COVIDSafe Decision Making Guide
Health Consumers Queensland has developed this decision-making guide* to assist health consumers and carers with information about using the COVIDSafe app. We’ve looked at the benefits, risks and alternatives and the questions that may be on your mind when deciding whether to use COVIDSafe.
Health Consumers Queensland respects the rights of health consumers and carers to make informed decisions about their health. We are providing this guide to support your decision-making. We recognise that this issue is prone to rapid changes and whilst we endeavour to maintain it, we urge consumers to investigate government or news services to find specific updated information.
What is the COVIDSafe tracing app and how does it work?
COVIDSafe is a mobile phone application (an “app”) developed by the Australian Government to improve the speed of contacting people who may have been in close contact with someone who has tested positive for COVID-19. It is voluntary to use the app and you can uninstall or delete the app at any time.
The app does not collect location information but asks for your name (you can enter a pseudonym – a name you have made up), your age range (not a birth date), your postcode and your phone number. The app then creates an encrypted ID code which is shared using Bluetooth when you come close to other users of the app. This information is encrypted and stored on the app for 21 days and then deleted. If you have the app running on your phone as per the guidelines, it is collecting the contact data and storing it on your phone. The Health Department announced on 13 May that State and Territory health officials have come to agreement on the privacy rules around the use of the data for contact tracing and now have access to the app’s data. As at 21 May, only one State (Victoria) has used the app to contact trace following a positive test result for an app user.
What’s the evidence for using a contact tracing app?
The app enables State or Territory health officials to contact you if you’ve been near someone who has tested positive to COVID-19. Although use of the app is voluntary, the Australian Government has said that at least 50% of the Australian population need to download the app for it to work successfully. Modelling by independent studies show that if approximately 60% of the whole population use a contact tracing app and adhere to the recommendations1, the spread of the virus can be controlled and the lockdown eased. Lower numbers of app users are stated to also have a positive effect, estimating that one infection will be averted for every 1 to 2 users. As at 21 May 2020, there have been about 5.9 million downloads of the app.
Tracing apps are being proposed or have been used in a number of countries, however they haven’t been used in a pandemic to this scale before and it will take time to know of their effectiveness. In addition to their potential benefits there have been a number of concerns. In a joint international statement on Contact Tracing applications signed by over 100 expert scientists and researchers in the field they urge that systems are subjected to public scrutiny and are privacy preserving by design to ensure that citizen’s data protection rights are upheld. They advise the following principles be adopted as a minimum:
|Suggested principles for adoption of contact tracing apps||How does the COVIDSafe app stack up?|
|Clear purpose: the app will only be used for public health measures for containment of COVID-19.||
Upon its release, COVIDSafe was supported by interim privacy protections outlined in a determination made under the Biosecurity Act 2015.
On 14 May 2020, Parliament passed the Privacy Amendment (Public Health Contact Information) Act to support the COVIDSafe app and provide strong ongoing privacy protections.
The Act is available for download on the Federal Register of Legislation.
|Full transparency: the system protocols, source code and their implementation must be made available for public analysis.||The source code has now been released, however the code that relates to the COVIDSafe National Information Storage System has not been released. The Privacy Impact Assessment prepared by the Government commits to the release of application source code subject to consultation with the Australian Signals Directorate’s Australian Cyber Security Centre.|
|Data storage requirements for storage and collection must be clear and minimal for the given purpose.||All information will be stored in a cloud-based data store in Australia. Amazon Web Services is hosting the registration data in Australia (created when you register to use the app). Amazon Web Services is hosting the registration data in Australia (created when you register to use the app).All data will be deleted from the data store after the COVID-19 pandemic is concluded as determined by a Biosecurity Determination.|
|The most privacy preserving approach to implementation must be adopted.||The app does not ask for birthdate (a common security risk) and does not track location (unlike many common apps). Access to the app data is restricted to State and Territory health authorities though this is yet to be supported by legislations. All State and Territory health authorities have signed up to the privacy and security rules and now have access to use the app.|
|Use of the app must be voluntary, used with consent and designed that it is switched off and data deleted when the crisis is over.||Use of the app is voluntary and consent is required to provide access to the tracing data. The Government have stated that the app will not be used after the pandemic but it isn’t clear how that will be decided. The data in the app is deleted every 21 days. Users can uninstall the app and the data from their phone at any time. They can also request for any previous data collection to be deleted.|
What are the Anticipated Benefits of COVIDSafe?
COVIDSafe aims to:
- Improve the current contact tracing process,
- Speed up the process of notifying people who have been in contact with someone with COVID-19 so they can quarantine/self-isolate earlier.
This in turn should lead to:
- reducing and preventing the spread of COVID-19, including amongst vulnerable people in the population
- easing the current restrictions at a faster rate
- return to a more regular way of life sooner
- The app is voluntary and seeks user consent to retrieve registration details.
- Users will not get an in-app notification from their app about contact tracing but will be contacted by their local health authority. This decision has been made to ensure that people have support straight away.
Preliminary analysis so far suggests that the app does what it says and does not collect or transmit personal user information.
What are the Potential Risks of COVIDSafe?
A number of potential risks and concerns have been raised:
- The system protocols and source code have not yet been made available for public scrutiny. Making the app’s source code publicly available, or making it “open source”, would allow experts to examine the code to evaluate security risks and potentially help fix them. For example, experts could determine whether the app collects any personal user information without user consent. This would ensure better transparency and enable auditing of the app. Some experts are already doing this despite not being provided the source code directly.
