Australia’s Federal Government Health Minister Greg Hunt has formally launched the much-discussed COVID-19 Coronavirus tracing app.
The app is available today for both iOS and Android devices, though the early availability of the app on Android has resulted in some negative reviews as well as some serious questions from those with privacy concerns.
Called “COVIDSAFE” the app allows an automated process of contact tracing, vital and valuable to state health authorities in their ability to notify people who might have been in contact with someone who has tested positive to Coronavirus.
Download and installation of the app is entirely voluntary, and upon installation you are asked for four pieces of information. A name, an age range, your postcode, and your phone number.
From that point, the App asks for access to your Bluetooth, and once granted it will seek out other devices running the app, and respond to other devices running the app seeking out your phone.
This occurs in close proximity – just like your Bluetooth headphones.
Every person you are near for a reasonable period, and who is running the app, will become a “contact”. The “list” of those contacts is stored on your phone.
Over the course of 21 days, every single device you come across is listed as a “contact” and stored in the “list” on your phone. After 21 days, the data is deleted completely.
Critically, that “list” on your phone, is encrypted and stored, inaccessible to anyone – including yourself.
Only if you test positive to COVID-19 is the data unlocked. Though a direct consultation with a state health official, a code would be entered into the app, which sends your data (that “list”) to a secure government server.
The only people able to access that data are the State government health officials working with you on your contact tracing.
If you never test positive, the data stored on your phone never leaves your phone.
The government and app developers have a very clear definition of a “contact” in the case of the app. Because Bluetooth on the phone via the app is used every minute, the app is able to determine if you’ve been with a contact for 15 minutes. Only if a contact is near you for 15 minutes, and is within 1.5 meters (the app can determine this by the Bluetooth signal strength), is someone listed as a “contact”.
COVIDSAFE launched in the Google Play Store earlier this afternoon, and is due to launch in the App Store for iOS devices this afternoon.
Unfortunately, the registration process which requires a mobile phone number verification step is not yet operating, so like the over 100 people who have listed a negative review in the Google Play Store, you won’t be able to get started.
EFTM understands that registration process will launch this evening, after 6pm.
Australian developers of the App, working with the Government are planning to implement the updated API procedures which both Google and Apple are working on to ensure the process is more reliable.
Right now, Apple iPhone users will need to more regularly open and access the app to keep it running at its best. As more and more apps open after the use of the COVIDSAFE app, and in particular as more of those apps use Bluetooth, the effectiveness of COVIDSAFE will reduce.
Apple and Google’s API release in the coming weeks should resolve this issue, though the conflicts between the Government approach (needing a Phone number and details for registration) and Apple and Google’s (needing no personal information) will cause some integration issues.
As Health officials, including Acting health department secretary Caroline Edwards have said, this app “Takes a very manual process fundamental to our public health response and adds to it fast and effective additional contact for only the purpose of contact tracing”
Strict new regulations and soon legislation will prevent the use of the app data by anyone other than State Health officials. Likewise, there have also been regulations put in place or being put in place to override normal “secondary uses”.
In the case of our private data – it is possible under the law for law enforcement or legal processes to request access to information or data held by third parties. These “secondary” uses as they are called are being overridden in this case, so no-one, not even a judge can rule that anyone has the right to see your data.
Critically, and for me the defining privacy protection for you and those you associate with as “Contacts” : If you NEVER test positive to COVID-19 – the data stored on your phone (that list) will NEVER be uploaded to the national data store.