Is COVIDSafe… Safe?
Well, it depends on your definition of safe!
Personally, I would like to see restrictions lifted sooner rather than later, and if it means installing the #covidsafeapp and sacrificing a tiny portion of un-valuable personal information for the greater good of the community, then so be it. I have had it installed for a couple of days now, as have my family and colleagues. I hope this video might help you decide whether you want to.
In this video I walk through how it works, what it does, and what information may or may not be accessible based on you installing and using it.
Here are some pertinent links, some referenced in the video:
Feel free to ask any questions you may have and we will do our best to answer them!
enquiries@servicescaler.com / (02) 9146 6339
*Note, the information in this video was, to the best of our knowledge, correct at date of recording.
TRANSCRIPT
Hi guys, Rob here from ServiceScaler. In today’s video I’d like to talk to you about the COVIDSafe app recently released by the Australian government. The COVIDSafe app is a contact tracing app designed to be able to trace your interactions with other users of the application, and in the event that somebody tests positive to COVID-19 they’ll be able to identify people who they’ve been in contact with. At face level that sounds very scary and like your privacy may be invaded, but what I’d like to do is walk you through how the application works, how it interacts and where it stores your data and how it uses that to be able to complete its contact tracing functions. Now, the first thing that you do is you download the app from the App Store and install the app. Now to set up the application there are a few steps. The first thing that you need to do is enter your mobile phone number. What they do is you enter your mobile phone number, they will send you an SMS with the code and that will register the application on your device. They’ll then ask you some other questions. They’ll ask you about your age range and your postcode or your location. Now, there’s a couple of reasons that they do this. There are two purposes for using those three pieces of information. The first is to generate an encrypted ID. So that’s a unique identifier that they use for the app that is installed on your particular device. That can’t be used for anything else it’s just a random series of numbers and letters, but it helps when they need to be able to push information back out to your device in the case that somebody you’ve come into contact with develops a case of COVID-19. The second reason that they collect your mobile phone number, your age and your postcode, is that in the event that somebody does contract COVID-19 They can push out via the application to say that somebody has contracted that, that you have been in contact with but it is actually for the health authorities to be able to reach out to you directly. Now the reason they collect your mobile phone number. is so that they can call you or contact you The reason that they collect your age range is so they know the severity or the risk. So if there was a major outbreak again in Australia, what they would do is they will start in the high-risk categories and work their way through to the low risk categories. So that’s why they ask you for your age range. Now the reason they ask you for your postcode. Is that so that somebody from the correct health district can reach out to you and be in contact. That information is encrypted and is stored in Amazon here in Australia, so it’s stored onshore. If somebody were to get access to that information it would all be encrypted anyway, so there is nothing in there that identifies you and there is nothing in there that can be used against you. So no personally identifiable information. Once you’ve completed that process the app is then installed on your phone, now for Android users you’ll notice when you go through the process that it will ask you to allow location This is actually an Android thing not an App thing. So when you allow an application to use Bluetooth, you need to allow access to your location. What we can confirm is that the app does not track your location at any point in time. It does not keep or retain location information. It’s just using Bluetooth. Moving on from that. How does the app then work? Well the app uses Bluetooth to identify other users of the app in Bluetooth range. Now the way that it talks to the other app, is it goes - Okay, I can see that there is a another device that has the COVIDSafe app in Bluetooth range. What does it now do. Well the period in time in which they need to be within that radius or connected is 15 minutes. If someone is in contact somebody else who has the app in Bluetooth range for 15 minutes. it will log that information. Now, what does it log? Well it logs the distance you were from that person and it logs they’re encrypted ID. So again, no personally identifiable information. The next step is it stores that locally on your device for a period of 21 days. Once it reaches 21 days. It starts purging that information from your device and puts in new information as it comes through. At that point in time does that get uploaded automatically, to anywhere. That’s very important to know. Now. The reason that we capture the encrypted ID from the other person’s device is that if that person does test positive for COVID-19 or you test positive for COVID-19. You will be requested to upload your data by a health professional which is voluntary, you upload that data into the cloud it will identify anybody you’ve been in contact with that has that Encrypted ID that you’ve recorded. So that’s the only information that it has and from there it’s able to push out a notification to that user based on that encrypted ID to let them know they’ve been in contact with somebody who has contracted COVID-19. In terms of what personally identifiable information they will be keeping or retaining, its very limited. They’re not tracking your location. They’re not pulling personally identifiable information from your device. The only piece of information that you willingly give up that may be related or give you some personal privacy concerns is just your mobile phone number, apart from that the app is safe. You can de-register, and ask for your information to be deleted. So you can delete the app from your mobile device it will delete all of the data. It’s all just stored locally not in the cloud And if you do want your registration as in your mobile number and your encrypted ID that’s been generated to be deleted. There is a form that you can complete via the health web forms. I’ll put a link up in the post description that will send you directly to that and of course if you have any questions about the security or the privacy of the app, feel free to reach out to me or anyone in the team at ServiceScaler, we would be more than happy to help.
Contact the team at ServiceScaler today for a free and confidential discussion
Contact Us