Tech experts examining the COVID-19 contact tracing app say they’ve discovered privacy flaws and multiple issues stopping people from signing up.
Software developer Geoff Huntley has led volunteer efforts over the past week to examine the COVIDSafe app and identify issues with the aim of helping the government improve it.
“I still maintain the app is safe to install,” he told AAP on May 4.
“But one of the things we’ve found in there will require every country that has used the Bluetooth implementation from Singapore to update their privacy policies and release new versions of the application.”
Developers have also identified a number of issues preventing people from registering.
You can’t register if your phone is connected to wifi, it’s only available in Australian stores and roaming international numbers can’t register – so foreign travellers can’t use it – and there is no option for people using tablets to have a robot to call their landline with a registration PIN.
Huntley points to hundreds of reviews in the Google and Apple app stores where people complain they haven’t been able to register.
“Meanwhile, last night we had a tweet go out (from a minister) saying if you want to go to the footy, you need to download the app,” he said.
“I think the amount of downloads is a BS vanity metric and what we should be looking at is some sort of daily active users (figure).”
A spokesman for Government Services Minister Stuart Robert said the figures quoted reflected people who had both downloaded and registered.
“More than 4.5 million Australians have registered for the COVIDSafe app, which has received widespread support and endorsement from across the Australian community including public health officials, as well as information technology and cybersecurity experts,” the spokesman told AAP.
Huntley also points out that anyone checking out all the areas of the app will easily end up on a page with the first line of text: “You have tested positive for COVID-19.”
“It has caused public panic and it can still cause public panic,” he said.
But he says multiple attempts to contact government agencies to report issues went unacknowledged until he was interviewed in media on Monday morning.
He is puzzled by the lack of engagement on social media or replies to app store reviews and says the apparent lack of interest in having the wider tech community help via a commonly used “bug bounty” system is unusual.
A spokesman for the Digital Transformation Agency says bugs should be reported via the app’s “report an issue” function or by emailing email@example.com
“The app has received widespread support and endorsement from the information technology community,” he told AAP.
“As would be expected the app will be updated as required.”
Robert’s spokesman said the app’s source code would be released in coming weeks.
By Katina Curtis