As a way to help track the spread of COVID19 throughout Australia, the Australian government has rushed to market an app called COVIDSafe. Having data on COVID19 infections is a good thing, knowing when you have been in high risk of a being infected by a contagious person will enable government to identify outbreaks quickly and is a key step towards relaxing lockdown restrictions. The cause for this app is good! However there is rightly a lot of concern about two areas in particular - privacy and effectiveness.
As a former and still occasional iOS developer, I've been able to pull out the iPhone App's contents and see what's there. My long time friend Charles Gutjahr has done some detailed logging of the app including bluetooth activity while the phone is in various states. On the Android side, Matthew Robbins on Twitter has decompiled the Java code with great success. As such, despite the government not open-sourcing the app, it is very clear what the app is and isn't doing. We don't have to trust the government (because I sure as hell don't) - the notes below have been confirmed and are facts.
The app uses bluetooth signals to detect other phones (like AirDrop does when sharing photos to a person standing next to you). The strength of the signal can allow a guess of how close you are to that person.
Its for this scenerio:
- you and I hang out.
- a week later I get a positive COVID19 test.
- I mark myself as positive in the app and upload my contact data.
- you immediately get notified that you should be tested.
This allows outbreaks to be detected quickly, which is necessary knowledge for allowing the rest of economy to stay open.
There are various privacy concerns going on about this app:
"I don't want COVIDSafe tracking me"
The app does not access your location, it does not know your GPS co-ordinates and doesn't send them anywhere. While ANY app and website that talks to a server, can guess your general location (ie Melbourne, Sydney) by your Internet Address, this is often not very accurate. If you're concnerned about this, stay off the internet completely!
"I don't want the Govenrment to have a record of everyone I'm in contact with"
The app does not send your contact data anywhere without your express consent. If you have been given a positive COVID19 result, you can mark yourself as such in the app, at which time you are asked to share the recent records of phone IDs that you have been in high risk contact with. Only then (after confirming with an additional SMS code) this data is uploaded anywhere. Data is also deleted from your phone as promised after 21 days.
"I heard the encryption keys are on the same server as the data!"
While the server encryption keys are stored within AWS's Key Management Service (KMS), and the data is stored within an AWS database, this does not mean they are in the "same server". This argument has a clear lack of understanding about how AWS's KMS work... non the less if you're worried about access to data, read on.
"Its hosted in AWS, a US Company! I don't want the US Government to get my data"
The data itself is stored in AWS's Sydney region, thus within Australia itself. However the concern here is that because data is stored by AWS (which is A US Company), the US Government could access it is of no concern to me at all. Given the amount of data (location data, likes, dislikes, photos etc) other US companies have on us - if the US Government want to get much more useful information on us, they have plenty of easier ways. If you're a person of interest to them, you're most likely already being tracked. The fact that you were within close contact with a COVID19 infected person inside Australia at some point isn't going to be a big deal for them.
"What data is there anyway?"
The only data that is sent is:
- Your phone number (this has to be real, due to SMS verification)
- The name you give the app
- The postcode you give the app
- The age range you give the app
There are NO third party analytics in the app (Facebook, Google, etc). No tracking pixels, no neferious info. Again, you most likely give way more information to private companies (US, Russia, China based companies!) where your data is at way more risk of exploitation by nefarious companies and governments.
The Android app will effectively work in the background and while the phone is locked. You will see a persistant notification on the home screen that the app is running - this notification can be treated as evidence that Android is keeping the app running (this notification is forced by all versions of Android in the last few years when apps keep themselves running in the background). It will eat your phone's battery a littler quicker than usual, but it will work as advertised.
HOWEVER, the iPhone app will only work when the screen is on and the app is in the foreground. This will eat your phone's battery MUCH faster than normal - because the screen (along with network calls) is one of the most battery hungry things on a phone. Nobody will put their phone in their pocket while out and about with an app running and the screen still on. For the iPhone app to work, you will need to remember to open the app everywhere you go and can put your phone down on a surface where you won't accidentally touch anything. If you receive a phone call, the app will stop working. It in no way is suitable for the task its meant to perform in the way everybody uses their iPhones.
The most frustrating thing about this, is that Apple and Google have been working together to make a unified Exposure Contact Tracing framework for both iPhones and Android phone. This framework is due out VERY SOON (days!) and if adopted by this app, will allow COVIDSafe to function very effectively and securely in the background with minimal battery impact - IF the Government adopt the framework, which they had said they will consider:
"The Government will work with Google and Apple to investigate whether the new functionality announced by Google and Apple partnership is beneficial for the app performance," Mr Robert's spokesperson said."
I think the app is fine, there is no privacy or security risk that overweighs the potential benefit the app can provide. The Android app will work as intended, but the iPhone app will only work reliably when it is showing on screen, rendering it all but useless; because people do not use their phones that way and they shouldn't be expected to.
What I don't want to happen is for the Liberal party to get kudos for rushing this app to market. getting millions of downloads and using it as political ammunition for how good they are. As it stands it is absolutely not fit for purpose for iPhones, and over 50% of Australian's use iPhones. Hopefully they quickly adopt Apple and Google's exposure detection framework, at which time I will sing the app's praises loudly and widely encourage its use.