Published on the 30/04/2020 | Written by Jonathan Cotton
Health authorities say they are expecting about half the population to download the new app…
Despite fears that privacy concerns would discourage Australians from signing up, Australia’s new Covid-19 contact tracing app has exceeded adoption expectations, with two and half million downloads since its launch on Sunday.
Based on Singapore’s TraceTogether app, Australia’s new CovidSafe app recognises other devices with the CovidSafe app installed and Bluetooth enabled. Users download the app and enter their name (or pseudonym, if desired), phone number, age range and postcode. When the app recognises another user, it notes the date, time, distance and duration of the contact and the other user’s reference code.
If contact with an infected person occurs, users of the app will receive a call from a public health official urging them to get tested. When a person tests positive they will be asked to upload that data, so the relevant state and territory health official can notify a person who was a close contact so they can take the necessary medical actions.
“I think Australians are very sophisticated users of technology, they understand apps.”
“Unless and until a person is diagnosed with Covid-19, no contact information collected in the app is disclosed or able to be accessed,” says Stuart Robert, Minister for Government Services.
“Then, once the person agrees and uploads the data, only the relevant state or territory public health officials will have access to information. The only information they are allowed to access is that of close contacts – when a person has come within approximately 1.5 metres of another app user for 15 minutes or more – in their jurisdiction,” Robert says.
Users’ phones do not need to be unlocked for the app to work, although for iPhone users, the app must be fully open for Bluetooth functionality to work, a situation the government plans to fix ‘in a few weeks’. There is no log off function, and the only way to stop the app once installed is to uninstall it or turn off Bluetooth.
With a million downloads in a matter of hours after launch and now more than 2.5 million downloads since Sunday, it’s fair to say the adoption has exceeded expectations.
“We had, in our quiet hopes, thought that we might get to a million within five days,” says health minister Greg Hunt. “We were lucky enough to get there within five hours.
“I think Australians are very sophisticated users of technology, they understand apps, I think they understand that this has probably the most secure protections for information ever put in place by an Australian Government.”
But while Hunt and Australia’s medical community are delighted, Australia’s digital rights organisations still have their reservations. And after all, the Australian Government doesn’t have a great reputation for data management – see the Census debacle, robodebt, MyGov et al.
“Ideally, the Morrison Government would be looking at models that don’t threaten Australians’ freedom to go through life free from Government surveillance,” said the Centre for Responsible Technology earlier this week.
“The Government should have adopted a decentralised model for an app that keeps our information on our phones at all times.”
Lizzie O’Shea, chair of Digital Rights Watch, is also concerned, and says that more cooperation with digital rights groups is crucial: “The history of government take-up of technology is one of over-reach and secrecy,” she says. “The government needs to recognise that the only way of this app succeeding is to work with those organisations that care deeply about the rights of citizens.”
The CovidSafe app keeps contact information for 21 days, says the Government, covering the maximum incubation period for the virus and the time it takes for someone to be tested for Covid-19. A new determination from the Minister for Health under the Biosecurity Act will ensure information provided voluntarily through the app will only be accessible for use by authorised state and territory health officials. Any other access or use will be a criminal offence.
“All information collected by the app is securely encrypted and stored in the app on the user’s phone. No one, not even the user, can access it,” says Hunt. “Once the coronavirus pandemic is over, and Australia no longer needs the app, the app and the information on it will be deleted permanently.
“No virus, no app.”
A Privacy Impact Assessment has been produced – as has a response document – making several recommendations, including public release of the source code, something that hasn’t yet happened.
Mahmoud Elkhodr, Lecturer in Information and Communication Technologies, CQ University, says that, upon preliminary testing of the app, ‘it seems the federal government has delivered on its promises surrounding data security’.
“Tests run for one hour showed the app didn’t transmit data to any external or remote server, and the only external communication made was a ‘handshake’ to a remote server,” says Elkhodr. “This is simply a way of establishing a secure communication.
“Making the app’s source code publicly available, or making it ‘open source’, would allow experts to examine the code to evaluate security risks (and potentially help fix them). For example, experts could determine whether the app collects any personal user information without user consent. This would ensure CovidSafe’s transparency and enable auditing of the app.
“Releasing the source code isn’t only important for transparency, but also for understanding the app’s functionality.”
TheCovidsafe app is available now in app stores.