The Federal Government has overhauled the COVIDSafe contact tracing app, saying the new version logs “encounters” almost perfectly, whether or not the device is locked or the app is running in the background.
But the announcement has drawn a mixture of surprise and despair from the tech community, which says the update ignores the fact that COVIDSafe is outdated and other countries are rapidly shifting to a tried-and-tested contact tracing technology developed by Google and Apple.
Vanessa Teague, CEO of Thinking Cybersecurity and a central figure in the tech community, said she spent months fixing COVIDSafe and trying to engage with the Digital Transformation Agency (DTA) in discussion of future options, only to learn about the news through a press release.
“Instead of that, they’ve chosen to do more of the same.”
Open-source engineer Geoffrey Huntley, who has helped identify and fix problems with COVIDSafe, said he was “blindsided” by Monday’s announcement.
“I believe this is a distraction,” he said.
Jim Mussared, a software engineer who alerted the government to flaws he found in the app earlier this year, said trying to improve COVIDSafe outdated technology was “irrelevant”.
“It’s just rearranging deckchairs on the Titanic,” he said.
Remember COVIDSafe?
Launched on April 26, COVIDSafe was promoted as a critical tool in the fight against COVID-19 and essential to lifting lockdown restrictions.
It works by exchanging Bluetooth signals between phones running the app, which creates a record of all of casual contacts within a 1.5-metre radius for at least 15 minutes.
If a person tests positive to COVID-19, authorities request access to that phone log to work out who else may have been infected.
Millions downloaded COVIDSafe within weeks of its release, but soon there were questions over how well it was performing: Authorities admitted there was a problem with the app’s operation on iPhones when it was running in the background.
Other software glitches emerged and were patched and fixed, but the number of downloads never reached the target of 40 per cent of Australians.
In its first seven months of operation, COVIDSafe has identified 17 close contacts of people diagnosed with COVID-19 that were not picked up through manual tracing.
By November, the app itself had largely faded from the public conversation. Not only was its worth questioned, but manual contract tracing supported by QR code check-in services at public venues appeared to be working.
Meanwhile, Google and Apple specifically developed the Exposure Notification system, which they said was a more effective way for phones running their operating systems to perform digital contact tracing.
Both approaches use Bluetooth, but where COVIDSafe works more like a handshake, with phones briefly pairing to exchange codes, the Google-Apple Exposure Notification system is a beacon — when two people are near each other, their phones exchange and record these Bluetooth identifiers.
By the end of November, more than 50 jurisdictions, including the UK, Germany, Spain, Italy, Japan, Canada and many US states, were using the Google-Apple system.
What’s the update?
The updated version of COVIDSafe, dubbed Herald, uses a protocol developed by a third party, VMware, to improve the way phones exchange data.
The DTA says the Herald protocol has a “near 100 per cent” success rate with both iPhones and Androids, including when the phone is locked or the app is running in the background.
Coronavirus questions answered
Breaking down the latest news and research to understand how the world is living through an epidemic, this is the ABC’s Coronacast podcast.
Read more
The non-updated version of COVIDSafe logs contacts at 25 per cent to 50 per cent of the time between two locked iOS devices and 50 per cent to 80 per cent of the time when one of the devices is unlocked.
Several experts said it’s difficult to judge the update without knowing how the DTA had carried out the testing, or not having seen the hard data.
“It’s hard to say whether it’s much of an improvement,” Dr Teague said.
Mr Mussared said the update could best be described as a series of “really complicated” workarounds to make Android and iOS phones do something (the mutual exchange of Bluetooth messages) that they’re not designed to do.
“We don’t have the testing reports from DTA that show the methodology,” he said.
“It’s hard to say whether the update is significant.”
The DTA has released the Herald-integrated COVIDSafe source code and called on the tech community for feedback.
Will it help the borders reopen?
COVIDSafe has one other big drawback: it doesn’t pair well with the automated contact tracing systems other countries are using.
Herald works across borders in theory, but only if multiple countries are running the app.
Unfortunately, no other country is using Herald.
The UK abandoned an early version of Herald in June in favour of developing a national app that uses the Apple-Google Exposure Notification system.
“Every other country is using the Apple-Google system that will allow interoperability between countries,” Mr Mussared said.
Government Services Minister Stuart Robert said the code would also be made available internationally so other countries could use it.
“Australia’s technology capability and contact tracing systems are world-leading,” he said.
“We will be the first country in the world to adopt the Herald Bluetooth protocol, which has been shown to significantly improve our capability through the COVIDSafe app.”
Labor’s health spokesman Chris Bowen said the app had delivered “bugger all” over the past six months.
“After months of arrogantly telling us the COVIDSafe app was working just fine, and rejecting all suggestions for improvements, now the Morrison government is starting again,” he said.
