It’s been nearly two months since Australia’s digital contact tracing app, COVIDSafe, was released but Australia’s developer community still maintains there are crucial flaws with how it works on Apple iPhone devices.
The path has been rough for Australia’s COVIDSafe app, which was one of the first contact tracing apps globally when it was released on April 26. Initial discourse zoomed in on privacy concerns but it soon became apparent the app struggled to work as intended.
Since its release, developers have uncovered a number flaws — some more serious than others. Those issues revealed the Bluetooth wasn’t functioning as it was meant to and that, in some cases, the app led to the sharing of a user’s name between devices.
The Digital Transformation Agency (DTA), the government agency behind the app, has worked to address some of these issues but developers have continued to find new and persistent bugs, particularly when it comes to iPhone devices.
COVIDSafe bugs continue to limit its effectiveness
Richard Nelson is a software developer who has been working on revealing the app’s flaws. On Monday, he publicly released another issue found in the app’s latest version 1.5.
In the bug release, he explains there’s a problem with the temporary IDs (TempID) – the strings of numbers exchanged between two phones with the app, colloquially known as a ‘digital handshake’ – stopping them from generating when an Apple iPhone is locked.
It means your COVIDSafe app might record other people around you but your device will be invisible to others’. In essence, it means you’ll never be logged as being a contact of theirs and won’t be later notified if they are then found to have contracted coronavirus.
“[A TempID] expires every two hours,” Nelson said to Gizmodo Australia. “This means it may expire right before you lock the device, or it may take up to two hours for a locked device to get in this state.”
It’s a relatively simple fix, Nelson believes, and will only require changing a single line of code.
The DTA remains confident the app works fine
Nelson disclosed the bug to the DTA on Monday morning and said he received an acknowledgement not long after by the agency, noting it was being looked into. Despite the flaw being present since the app’s launch, Nelson said he expects it will be fixed by the next update.
It’s not the only issue affecting whether the device of app users complete a digital handshake — the logging of another device’s TempID for 21 days in the phone’s encrypted storage. Apple devices using iOS have had trouble getting the app to register those handshakes. This was particularly noticeable if an iOS device had other Bluetooth-enabled devices connected, which rendered COVIDSafe’s Bluetooth signal weaker if it was pushed to the background or the phone was locked.
Because people seem interested here's some video of the COVIDSafe app failing on iPhone. It is literally impossible to broadcast the UUID needed for the app to work without the screen on and the app in the foreground. pic.twitter.com/X5lpyeKL1A
— Joshua Byrd (@phocks) May 1, 2020
The DTA believes it has mostly fixed this but concedes the strength of locked Android or iOS devices transmitting their handshakes to another locked iOS device is only ‘good’. According to iTNews, a ‘good’ rating means it’s successfully transmitting those handshakes about 50 to 80 percent of the time.
Apple and Google’s API framework could potentially provide the solution for many of the Bluetooth backgrounding problems the app is facing. The tech giants’ joint project allows for the different operating systems to better ‘talk’ to each other when using Bluetooth. In theory, if the framework is integrated with COVIDSafe, devices would be able to send stronger Bluetooth signals allowing the app to function a lot better.
The DTA has previously confirmed it was in discussions with the tech giants but whether its integration will occur or how exactly it will work with the app is still unknown at this stage.
Gizmodo Australia contacted the DTA to understand what an estimated timeline for these fixes as well as whether it was still considering the inclusion of Apple and Google’s API framework. Its statement did not address those questions.
“The DTA continues to welcome feedback on COVIDSafe from the developer community, with previous feedback helping us to improve the app,” a DTA spokesperson provided Gizmodo Australia.
“[It] will continue to release updates to the COVIDSafe app to deliver a range of performance, security and accessibility improvements as required. The Australian community can have confidence the app is working securely and effectively, despite the lack of community transmission of COVID-19.”
Australia’s health authorities have barely used the app to identify contacts
Despite being initially touted as a critical solution to help streamline contact tracing for overworked teams, it remains mostly unused by those it was intended to assist.
As Gizmodo Australia reported on in recent weeks, the app itself has struggled to justify its relevance with many of Australia’s health authorities simply finding little use for it. Victoria’s health department initially revealed to us it had accessed the data 16 times but were unable to find a single new contact that manual tracers hadn’t already uncovered. A week later, that number had jumped to 21 but it still didn’t provide any new contacts.
It’s since been revealed that NSW health authorities have accessed the app less than a dozen times but have still not uncovered a contact manual tracers couldn’t.
This could all be due to an initially unforeseen but positive outcome — Australia’s coronavirus cases just keep dropping. Other researchers such as University of Queensland’s Professor Rhema Vaithianathan, however, think it won’t be any more effective if major outbreaks do occur in the future.
COVIDSafe might be in need of a rethink
Professor Vaithianathan is the lead author on a new working paper that concluded COVIDSafe needed automatic notifications in order to provide the assistance it promised. She told Gizmodo Australia that even if everyone in Australia signed up, it might not be any more effective in its current form.
“True digital contact tracing has the ability of the app itself to notify you if you have been with someone while they were infectious,” Professor Vaithianathan said, explaining COVIDSafe did not provide this.
“The worry I have, in Australia, is that that feature is not available so all these people have been downloading that federal app, thinking that somehow they’ll be notified if they’ve been in contact [with someone infectious].
“They’ll be notified but it will be by a manual tracer exactly like you would be notified if you didn’t have an app.”
While it’s a great achievement Australia was so quick to the mark with developing its own contact tracing app, the jury’s still out on how well it will perform when we truly need it.