- There are concerns about the delay in legislation to support the app. The Australian Government has plans to restrict access to the data to state and territory health authorities only (the draft legislation is now publicly available). Currently, laws under the Biosecurity Act restrict the use of the data and also stops the transfer of data to other countries but this is not as binding as specific legislation.
- There is currently no clear oversight associated with the app or a plan for reporting of its effectiveness.
- There is no known end date for when the app will be switched off, however this may be mandated by the upcoming legislation.
- Some user experience issues are being highlighted, such as errors authenticating phone numbers, switching on and off, and Bluetooth signal strength.
What are the alternatives to using COVIDSafe?
- The current Queensland Health contact tracing method is that someone who tests positive to COVID-19 needs to remember where they have been and who they have been in contact with during the tracing process.
- It relies on hundreds of investigators tracking thousands of movements.
- While you can track your movements and known contacts with a diary, for example, if you tested positive it may be hard to locate and contact people who were close by you at the supermarket or other places you visited.
- Currently tracing is done using a variety of methods including sometimes accessing CCTV footage, swipe card access data and people’s calendars, with permission.
- The police can also be called in under biosecurity laws if necessary.
- Technology companies Apple and Google are creating their own contact tracing systems. As these companies control their own operating systems they should address the problems of Bluetooth data exchange that iPhones currently have.
- In New Zealand citizens are being urged to keep a diary of contacts and are encouraged to self-track contact.
Are there any other issues I should know about?
- NSW Health Authority has reported some difficulty integrating the app into their tracing process.
- Some people have reported being asked by Telstra to pay for help to download the app.
- Some people may not be able to use the app because they don’t have a mobile phone or they can’t have their phone on them at all times.
- A number of people with diabetes who have downloaded the Australian Government COVIDSafe app to their smartphone have reported experiencing connection problems with their continuous glucose monitoring (CGM) apps. Diabetes Australia have advised the Department of Health that there may be an issue. If you have downloaded the COVIDSafe app and use a smartphone app with your CGM, you may wish to closely monitor to see if you have any connectivity issues. If you are worried, you should temporarily uninstall the COVIDSafe app from your phone. If you have experienced any issues since downloading the COVIDSafe app, please let Diabetes Australia know, Diabetes Australia – call 1800 637 700
- Concerns from survivors of domestic and family violence about safety.
- Phone ownership varies and the demographic of over aged over 60 year of age are least likely to carry a smart phone. Indeed about 9% (or 2 million) of Australians don’t own a smart phone.
- People who have an older mobile or use a prepaid mobile service may have difficulty in using the app
- Some people have reported being asked by Telstra to pay for help to download the app .
- The app requires an Australian phone number or app store account so many people, such as backpackers, business travellers and newly arrived people to Australia, may not be able to use the app right away.
- Anyone with a landline only will not be able to use the app since it requires SMS authentication – this may exclude people in rural areas. Telstra is making changes to their network to allow rural users to receive the verification SMS text message over the wifi network, when mobile coverage isn’t available.
- Some people are reporting concerns about the app’s ability to work properly if the iPhone is in low power mode. Battery usage seems to be minimally affected.
- The iPhone version works best when the app is open on the screen and the phone is unlocked. This is due to the iPhone security system and requires further development of the app and negotiation with Apple to address. The Government has said it will work with Google and Apple to improve the app performance.
- There’s a need to ensure that the app does not promote a false sense of security – social distancing and hygiene practices for prevention are still required.
- There is also a concern that scams may increase for example, individuals or groups presenting false government messages requesting information and using the app as an excuse to gain personal information. This appears to be happening already, with reports of SMS messages claiming to be related to the app.
- The app’s user experience is somewhat confusing and this may has led to concern and alarm for some users.
Further information to help your decision-making process
For general information about the app including download links and a short video describing how the app works, go to:
For the app source code on GitHub go to https://covidsafe.gov.au/app-code-terms-and-conditions.html
For information about COVIDSafe in other languages (there are 63 languages to choose from on top left of the website), go to the Department of Home Affairs website:
For answers to technical questions including ‘Why doesn’t the app work for me?’, ‘Can I use the app with an older device?’, and ‘What does the app do?’, go to
For a list of answers, prepared by the Australian Government, to frequently asked questions about the app such as ‘Why does Australia need a contact app?’, ‘How is my privacy going to be protected?’ and ‘Do I have to use the contact app?’, go to:
For independent, external articles and assessment of the COVIDSafe app, go to:
There is so much information about COVID-19 and COVIDSafe, how can I be sure that what I’m reading is reliable?
When assessing any information about health, some of the key questions to ask yourself are:
- Who wrote this?
Reliable sources of information include government publications, peak bodies, and government-endorsed sites. If it is not clear who is running or funding the site you are looking at, visit the About Us or Contact Us pages to find out. If you still don’t find an answer there, consider looking for another site altogether. A reliable source of information will be transparent about their who they are and their sources of funding.
What is the evidence for what they are saying?
Information is likely to be trustworthy if is based on reputable research or official documents you can refer to. Testimonials or opinion are not reliable sources of health information.
Is it an objective view?
Does the information seem balanced? If the site is published by a private company or special interest group, consider also seeking out another point of view to see if there are other ways to think about the issue.
Is it up to date?
Some of the information about COVIDSafe is updating regularly. Make sure the information you read to inform your decision has been published recently.
*Updated on 14 May to include most recent download numbers, links to source code released, agreement from State and Territory health authorities to use the app data, and some additional user issues.
*Updated on 9 May 2020 to include links to the draft legislation, further information on the current status of the app including download numbers, information about Apple and Google contact tracing apps in development, changes by Telstra to assist rural users and advice from Diabetes Australia for people using continuous glucose monitoring apps.