The Australian government has been urged to follow the footsteps of the UK and ditch its contact tracing app in favour of the model provided by Apple and Google, which has already been adopted by several countries around the world.
The federal government’s contact tracing app, COVIDSafe, was launched two months ago, but is understood to have not yet identified a new close contact anywhere in the country. It uses a centralised model for contact tracing, with close contacts between users stored locally on devices and then uploaded to a national database if a user later tests positive for the virus.
This data is then sent to state and territory health authorities to examine and then conduct manual contact tracing, notifying individuals who need to quarantine or get tested.
Tech giants Apple and Google have teamed up to offer an alternative model, with a decentralised framework embedded within Android and iOS devices. This was rolled out in recent weeks, and now appears in the settings of newly updated devices.
To work, the function needs to be integrated with compatible contact tracing apps run by governments. But the tech giants require a decentralised model, with all contact information remaining on devices, and notifications issued through the app if a user has been near someone with COVID-19.
There are growing calls for COVIDSafe to be fundamentally altered so it can use the Google and Apple framework as this would improve functionality, reduce strain on batteries, lead to cross-border compatibility and limit the number of flaws and bugs found in the service.
But the Australian government is sticking by COVIDSafe, saying it is “leading the world” and comparisons can’t be made to other countries as it has already been rolled out and updated across the last two months.
The UK government recently announced that it was ditching its contact tracing app in development in favour of the Google and Apple framework. The app had so far only been trialled once on the Isle of White, and encountered severe performance issues on iPhones.
This is something that has also plagued the Australian app, especially upon launch, with recently released testing data revealing that upon launch, COVIDSafe logged encounters 25 per cent or less between locked iPhones. After a series of updates and improvements, this figure is now between 25 to 50 per cent.
In the UK, the contact tracing app registered contacts between only 4 per cent of iPhones. In contrast, the Google and Apple model registered 99 per cent of all contacts.
The UK government has now pivoted its approach to meet Google and Apple’s guidelines, and is not expected to roll out the service for several months.
Other countries have also opted for the tech giants’ framework and have begun to release the apps to the public, including Germany, France and Canada.
Singapore became the first country to outright say it would not be using the Apple and Google framework, saying it would be “less effective” than its existing TraceTogether app, which COVIDSafe is based on.
The Australian government is still working with Apple and Google to “understand and test the Exposure Notification Framework to see how it can be applied in Australia”, with testing “ongoing”.
The Digital Transformation Agency had earlier claimed that Australia would be “one of the first adopters” of the framework in the world.
Australia should take the UK’s lead and ditch the centralised model for digital contact tracing in favour of the Google and Apple option, Thinking Cybersecurity chief executive Vanessa Teague said.
“There are pros and cons in both directions but the huge privacy benefit is that it doesn’t gather a centralised database of who has been near who whenever someone gets infected,” Professor Teague told InnovationAus.
“The main advantage is that it doesn’t build that centralised database when a person tests positive. Instead of uploading to a central database the list of everyone they’ve been near, the notification gets done in a completely distributed way on peoples’ phones, and there’s no centralised repository of information of who’s been close to who.
“It’s not perfect and there are certainly still privacy implications, but there are huge advantages compared to the completely centralised model.”
COVIDSafe is working as intended, with more than 6.4 million downloads, a spokesperson for government services minister Stuart Robert said.
“Australia is leading the world with our COVIDSafe health app and has been talking with over 20 countries to discuss its development and use,” the spokesperson told InnovationAus.
“It is important to note in making comparisons that Australia’s COVIDSafe health app is at a very different stage in its development and the DTA have iteratively made a number of updates that have improved the performance and security of the app,” the spokesperson said.
“The Australian community can have confidence it is working securely and effectively, despite the lack of community transmission of COVID-19.”
Software developer Geoffrey Huntley, who has been scrutinising the COVIDSafe code since it was launched with a team of researchers who have identified several bugs in it, said adopting the Google and Apple model would help with contact tracing across borders once international travel is back, and improve the functionality of the service.
“Migrating to the Google and Apple protocol is highly recommended because it is more effective from a protocol perspective, uses less battery, and in the case of iPhones, works when in the background,” Mr Huntley told InnovationAus.
“Moving to the Google and Apple standard means that COVIDSafe would continue to work even if an iPhone was to terminate the app in the background. My concern is that the design of COVIDSafe necessarily depends on using Bluetooth in a way that it was not designed to, namely connecting to any untrusted device that happens to be in range.
“This issue was a consequence of not using the Apple and Google Exposure Notification API. If that had been used instead, we’d have a more functional, more reliable and more secure and trustworthy app.”
A significant reworking of COVIDSafe is required for it to be compatible with Apple and Google’s approach, Professor Teague said.
“It’d be like keeping a paint job on a car but replacing the engine. They can keep the splash screen but they’d need to be replacing all of the underlying parts,” she said.
“But then they wouldn’t have to keep fixing up the bugs, they could throw out what they’ve done and then do a lot less from there.”