Thoughts and Analysis on COVIDSafe

As a way to help track the spread of COVID19 throughout Australia, the Australian government has rushed to market an app called COVIDSafe. Having data on COVID19 infections is a good thing, knowing when you have been in high risk of a being infected by a contagious person will enable government to identify outbreaks quickly and is a key step towards relaxing lockdown restrictions. The cause for this app is good! However there is rightly a lot of concern about two areas in particular - privacy and effectiveness.

As a former and still occasional iOS developer, I've been able to pull out the iPhone App's contents and see what's there. My long time friend Charles Gutjahr has done some detailed logging of the app including bluetooth activity while the phone is in various states. On the Android side, Matthew Robbins on Twitter has decompiled the Java code with great success. As such, despite the government not open-sourcing the app, it is very clear what the app is and isn't doing. We don't have to trust the government (because I sure as hell don't) - the notes below have been confirmed and are facts.

What? How?

The app uses bluetooth signals to detect other phones (like AirDrop does when sharing photos to a person standing next to you). The strength of the signal can allow a guess of how close you are to that person.

Its for this scenerio:

  • you and I hang out.
  • a week later I get a positive COVID19 test.
  • I mark myself as positive in the app and upload my contact data.
  • you immediately get notified that you should be tested.

This allows outbreaks to be detected quickly, which is necessary knowledge for allowing the rest of economy to stay open.

Privacy Concerns

There are various privacy concerns going on about this app:

"I don't want COVIDSafe tracking me"

The app does not access your location, it does not know your GPS co-ordinates and doesn't send them anywhere. While ANY app and website that talks to a server, can guess your general location (ie Melbourne, Sydney) by your Internet Address, this is often not very accurate. If you're concnerned about this, stay off the internet completely!

"I don't want the Govenrment to have a record of everyone I'm in contact with"

The app does not send your contact data anywhere without your express consent. If you have been given …

Read More