Talk:COVIDSafe

Source code
Is the source code released? If it is not then it is not open source also if the code is derived from OpenTrace then it should be GPL3, but they can can have other deals with Singapore too. --Zache (talk) 09:49, 25 April 2020 (UTC)
 * It was announced that the source code will be released. From early screenshots it seems to be built off OpenTrace, but that can't be confirmed Bravetheif (talk) 01:09, 26 April 2020 (UTC)
 * Do you have a reference/source for this? I agree that the code needs to be made public. This should be done irrespective if forked from GPL3 source or not. Unfortunately I doubt that this will happen and they rather make it 'security by obscurity'. Username1204 (talk) 12:17, 26 April 2020 (UTC)
 * From the Privacy Impact Assessment "source code will be released subject to consultation with the Australian Signals Directorate’s Australian Cyber Security Centre". I may have been wrong about the exact license (I assumed GPL-3 because OpenTrace is GPL-3 and GPL-3 is copyleft), but it will supposedly be open sourced soon. Additionally, when I wrote the article it had been claimed that the source code would be released with the app, something that was later retracted. Bravetheif (talk) 12:52, 26 April 2020 (UTC)

iPhone app size
Is there a definitive source for the size of the iOS app? To get my figure (for both Android and iOS), I used the size listed on the bottom of the app listing, but apparently that is wrong Bravetheif (talk) 12:49, 26 April 2020 (UTC)

Running on AWS
Why is this sentence in the past tense? "Issue was also taken with the fact the backend of the app ran on the Amazon Web Services platform,[...]" To me this implies that the COVIDSafe app no long runs on AWS but, as far as I know, it does. --Andyofmelbourne (talk) 03:50, 27 April 2020 (UTC)
 * Originally wrote it all in past tense because the issues were raised in the past. Have now clarified Bravetheif (talk) 04:06, 27 April 2020 (UTC)
 * Ah, I suppose it was correct, just potentially misleading. I see you also caught the minor grammatical error "mean" --> "means". I think it reads clearly now. --Andyofmelbourne (talk) 05:28, 27 April 2020 (UTC)

U.S. law
"The government has said it will legislate to prevent data from the app being moved offshore, including for requests for data by the US government under laws such as the Patriot Act." https://www.theguardian.com/australia-news/2020/apr/30/covid-safe-app-faq-review-how-to-download-australian-government-covidsafe-tracing-download-install-ios-app-store-iphone-phone-number-google-play-android-australia-coronavirus-tracking versus "The app’s use of AWS has quickly raised eyebrows given the cloud giant is subject to the United States’ Patriot Act and could be compelled to surrender COVIDSafe data despite it being stored on Australian soil" https://www.itnews.com.au/news/australia-launches-covidsafe-contact-tracing-app-547221 —DIV (1.129.109.189 (talk) 14:53, 3 May 2020 (UTC))
 * The legislation has already been passed, it's the Biosecurity Determination 2020. It makes it explicitly illegal to transfer COVIDSafe data offshore or to disclose information to people outside Australia. Whether or not this determination could be enforced should the US decide to use the Patriot Act to collect the data would probably be years of legal battles. Bravetheif (talk) 15:08, 3 May 2020 (UTC)


 * Thanks for the link, Bravetheif. The reports talked about "draft" legislation or planned legislation.  The 'Determination' has a couple of curious phrases:
 * 6(4) "the coronavirus known as COVID‑19" — should strictly say something like "the form of coronavirus virus that causes the disease known as COVID-19", because "coronavirus" is the name of a type of virus that can take on various forms, and "COVID-19" is a disease, rather than a virus.
 * 7(1) " (1) A person must not upload COVID app data [...] except with the consent of the person who has possession or control of the device." — I would have thought that anybody physically holding the device in their hand could be said to have both "possession" and "control" of the device, and someone who hacks into the device could be said to have "control" of the device.
 * —DIV (1.129.108.215 (talk) 05:05, 11 May 2020 (UTC))

