A day after the Australian government released the COVIDSafe app to the public, the tech community is busily dissecting the inner-workings of the tracing software.
More than 1.8 million Australians have downloaded the app since it was made available on Sunday afternoon.
But with privacy concerns about the government-led collection of data, tech experts have taken up the challenge to conduct their own “audit” of the technology.
Mobile app developer Matthew Robbins, the founder of MFractor, delved into the Android version of the app using ‘open-source tools
From what I can see, everything in the #covidsafe app is above board, very transparent and follows industry standard,” he wrote on Twitter
Robbins found that data collected is kept inside the app’s internal storage, which is “a secure part of your phone strictly private to COVIDSafe”.
“Unless you have a jail-broken device or have deliberately unlocked root permissions, the data collected by COVIDSafe is secure,” he added.
Some users have expressed concern about whether the app is draining the battery of their phone.
Speaking to 7NEWS.com.au, Robbins said the battery impact would need more investigating, but in theory it wouldn’t be a major issue.
He said the app’s Bluetooth connectivity is “on par with connecting with a portable speaker or AirPods”, so it should only affect a phone’s battery in a similar way.
“The data that’s being collected is more or less, the device you ping when you’re walking around,” he said.
“When it was pinged and the signal strength, that seems to be the main data points.”
Cybersecurity researcher Dr Vanessa Teague also studied the COVIDSafe app.
She decided not to download it herself until a “silly” flaw gets changed.
The CEO of Thinking Cybersecurity told 7NEWS.com.au the federal government chose to cycle encrypted Bluetooth IDs every two hours, whereas the Singapore government’s ‘Tracetogether’ app does this every 15 minutes.
She said this creates more opportunity for someone’s ‘pings’ to be identified over a longer period of time.
“iPhones, in particular, put a lot of effort into stopping people being tracked through their Bluetooth numbers, by changing the Bluetooth numbers quickly,” she said.
“So if you walk through a shopping mall, your phone looks different every 15 minutes so you can’t be tracked.”
“The concern with COVIDSafe is that it has this two-hour interval.
“It doesn’t necessarily reveal who you are, but reveals that your phone is interacting with a number of other phones.”
Dr Teague pointed out that she’s not recommending people don’t use the app, but that they’ll need to trust that the government’s server won’t be compromised.
The question is, who has the key to decrypt those IDs and what are the circumstances under which they might accidentally or deliberately be shared,” she said.
“The very detailed information about who they’ve been near, when and how far apart they are, is immediately apparent to whoever is running the server.”
The Australian government has said very strongly they won’t allow use of that information.
“It’s a promise, but not a promise that’s guaranteed by the technology.”
As for how the server is operating, Dr Teague said the government is remaining tight-lipped.
“We know what the app is doing because we can look at the code, but we don’t know what the server is doing, because the government hasn’t allowed it,” she said.
More tech whizzes are joining the examination on social media, as the industry tries to comprehend what data the government will have access to.
Developers are teaming up, using their collective knowledge and adding what they’ve discovered to publicly accessible documents.
The tech community is independently doing an audit,” Robbins said.
“It’s really important to establish that kind of trust.”
Despite mixed reviews from the tech world, community leaders are mostly unified in their message to Australians to download the app.
The country’s Chief Medical Officer Brendan Murphy reiterated the app will keep contact information only for 21 days.
“This covers the maximum incubation period for the virus and the time it takes for someone to be tested for COVID-19,” Professor Murphy said.