Are you Going to use the COVIDsafe App?

serfty

Veteran Member
Moderator
Joined
Nov 16, 2004
Posts
47,508
Qantas
Platinum
Virgin
Platinum
Oneworld
Emerald
SkyTeam
Elite Plus
I did research this a fair bit and I decided I was happy to:

 
Last edited:
Read our AFF credit card guides and start earning more points now.

AFF Supporters can remove this and all advertisements

So interesting - a local business is giving people 10% off for showing the COVIDSafe app on their phone ;)

Interesting. Obviously an attempt to get around this:
"Business owners who ban people from entry unless they have downloaded the government’s coronavirus contact tracing app will face five years in jail and a $63,000 fine under proposed laws."
 
Interesting. Obviously an attempt to get around this:
"Business owners who ban people from entry unless they have downloaded the government’s coronavirus contact tracing app will face five years in jail and a $63,000 fine under proposed laws."
It doesn't matter how some law is worded, where there is a will, there's a way.
 
  • Haha
Reactions: DC3
The government is introducing legislation to enhance ASIO powers:
"ASIO officers will have the power to track individuals and will only have to get the OK to do so from another ASIO officer rather than having to file paperwork for a warrant from an independent judicial officer. ...

And what sort of tracking technology is allowed? Any technology ASIO “has access to”


Now which law will take priority? The law guaranteeing privacy of the COVID-19 app or the new ASIO law? Guess.
 
The government is introducing legislation to enhance ASIO powers:



Now which law will take priority? The law guaranteeing privacy of the COVID-19 app or the new ASIO law? Guess.
Yes! One would think Dutton would have more to occupy his mind and portfolio than adding laws to question 14 yo's, adding trackers to people as they feel like it without warrants, and attaching qld gov for investing in Virgin, such as giving the true answers on the cruise ship debacle and working out how to hide million dollar investment properties. :mad:
 
Yes! One would think Dutton would have more to occupy his mind and portfolio than adding laws to question 14 yo's, adding trackers to people as they feel like it without warrants, and attaching qld gov for investing in Virgin, such as giving the true answers on the cruise ship debacle and working out how to hide million dollar investment properties. :mad:
Perhaps too much time on his hands. 🤔
 
Yes! One would think Dutton would have more to occupy his mind and portfolio than adding laws to question 14 yo's, adding trackers to people as they feel like it without warrants, and attaching qld gov for investing in Virgin, such as giving the true answers on the cruise ship debacle and working out how to hide million dollar investment properties. :mad:
Mind you the young lady across the ditch is OK with ignoring civil liberties.

 
So I've now had a chance to review the COVIDSafe app source code,

Before I give you my thoughts, I have some caveats:

1. I've analysed what they have provided. Technically there is nothing stopping them from releasing one thing on GITHUB and another thing on the various app stores.
2. They have removed all the code comments, which made this analysis much harder than it should be, so it is possible that I mis-interpreted something.
3. Normally code review is done with the author sitting next to me (or at least on the other end of the microphone / headset)
4. I analysed the Android version, not the Apple version.
5. I don't get to see the code on their AWS server, however based on what I know about the governments use of AWS, I'm not concerned there.
6. If all the below turns out to be wrong, you don't get to sue me.

First things first, this app CAN NOT upload any data without your express permission. The only place where the UploadData is called is are all inside what are known as event handlers (aka you must do an action)

One of the more surprising things, it's pulling a script down which is hosted in Libya (at least according to a WHOIS, Edit: the address is Libyan, but the server is sitting in the USA, no COVIDSafe data is going to this server it's a library call only), which is something I'll bring to their attention, since technically there may be a way to exploit it. However in saying that, I don't think this is enough of a security concern to warrant uninstalling the application, and the technique of using online scripts is pretty common in all the applications that are currently on your phone.

They are using encryption that in my opinion is stronger than at least one of the big 4 banks (yes I just did a scan against one of the big 4, no I'm unlikely to get a knock at the door from men in dark suits tonight).

The personal details that it collects is sent to their central server, it is not shared to other peoples mobile phones.

It does send the mobile phone type via plain text (aka unencrypted), unless you have a one of a kind prototype I don't really see that as a security risk.

It looks like they can change some of the parameters (such as the amount of time between each token getting cycled) remotely, that said it doesn't look like they can change any of the fundamental parts of the application without requiring you to accept an update (aka I don't believe they can't silently change how the application works)

So based on this, if you have not already done so, get the app, if you have, continue using it.

I still maintain that this data is of limited value for any purpose other than contract tracing of COVID, it's not the honeypot that certain media organisations (ABC I'm looking at you, you wrote a really cough article tonight) are trying to scare you about.
 
Last edited:

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.
Back
Top