Define "contact"
It has been reported that "contact" is defined as "anyone you are within 1.5 metres of for about 15 minutes or more, if they also have the app" https://www.abc.net.au/news/2020-04-26/coronavirus-tracing-app-covidsafe-apple-iphone-covid-19/12187448 and "when two people with the app come one-and-a-half metres of one another for 15 minutes or more" https://www.itnews.com.au/news/australia-launches-covidsafe-contact-tracing-app-547221 Such information might be the same as for BlueTrace; if so, it can be added there too/instead. See also https://www.theguardian.com/australia-news/2020/apr/30/covid-safe-app-faq-review-how-to-download-australian-government-covidsafe-tracing-download-install-ios-app-store-iphone-phone-number-google-play-android-australia-coronavirus-tracking —DIV (1.129.109.189 (talk) 14:50, 3 May 2020 (UTC))
 * The time-frame should be stated in the article.
 * I am doubtful that the "1.5 m" distance is correct — probably a confusion over the 'physical distancing' guideline. May not even be possible to measure to such precision?  https://stackoverflow.com/questions/3624945/how-to-measure-distance-between-two-iphone-devices-using-bluetooth  But would be good for article to confirm relevant distance.
 * Looking through the decompiled android source, I cannot find any business logic that would prevent logging of people based on the period of time with which you were with them (could have missed it though). The only explicit reference to a 15 minute time period I could find was in the BuildConfig.java and BluetoothMonitoringService.java (900,000 milliseconds = 15 minutes). Both these values are related to the health check. Looking through OpenTrace, whose codebase this is almost identical to, it appears health check is a general housekeeping function ensuring the app is working correctly. Looking through the whitepaper, I believe the 15 minute figure came from the fact the TempIDs have a 15 minute life and the app switches between advertising and listening at a rate slightly higher than that. Thus it would take, at worst, 15 minutes of contact to guarantee a logged encounter. Whatever it is, I'm fairly certain the figures are just simplified numbers given to the public to explain the app's behaviour and avoid getting into detail about the protocol and confusing people. Bravetheif (talk) 15:43, 3 May 2020 (UTC)
 * Confirmed in the public hearing yesterday, the 15 minute timeframe and 1.5 meter filtering is done by the central reporting server. The app itself indiscriminately collects all users in proximity. Official government press releases do not claim different, but many news sources appear to have incorrectly interpreted the somewhat ambiguous language of hte government. The article has been updated to reflect that Bravetheif (talk) 16:43, 7 May 2020 (UTC)


 * Thanks for the in-depth research, Bravetheif. Simplification for the purpose of 'public service announcements' is reasonable, but I'm glad the article here will be more accurate.  —DIV (1.129.108.215 (talk) 04:43, 11 May 2020 (UTC))

A Commons file used on this page or its Wikidata item has been nominated for deletion
The following Wikimedia Commons file used on this page or its Wikidata item has been nominated for deletion: Participate in the deletion discussion at the. —Community Tech bot (talk) 02:52, 12 May 2020 (UTC)
 * COVIDSafe screenshot.jpg

Protocols in use
In the information panel, it says that COVIDSafe uses Bluetrace and ENF. The app does in-fact not use ENF (as this article later says) and the source cited states that there may be plans to incorporate it in the future (May 2020).

Looking at the source code, COVIDSafe has incorporated the Herald protocol from VMWare - which has lead to battery drain issues (as cited on GitHub).

Herald information: https://vmware.github.io/herald/ JCookie20001 (talk) 10:45, 17 February 2021 (UTC)

Relevance of Coronavirus Australia mention in the introduction
The introduction concludes with the sentence

Is this relevant to a reader's understanding of the app and article, to the point it should be mentioned in the introduction? ExoticViolet (talk) 02:39, 1 April 2021 (UTC)


 * Noting the lack of input since I posted this, and the fact the Coronavirus Australia is mentioned in the History section, I will remove the sentence.
 * I do not believe the sentence is relevant to a reader's understanding of the topic. The history of the COVIDSafe app, including the Coronavirus Australia app and intial question of whether the functionality would be incorporated into that app, are sufficiently covered in the History section. ExoticViolet (talk) 18:51, 24 April 2021 (UTC)
 * The sentence was added because people were confusing the two, even with the distinguish at the top. Bravetheif (talk) 13:17, 25 April 2021 (UTC)

A Commons file used on this page or its Wikidata item has been nominated for speedy deletion
The following Wikimedia Commons file used on this page or its Wikidata item has been nominated for speedy deletion: You can see the reason for deletion at the file description page linked above. —Community Tech bot (talk) 12:52, 29 March 2022 (UTC)
 * COVIDSafe Screenshot.jpg