerns about any form of government-led collection of data. Yet again, transparency is key.
Australia may not have the highest number of infections. Nonetheless, fighting the coronavirus has been taken very seriously. To do this successfully, Australia has taken a slightly different approach than some other countries, announcing national guidelines, but leaving the federal states to play their own important role.
With new infections across Australia now in the single digits, restrictions are slowly and carefully being lifted. In an effort to monitor this better, the government has launched a national app, named COVIDSafe. The app is said to be an important tool to “Keep you and your family safe, stop the spread and save lives”.
Downloading the app is voluntary, but the Government has previously said that 40% of Australians need to take up the app for it to be a success. Within 5 hours the app was downloaded 1 million times. A day later that number had doubled.
Source Code to be Released
COVIDSafe is based on TraceTogether, an app used in Singapore to identify and record corona infections. The main difference, however, is that the data is not stored on a server but on the user’s phone. The only information shared beforehand is the user’s name, their phone number, zip code, and age bracket.
The Australian government said the COVIDSafe source code would be released within two weeks, subject to consultation with the Australian Cyber Security Center. In the meantime, technology experts are checking out the app. Overall, it seems that COVIDSafe is a promising start to the national effort to ease lockdown restrictions.
All data collected through the app is kept on the phone for 21 days and is not accessible by other applications. When a person deletes the app, all data will be wiped from their phone. A person will need to be within 1.5 meters of a confirmed patient for about 15 minutes for an “alarm” to be raised.
Bluetooth Still A Concern
If a person who has installed the app tests positive to COVID-19, and if they have given their consent to sharing information, the data will be sent in an encrypted format to a central server. Next, state and territory health authorities can access it and start contacting people the person has been in contact with.
As with many other contact-tracing apps, Bluetooth plays an important role in how COVIDSafe works. The Bluetooth signal constantly checks whether there are other smartphones in the vicinity. If so, the app makes a “digital handshake”. With this, the date, time, distance and contact duration are recorded in a secure log. According to the government, a person’s location is not registered.
Most people are familiar with Bluetooth. It is widely used to connect devices such as speakers, earphones and fitness trackers or share files and is more secure than Wi-Fi. However, security researchers are warning governments and developers that contact tracing apps are unsafe if Bluetooth vulnerabilities are left unpatched.
What about Privacy?
The Office of the Australian Information Commissioner (OAIC), the Australian privacy regulator, said in a statement that COVIDSafe complies with privacy laws.
“It is positive that the Government accepted the recommendations of the assessment and that important legal safeguards are in place, including the determination under the Biosecurity Act 2015 to further protect information collected by the app. This ensures that the app must be voluntary, and that personal information collected can only be used for purposes related to contact tracing. It also puts important deletion and time limitations in place.”
Even now that the app has been launched, the OAIC will keep a close eye on the implementation. “My office will watch the implementation of the contact tracing app closely. We can audit the system and investigate complaints from the public about privacy issues. We will also closely review the legislation that is intended to be introduced and monitor the implementation of the Privacy Impact Assessment recommendations.”
Curious to know how governments in other countries use apps to fight corona? In our blog we will keep you informed of the latest developments.