CovidSafe app - should you trust it?
Updated: May 14
The Australian Government's messaging on this tool has been poor so a lot of people are scared of what will happen to their private data if/when they install the Covid 19 tracing app'.
Here's my opinion: DON'T install or trust this app' at this point in time.
Those of you have been paying attention to my past posts on the subject of internet privacy and security will know that my default and best advice is "if you don't want it seen by anyone, don't put it on the internet".
This goes for whatever transmission mechanism you can think of...including this and other app's.
You may also recall that it is my contention that "The Government" is/are never the right people to be dealing with things they don't understand ...and...IT ignorance is something Governments have consistently proven.
A technical breakdown of the app' shown here, https://mobile.twitter.com/matthewrdev/status/1254336105203200000, suggests that what has been said about the app' by politicians is correct i.e. there's nothing sneaky going on.
However, author of the analysis also admits to limitations in his knowledge in this area.
Let me tell you, that in a previous life, I was an exceptional software testing expert. Yes I am bragging but it really is the only thing in my life that I honestly feel like I had any special talent in. I just "got it" and was very good at it. I know for a fact that most professional software testers aren't good at it at all. Even worse at testing are "developers" and the author of this review is a software developer.
He may have pulled it apart but he has not looked at it like a "tester" and he admits limitations.
My point here is that until the results of multiple independent and well regarded tests are made public what this app is supposed to do, and what it actually does, are to be treated carefully.
We simply don't know what we don't know.
EVEN THEN, we can't and don't know what the app' could do in the future.
We could do all the due diligence in the world now and have a future update to the app introduce all the nasties. Our guard would be down and the app' is already on our phones!
AND, while the app' may appear to do the right thing on our devices, the data still goes somewhere...and we don't know how that will be used, stored, abused and handled...
...and then there's human error and malice.
Releases of confidential data happen all the time. Google it. You'll be horrified. These happen through error and malice.
I don't care what special law any Government creates, those who ignore and disobey laws will continue to do what they do best.
Do I need to point out how honest our politicians are?
One of the things that the politicians have spoken about is the public release of the source code.
De-compilers aside, it is my bet that, if they haven't already, the promises to release the code will be revoked with security concerns being cited - "if you don't trust us with the code you certainly won't like criminals having it".
So don't expect that promise to be properly honoured any time soon (#oratall).
Finally the blanket requirement for everybody to use this app' is, at present, a flawed one.
In reality only people at risk or involved in risky activities should use the app'.
Of course using it isn't mandatory...yet...but if you feel you or your community would benefit from using the app' can I suggest you:
Make sure there's nothing private on your phone that you don't want compromised and/or
do it on a spare BLANK / RESET / OLD phone that only has this app' on it?!?!
At least for now.
I don't like sounding like an alarmist loony, but I have worked in IT for a very long time and seen the many, many, many ways it goes wrong (and this wouldn't be the worst of them let me assure you).
David P.S. Maybe read my article from 2 years back too: https://www.ihatemypc.com.au/post/2018/08/28/traveling-with-tech-it-just-aint-worth-the-risk
P.P.S. and the follow up to that article: https://www.ihatemypc.com.au/post/traveling-with-tech-part-ii-pandemics-change-everything
Update 30/4/20 - additional reading and concerns can be found here now that more analysis has been done and time has passed: https://www.csoonline.com/article/3540711/how-the-covidsafe-app-could-pierce-your-privacy-and-change-the-privacy-equation.html. My conclusion remains the same if not validated by this.
Update 15/5/20 - this URL is a couple of days old now but the content is still valid. If you needed a legal perspective on why to avoid this crappy app, then here it is: https://www.sydneycriminallawyers.com.au/blog/do-not-trust-the-pms-promises-regarding-the-covid-19-tracking-data/
It should also be noted that uptake hasn't reach that supposedly required for it to be effective AND there are many ongoing reports of it simply not working on iPhones (mainly). As mentioned, the fundamental premise and operational parameters are flawed regardless of which device you use it on.