With data privacy being of major concern following the Facebook and Cambridge Analytica Data Scandal, the Australian Government’s release of COVIDSafe has raised eyebrows.
In light of the Coronavirus pandemic, COVIDSafe was released on Sunday evening (26 April 2020), and in less than 48 hours has seen over 2 million downloads. But business leaders in particular have growing concerns around the implications of data the app is collecting and storing on behalf of its users.
This is ultimately a government app that is used for tracking purposes, so I appreciate the concern. However, what is the app capable of tracking?
How I’ve Analysed COVIDSafe
In short, the app developers don’t seem to be hiding anything nasty that they don’t want us to find, as the code is very legible.
Unfortunately the same level of analysis is not possible for the iOS app (from the Apple App Store). However, this is simply because Apple is far more protective of their apps and devices to protect data and intellectual property. Therefore, by only having access to the Android app code, I am making the assumption in the below blog post that the Android and iOS versions of the COVIDSafe app use the same approach in how they treat data.
How Does COVIDSafe Work?
COVIDSafe works by tracking those you come in close contact by using bluetooth technology. It uses mobile device’s bluetooth signal to “ping” other devices in your vicinity. Therefore, people need to be fairly close to you.
Bluetooth technology does not produce a strong radio signal, so this won’t find people you don’t come into some degree of contact with. It’s a technology strong enough to align with someone you pass in a store, but not strong enough to propagate through a wall. In other words, according to medical professionals, you need to be close enough such that the virus has a chance of spreading between you.
When your mobile phone and that of someone else with the COVIDSafe app come in contact with each other, they share an encrypted identifier containing no personally identifiable information. The identifier cannot be aligned with your personal information, except by the Australian Government.
If you or someone you’ve come in contact with contract Coronavirus, health professionals will ask you to share your COVIDSafe data with them (this is done within the app, and needs to be manually triggered by you). Those health professionals will receive the identifiers of all people you’ve come in contact with, and use this to contact potentially vulnerable individuals based on those you’ve crossed paths with.
The Australian Government uses the information you registered with when you downloaded the app to determine who the identifier belongs to.
This helps you to become aware of your contact with an infected individual, such that you can take necessary precautions thereafter.
Does COVIDSafe Track Location Data?
When people hear tracking, they think about location data and the privacy of it. After all, if the app tracks location data, it is able to keep a record of your movements which would feel very invasive. In short, it’s not particularly appealing.
- We are never asked by the device if we want to allow the app to use our location. Before any device will permit the location data to be used by the mobile app, it first needs to be approved by us. The device doesn’t provide this data to the app without our approval, and it never asks for this approval.
- There is no reference to your location in the app’s code, and therefore it can never be sent to the Australian Government. In other words, the COVIDSafe app has no idea what your location is, nor is it ever referred to in the app’s code.
Therefore, you should have no concern about your location data being captured by the Australian Government.
What Data is COVIDSafe Tracking?
When we think of the data COVIDSafe is tracking, it is best to break this down into the information stored on your device, and that stored by the Australian Government in their servers.
Data Stored On The Device
Each device stores your information entered on registration, as well as the encrypted identifier of each device it has come in contact with. It doesn’t store any information about the people you’ve been in contact with, only the encrypted identifiers of those individuals.
Data Stored By The Australian Government
The Australian Government stores the data you enter on registration (name, age range, mobile phone number) and a device identifier. This identifier is used to find your details if they need to contact you about a potential exposure to the virus.
Therefore, in my opinion there is no major concern with the type of data being stored.
Who Can Access COVIDSafe Data?
This app has been developed to fight COVID-19. As business leaders, it is our responsibility to encourage positive behaviour amongst our peers that helps us to bounce back from the world’s current state. Using the COVIDSafe app is incredibly helpful to the Australian public in reducing the spread of COVID-19. I strongly encourage you to join those who have downloaded the app and registered if you haven’t already. By not downloading this app, you are encouraging the spread of this virus by not helping.