DTA still backing COVIDSafe despite only picking up 17 contacts

Agency says COVIDSafe works as is written on the label and that there is no intention to jettison the current app and start again.
Written by Asha Barbaschow, Contributor

During Senate Estimates on Monday, the Department of Health revealed that despite there being a total of 27,554 confirmed cases of COVID-19 in Australia, only 17 have been picked up using the federal government's COVIDSafe app.

Shadow Minister for Health Chris Bowen and Shadow Minister for Government Services Bill Shorten have, in turn, called the Morrison government out for spending money on an app that has produced little return.

"The government has spent up to AU$70 million on the COVIDSafe app, (most of it on marketing), for 17 traces," they said. "This is AU$4 million per unique contact."

Facing Senate scrutiny on Thursday afternoon, Digital Transformation Agency (DTA) CEO Randall Brugeaud was asked whether only 17 contacts -- all of those in New South Wales -- is what the agency envisaged for its multimillion-dollar app, with Senators quoting NSW Health Minister Brad Hazzard in saying the app had "not worked as well as we had hoped".

"Of those 17, one related to the case at Mounties that was not previously identified through manual contact tracing; that one case then related to 544 close contacts, and two of those subsequently tested positive to COVID-19," Brugeaud said.

"What the numbers represent is the base that has been reported by the states and territories, but it hides the fact this propagates very broadly … when it comes to the total number of positive cases in Australia that may relate to a significant number of close contacts. Likewise, with a very small number of close contacts that are identified in the app, that could relate to many contacts that are related to that particular case."

In June, it was revealed the DTA knew COVIDSafe had severe flaws, despite sending it out for public use on 26 April 2020. It followed research that showed locked iPhones were practically useless when it came to logging encounters through COVIDSafe.

The DTA said in May that 179 functional tests were conducted for the Apple iOS and Google Android versions of the COVIDSafe App prior to release.

"All tests satisfied the baseline design requirements," the DTA said at the time. "Performance tests were also conducted against the technical requirements."

See also: Even with COVID-19 spread near zero, chief scientist says Australia's systems are ready

Brugeaud on Thursday clarified that 13 updates have been delivered since the app was launched, with "many more to come". A number of those releases included security improvements, he said, with the last release including improvements to security in regards to a specific fix that was identified by the technical community.

He said the DTA has had "many thousands of contacts from the tech community" regarding the app.

"The app is currently working, we are continually improving it," he said in response to being asked about the state of security within the app. "We know the Australian app is good as any app in the world.

"What we're doing is continually monitoring the environment … security is absolutely front of mind and as vulnerabilities emerge, we progressively release improvements to the app. If new vulnerabilities emerge that are high risk, then we will accelerate the implementation of those changes."

He also said the DTA doesn't have access to stats on what version of the app its users have. The COVIDSafe source code on GitHub states the agency does in fact have access to this information, as does the app's Privacy policy.

"How people use the app is strictly controlled when it comes to the privacy that's in the legislation," Brugeaud claimed.

There hasn't been any concern over security breaches, the CEO also clarified.

On integrating QR code functionality into COVIDSafe, like what the NSW government is doing through Service NSW, Brugeaud said the DTA is simply not considering it, again citing the legislation.

"In order to implement a QR code in COVIDSafe is technically simple, we could very easily add a QR code into COVIDSafe, but once we look at the legislation that controls the use of the data that's captured from COVIDSafe, a QR would naturally provide location-based information and the thing that we are absolutely committed to do is to adhere to the legislation," he said.

Brugeaud was asked why the app collected data once it registered a 15-minute interaction, rather than around the five-minute mark. He said the Australian Health Protection Principal Committee sets the parameters of the app as they determine Australia's coronavirus response.

He also said the DTA has been engaged in ongoing dialogue with Apple and Google on working through conflicts between their respective devices and the COVIDSafe app, as well as improvements.

"It is important to note there are significant differences in moving from our current implementation, which is a centralised, sovereign model, to a decentralised model which is more community based," he said.

"The Apple and Google current exposure notification framework has much poorer backward compatibility … in the case of Apple, the Google exposure notification framework only works on two-thirds of Apple phones, COVIDSafe works on 97% of Apple phones."

Brugeaud said if the Australian government was to make that shift to a different framework, it would lose the capacity to provide support to older handsets.

"COVIDSafe works as is written on the label, it supports public health efforts … there is no intention to jettison the current app and start again … our intention is to continue to improve the current app," he said.


Editorial standards