Cybersecurity expert, Dr Suranga Seneviratne from the Faculty of Engineering believes the government app adequately addresses privacy concerns and can be considered low-risk given it cannot access sensitive data, such as personal contacts and location.
"The COVIDSafe app appears to adequately address widely discussed privacy concerns. It doesn't seem to collect anything other than what is required, and good security practices have been followed. For example, the app does not have access to sensitive information, such as contact lists, GPS location, or SMS content," said Dr Seneviratne from the School of Computer Science.
"It might be good to open source the code so the information security community can have a closer look. Nonetheless, as of now, one could decompile the Android version using open source tools and obtain a fair estimation of the app’s behaviour by statistical analysis.
"If you are downloading the app, check the developer information and ensure that you download the official version of the app where the Australian Department of Health is listed as the app developer. Do not install the app from any other sources other than the two official app stores; Google Play and the Apple App Store.
"Users may expect a slightly degraded battery performance due to the continuous usage of Bluetooth.
"A possible improvement to the app could be using a fully distributed storage solution rather than centralised cloud storage, which is currently used. Nonetheless, given the minimum amount of data collected by the app, it is not something critical at this stage."
“There is a real urgency to getting a high percentage of Australians to download and register for the COVIDSafe app immediately. It will be much harder to encourage people to download the app later if only a small percentage downloads it initially," said Professor Slonim.
“While the government’s appeal to our better angels and altruism is clearly motivating to many people, many other people will be attracted to how it helps them, their friends, colleagues and local communities getting back to work, back to socialising at restaurants, pubs, sporting matches, music and other events.
“Similarly, the more people use the app, the safer it will be to open things up sooner, which in turn can limit the isolation and economic insecurity that could be causing spikes in mental illness, domestic violence and other factors affecting many people’s wellbeing.”
Department of Media and Communications academic, Associate Professor Timothy Dwyer says that while there is some complacency around online privacy, many are worried about the misuse of their personal data and potential security breaches.
“The steady normalisation of reduced levels of privacy has come about with the rise of search, social media, smartphones and apps," said Associate Professor Dwyer.
“There is a constant stream of data breaches and scandals. So there shouldn’t be any surprise that people are wary of government apps like this one that promise to take good care of our personal information and to observe our privacy rights.”
“Australia is not the first country to use a mobile app to record contact tracks," said international law expert Associate Professor Jie (Jeanne) Huang.
"China also uses mobile apps for combating COVID-19, though this is typically portrayed in a negative light in Australia," said Associate Professor Huang from the University of Sydney Law School.
“However, undeniably, Chinese digital surveillance by mobile apps has helped China to successfully manage and constrain the COVID-19 pandemic in a short period of time.
“Considering the large population in China and the consequent difficulty in contract tracing, Australia may draw useful perspectives from lessons and insights from the Chinese experience.”
Public health informatics expert and head of Biomedical Informatics and Digital Health from the School of Medical Sciences, Associate Professor Adam Dunn says that while the app does not collect personal data, there is a chance the anonymised data could be re-identified in a security breach.
While the app does not collect location data or personal information, that does not mean locations and the identities of people cannot be easily inferred.
“Considering the balance between utility and risks, I do not believe the app offers enough of an advantage over old-fashioned contact tracing to accept the long-term risks of its use," said Associate Professor Dunn.
“False positives will scare people unnecessarily: you could easily be on separate trains stopped at adjacent platforms and be linked by proximity. False negatives give people a false sense of security.
“While the app does not collect location data or personal information, that does not mean locations and the identities of people cannot be easily inferred. There are well-established methods for uniquely re-identifying people from anonymised data, just by knowing a few pieces of contextual information or being able to link two anonymised datasets.
“I also have concerns about the ability and trustworthiness of those entrusted to keep these data secure. In 2018, the Singaporean health system had a serious breach of 1.5 million personal records, including the Prime Minister, and accessed the dispensed medications of 160,000.
“The key problem is the increasing normalisation of surveillance. In the last two decades surveillance laws have become increasingly pervasive, governments have been very reluctant to roll back laws and surveillance technologies once they have been implemented.
“As recently as this year, Australian federal police initially denied and then admitted to using AI-based facial recognition technology. People now seem to willingly accept encroachments on their privacy that would have seemed abhorrent just 20 years ago.”