The government has just dropped the COVIDSafe app, designed to track everyone you’ve come into contact with in order to minimise the spread of the coronavirus.
Users will be able to sign up form 6 PM on Sunday night, but heaps of people are still wondering how the app will work and how secure the collected data will be.
Here’s everything you need to know about COVIDSafe and how it works.
How does COVIDSafe work?
The app uses Bluetooth to log everyone you’ve come within 1.5 metres of for 15 minutes or more. When you get close to another person who also has the app installed, your phones will have a ‘Bluetooth handshake’ and swap details.
If someone is diagnosed with COVID-19, health officials will ask for permission to access that user’s data. Then, everyone they have come into contact with who used the app will be notified.
In order for this to work, the app must stay open in the background, which will likely be a drain on battery life.
Is it mandatory to download COVIDSafe?
After being tight-lipped on the issue for a while, the government eventually came out to say that it is not mandatory to download the app. It’s now actually illegal for anyone to force someone to download the app.
However, Prime Minister Scott Morrison previously said around 40% of the population would need to use the app for it to be effective.
What phones is COVIDSafe available on?
What data does COVIDSafe collect?
When you sign up, the COVIDSafe app will ask for four things: your name, age group, mobile number and postcode.
When you use the app, it will log everyone else with the app who you have come into contact with. The data collected from these ‘Bluetooth handshakes’ will be the other person’s user ID (not their name), the time and date of your contact with them, and the strength of their Bluetooth signal.
Does COVIDSafe track my location?
Nope, the app does not store your location data.
Is my data safe?
All of the data collected is encrypted. Users will not be able to access their own data stored on their own phone, and the government and police won’t be able to access data stored on the app’s servers.
Anyone who illegally accesses the data can face up to five years in jail thanks to new laws introduced over the weekend.
“The safeguards that have been put in place are the strongest ever,” Health Minister Greg Hunt said at the app’s unveiling.
“Not even a court order can penetrate the law.”
If you test positive for COVID-19, your contact data will only be released to health officials if you consent to it. A unique PIN will be generated, which will have to be entered before the data is released.
On top of that, data will be wiped from your phone after 21 days, and when the pandemic’s over, the government said it will wipe everyone’s data from the servers.
Keep in mind, deleting the app will not delete your data. If you’d like your data wiped, you need to fill out an online form.
Can I use a fake name?
The app will still function normally, even if you put in a fake name. During ‘Bluetooth handshakes’, names are not shared anyway. Instead a user ID is shared without any identifying information.
Are there privacy concerns?
Yes. While nothing about the app appears to be bad, it’s what we don’t know which is concerning experts.
Because the government hasn’t published the app’s source code, it can not be independently scrutinised. Most apps designed with the utmost privacy in mind are open source, so that people can be sure there are neither deliberate backdoors, nor vulnerabilities which could be exploited by hackers.
The Human Rights Law Centre, Digital Rights Watch and the Centre for Responsible Technology have all called on the government to release the source code.
“The history of government take-up of technology is one of over-reach and secrecy,” Digital Rights Watch Chair Lizzie O’Shea said in a statement.
“The government needs to recognise that the only way of this app succeeding is to work with those organisations that care deeply about the rights of citizens.”Image: AAP / Mick Tsikas