Is it safe to install the COVIDSafe app
Will the Government’s coronavirus app COVIDSafe keep your data secure?
The Australian government have now released the COVIDSafe app, and Australians are being encouraged to download and use it to help with the fight against the spread of COVID-19, but is it safe, or will it compromise our privacy ? As a company who’s service provides security for your data, we wanted to give you our take on this, and also provide some myth busting so that you can make an informed decision.
What’s the purpose of this app ?
The purpose of this app is to enable the health services to rapidly contact people who have been exposed to Covid-19 so that they can be tested.
Do I have to install it ?
No, but for it to be effective, the more people who use it, the better.
Does the app track my location ?
No. The app doesn’t use GPS at all.
What data does it store ?
When you sign up for the app, you will enter your name (it can be a pseudonym), age range, postcode and phone number.
This creates an encrypted code, which is then shared over Bluetooth with other COVIDSafe apps you come into close contact with.
These IDs are encrypted and stored on the app for 21 days before being deleted.
The app will also make a record of the date and time that digital “handshake” occurred, its duration and the proximity of contacts.
“My personal view is that the data that is being captured is suitably anonymised, suitably protected and access to it is reasonably restricted,” said Paul Haskell-Dowland, associate dean for Computing and Security at Edith Cowan University.
In the Bluetooth messages that are sent to other phones, COVIDSafe also shares the phone’s make and model, which is not encrypted. Is this a big deal ? We don’t think so.
Who can see my data if I’m diagnosed with COVID-19?
If you’re diagnosed with COVID-19, state or territory health officials may ask you to upload 21 days’ worth of the anonymised IDs your app has stored for contact tracing to a central server. The data is then used to contact anyone who you may have been in contact with to tell them to get tested and isolate. Your name is not shared with them.
The federal government, agencies & police do not have access to this data
The biosecurity act has been amended to include specific clauses on who can and can’t have access to this data. This will be further formalised in the forthcoming biosecurity bill and legislation.
When will the app be switched off?
The Government says users will be prompted to delete the app from their phone “at the end of the Australian pandemic”.
You can delete the app from your phone at any time, and it shouldn’t leave any trace (note, the source code has not been released yet, so this is still to be confirmed)
If you’ve had data uploaded from the app to the central server, you can also request that be deleted here.
Will my data be kept in Australia?
The forthcoming Biosecurity Act prohibits transferring data to any country other than Australia.
Will it drain my battery
From what we’ve seen, it appears to be very efficient in terms of power usage (particularly compared to other popular apps like Facebook & Whatsapp). For the app to work, you will need to leave it running in the background, and ensure that bluetooth is enabled. It appears to continue working in power saver mode.
Will it work with Vanished VPN ?
Yes. We highly recommend that you use Vanished VPN on your mobile devices, particularly if you are using public wifi. If you are required to upload data from the app, you should ensure that you are connected to our VPN so that the transfer is encrypted.
In our opinion there is nothing to be concerned about in terms of your privacy with the COVIDSafe app. If you use Facebook or any Google services, you are already voluntarily handing over all sorts of personal data on everything from your location to your browsing history, and this is much more of a concern. Facebook recently updated their mobile app, and by default, it now harvests data from other apps on your device (more on this in a forthcoming blog post). This is much more of a concern.
We would like to see the source code for the COVIDSafe app made public so that it can be fully analysed, but in the meantime the legislation governing the data security should give you confidence that your data will be safe.
Our recommendation is to download and use the COVIDSafe app, and help the fight against COVID-19 in Australia.
Stay safe & well.