Advertisement

Coronavirus app tracking problems identified with Android

The COVIDSafe app is designed to store minimal information.

The COVIDSafe app is designed to store minimal information. Photo: Getty

Problems with the government’s coronavirus contact tracing app on Android phones could leave them open to being tracked for days.

Jim Mussared, the software developer who discovered the bugs, says they’re easily fixed.

“All this started because I wanted to explain to my friends why they should install the app,” he said.

“If you’re in any way in a vulnerable situation for which long-term, multiday device tracking could be a major threat, do not install the app,” he said.

However, his recommendation would still be for most people with Android phones to install the software.

For iPhones, he says while the problems that open up potential tracking aren’t there, COVIDSafe doesn’t reliably work unless the app is actively in use.

His advice is similar to that given by WESNET, an organisation that offers technology safety advice for domestic violence victims.

It says people whose abusers have sophisticated technical abilities should think about their specific personal circumstances before downloading the app. If they do install it, it says, they should consider leaving their phone behind during any meetings they might want to keep secret.

The first issue Mr Mussared found in the Android app relates to the way an anonymous ID is requested from the server every two hours and could result in a phone being allocated the same identifier for days on end.

A second, similar problem relates to unique information Android phones send out even if the temporary ID changes.

Mr Mussared also found two other issues about information the phone sends that he thought should be disclosed in the privacy policy.

He discussed the bugs with the government agency in charge of the COVIDSafe app on Monday, more than a week after he first found and reported them.

“I just want this app fixed. I haven’t slept for eight days, right, I’ve worked tirelessly to get attention to these issues,” he said.

“I’m not out there to try to facilitate people doing creepy things.”

Health Minister Greg Hunt said five million Australians have downloaded the app, about a third of the adult population the federal government has urged to do so.

“I’m delighted that Australia is now passed five million downloads and registrations of the COVIDSafe app,” he said on Wednesday.

“A technology sector leader said to me yesterday that it took Facebook 10 months globally to achieve their first one million users.

“Australians together have, in less than 10 days, achieved five million downloads and registrations. And that’s an extraordinary achievement.”

-with AAP

Stay informed, daily
A FREE subscription to The New Daily arrives every morning and evening.
The New Daily is a trusted source of national news and information and is provided free for all Australians. Read our editorial charter
Copyright © 2024 The New Daily.
All rights reserved.