Are you Going to use the COVIDsafe App?

serfty

serfty

Veteran Member
Moderator
AFF Plat Supporter
Joined
Nov 16, 2004
Posts
46,615
Qantas
Platinum
Virgin
Platinum
I did research this a fair bit and I decided I was happy to:

www.health.gov.au

Privacy Policy

The COVIDSafe app speeds up contacting people exposed to coronavirus (COVID-19). This helps us support and protect you, your friends and family. Please read the content on this page before downloading.
www.health.gov.au www.health.gov.au
 
Last edited:
Sponsored Post

Struggling to use your Frequent Flyer Points?

Frequent Flyer Concierge takes the hard work out of finding award availability and redeeming your frequent flyer or credit card points for flights.

Using their expert knowledge and specialised tools, the Frequent Flyer Concierge team at Frequent Flyer Concierge will help you book a great trip that maximises the value for your points.

jakeseven7 said:
So interesting - a local business is giving people 10% off for showing the COVIDSafe app on their phone ;)
Click to expand...

Interesting. Obviously an attempt to get around this:
"Business owners who ban people from entry unless they have downloaded the government’s coronavirus contact tracing app will face five years in jail and a $63,000 fine under proposed laws."
 
jb747 said:
Interesting. Obviously an attempt to get around this:
"Business owners who ban people from entry unless they have downloaded the government’s coronavirus contact tracing app will face five years in jail and a $63,000 fine under proposed laws."
Click to expand...
It doesn't matter how some law is worded, where there is a will, there's a way.
 
  • Haha
Reactions: DC3
The government is introducing legislation to enhance ASIO powers:
"ASIO officers will have the power to track individuals and will only have to get the OK to do so from another ASIO officer rather than having to file paperwork for a warrant from an independent judicial officer. ...

And what sort of tracking technology is allowed? Any technology ASIO “has access to”
Click to expand...

www.theage.com.au

New ASIO law one more step towards a totalitarian state

Peter Dutton's new bill amendment, which beefs up the powers of security agencies and further diminishes civil rights, would make an authoritarian regime blush.
www.theage.com.au www.theage.com.au

Now which law will take priority? The law guaranteeing privacy of the COVID-19 app or the new ASIO law? Guess.
 
Struggling to Redeem Your Frequent Flyer Points?
The Frequent Flyer Concierge team takes the hard work out of finding reward seat availability. Using their expert knowledge and specialised tools, they'll help you book a great trip that maximises the value for your points.

AFF Supporters can remove this and all advertisements

Hvr said:
The government is introducing legislation to enhance ASIO powers:


www.theage.com.au

New ASIO law one more step towards a totalitarian state

Peter Dutton's new bill amendment, which beefs up the powers of security agencies and further diminishes civil rights, would make an authoritarian regime blush.
www.theage.com.au www.theage.com.au

Now which law will take priority? The law guaranteeing privacy of the COVID-19 app or the new ASIO law? Guess.
Click to expand...
Yes! One would think Dutton would have more to occupy his mind and portfolio than adding laws to question 14 yo's, adding trackers to people as they feel like it without warrants, and attaching qld gov for investing in Virgin, such as giving the true answers on the cruise ship debacle and working out how to hide million dollar investment properties. :mad:
 
TheRealTMA said:
Yes! One would think Dutton would have more to occupy his mind and portfolio than adding laws to question 14 yo's, adding trackers to people as they feel like it without warrants, and attaching qld gov for investing in Virgin, such as giving the true answers on the cruise ship debacle and working out how to hide million dollar investment properties. :mad:
Click to expand...
Perhaps too much time on his hands. 🤔
 
TheRealTMA said:
Yes! One would think Dutton would have more to occupy his mind and portfolio than adding laws to question 14 yo's, adding trackers to people as they feel like it without warrants, and attaching qld gov for investing in Virgin, such as giving the true answers on the cruise ship debacle and working out how to hide million dollar investment properties. :mad:
Click to expand...
Mind you the young lady across the ditch is OK with ignoring civil liberties.

www.stuff.co.nz

Coronavirus: New Covid-19 law gives police power to conduct warrantless searches amid civil liberty concerns

A new law will ensure controls on gatherings of people and physical distancing are still enforceable by police.
www.stuff.co.nz www.stuff.co.nz
 
So I've now had a chance to review the COVIDSafe app source code,

Before I give you my thoughts, I have some caveats:

1. I've analysed what they have provided. Technically there is nothing stopping them from releasing one thing on GITHUB and another thing on the various app stores.
2. They have removed all the code comments, which made this analysis much harder than it should be, so it is possible that I mis-interpreted something.
3. Normally code review is done with the author sitting next to me (or at least on the other end of the microphone / headset)
4. I analysed the Android version, not the Apple version.
5. I don't get to see the code on their AWS server, however based on what I know about the governments use of AWS, I'm not concerned there.
6. If all the below turns out to be wrong, you don't get to sue me.

First things first, this app CAN NOT upload any data without your express permission. The only place where the UploadData is called is are all inside what are known as event handlers (aka you must do an action)

One of the more surprising things, it's pulling a script down which is hosted in Libya (at least according to a WHOIS, Edit: the address is Libyan, but the server is sitting in the USA, no COVIDSafe data is going to this server it's a library call only), which is something I'll bring to their attention, since technically there may be a way to exploit it. However in saying that, I don't think this is enough of a security concern to warrant uninstalling the application, and the technique of using online scripts is pretty common in all the applications that are currently on your phone.

They are using encryption that in my opinion is stronger than at least one of the big 4 banks (yes I just did a scan against one of the big 4, no I'm unlikely to get a knock at the door from men in dark suits tonight).

The personal details that it collects is sent to their central server, it is not shared to other peoples mobile phones.

It does send the mobile phone type via plain text (aka unencrypted), unless you have a one of a kind prototype I don't really see that as a security risk.

It looks like they can change some of the parameters (such as the amount of time between each token getting cycled) remotely, that said it doesn't look like they can change any of the fundamental parts of the application without requiring you to accept an update (aka I don't believe they can't silently change how the application works)

So based on this, if you have not already done so, get the app, if you have, continue using it.

I still maintain that this data is of limited value for any purpose other than contract tracing of COVID, it's not the honeypot that certain media organisations (ABC I'm looking at you, you wrote a really cough article tonight) are trying to scare you about.
 
Last edited:
You must log in or register to reply here.

Enhance your AFF viewing experience!!

From just $6 we'll remove all advertisements so that you can enjoy a cleaner and uninterupted viewing experience.

And you'll be supporting us so that we can continue to provide this valuable resource :)


Sample AFF with no advertisements? More..

Recent Posts

Currently Active Users

... and 33 more.
Total: 987 (members: 83, guests: 904)
Back
Top