If you spot a spelling mistake, grammatical error or inaccuracy please help improve the senate submission by editing this page. Small fixes, over time, add up to huge improvements. Thank-you 💕

Select Committee on COVID-19

Terms of Reference

On 8 April 2020 the Senate established the Select Committee on COVID-19 and referred the following matters to it for inquiry and report on or before 30 June 2022:

• the Australian Government's response to the COVID-19 pandemic; and
• any related matters.

Introduction

To members of the Senate Select Committee on COVID-19. Thank you for the opportunity to participate in this Senate inquiry. Below you will find a submission related to the COVIDSafe application. We are doing seperate submissions on a per-topic basis to optimize for your reading experience.

Members from the https://covidsafe.watch/ community are available to give in-person evidence to future public (or private) hearings by video conference.

We would appreciate a confirmation of the receipt of this submission and welcomes any feedback you may have.

https://covidsafe.watch/ is an online community backed by a team of security researchers, open-source software engineers, community managers and privacy specialists that support the concept of technology based contact tracing.

• We want to see lives saved through the use of this unprecedented technology.
• It is crucial to us that privacy and security issues are addressed promptly and communicated in an inclusive and open manner.
• We believe transparency is essential to achieve both of these goals without compromising either. Compromising privacy risks people’s lives by undermining public trust in the systems built to protect them.
• This can only be achieved by direct collaboration with engineers using transparent open source platforms as done by the UK National Health Service.

It's here! The source code for the COVID-19 BETA Apps.

✅Android: https://t.co/fdCzEcND47
✅iOS: https://t.co/6JNR1PmkHE
✅Documentation: https://t.co/OFGq9lbOfg

— NHSX (@NHSX) May 7, 2020

Experts available for in-person evidence

Geoffrey Huntley

🙌 I'm Geoff, the probono open-source software engineer leading the independent analysis of covidsafe via studying the source code. Software that I maintain is inside Microsoft Visual Studio, GitHub, Atlassian Sourcetree, Amazon Drive, Halo, Slack, is heavily used by the financial services industry and has been installed by other software developers over 21 million times.

Photo licensed under Attribution 4.0 International (CC BY 4.0)

Jim Mussared

I'm a hybrid hardware and software developer, with current professional experience with open-source development and designing/developing BLE-based products for George Robotics. Formerly worked in programming/electronics education at Grok Learning, and before that at Google Australia as a tech lead in the SRE team as well as some time working with the Android team.

My Bluetooth research into contact tracing has received world wide praise. I discovered a Bluetooth security vulrunability (CVE-2020-12856) which requires governments to modify their technological approaches and programs of work.

Photo licensed under Attribution 4.0 International (CC BY 4.0)

Richard Nelson

I'm a professional software engineer of 16 years, 8 of which have been in mobile app development and leadership. I have a strong interest in infosec, and my research into the iPhone application background behaviour identified a coding error as a contributing factor preventing COVIDSafe from working effectively. I discovered a denial of service vulnerability (CVE-2020–12717) in COVIDSafe.

Photo licensed under Attribution 4.0 International (CC BY 4.0)

Contact person(s) for this submission

Technical Expert & Coordinator

Name: Geoffrey Huntley
Email: ghuntley@ghuntley.com
LinkedIn: https://www.linkedin.com/in/geoffreyhuntley

Overview

These reviews were exported on the 22nd of May 2020 from Google Play. The latest data can be programatically accessed via scraping https://play.google.com/store/apps/details?id=au.gov.health.covidsafe&hl=en_AU&showAllReviews=true

Geoffrey Huntley has seen no replies from customer support to app store reviews left by people who have been experiencing troubles downloading, registering and using the COVIDSafe application.

This goes against industry best practices.

And people REALLY think that the app protects them against getting the virus. pic.twitter.com/Ow6lCh5AgQ

— geoffrey huntley (@GeoffreyHuntley) May 3, 2020

Geoffrey Huntley attempted numerous times, in private, to bring this to the attention of the DTA, the minister of Services Australia and the media departments at Health/DTA. When working in the private didn't work, he turned to working in the public with Australian journalists to get this matter resolved.

In private I tried numerous times contacting the DTA, the minister of Services Australia and the media/privacy departments and the Australian Signals Directorate to pickup the phone.

I was not the only researcher who experienced these problems. pic.twitter.com/jHNZcFGWAG

— geoffrey huntley (@GeoffreyHuntley) May 5, 2020

It is still unresolved.

Recommendations

Have an engaged customer support team on social media and on the app stores helping people.

Anyway that's it for now. Pretty much scrolled through all appstore reviews.

Here's what's wrong.

1) Pages and pages and pages and pages and pages and pages and pages and pages and pages of people who can't register.

2) No one is doing customer support. Be more like slack. pic.twitter.com/HukUSu4HdI

— geoffrey huntley (@GeoffreyHuntley) May 3, 2020

Attachments

• 2020-05-22-covidsafe-google-reviews.xlsx
• 2020-05-22-covidsafe-google-reviews.csv
• 2020-05-22-covidsafe-google-reviews.pdf
• 2020-05-22-covidsafe-google-reviews-html.pdf
• 2020-05-22-covidsafe-google-reviews-html.html
• 2020-05-22-covidsafe-google-reviews.zip

Reviews

Appendix - Timeline

Appendix - Google Android Changelog

Appendix - Apple iPhone Changelog