What you should know about CovidSafe app and the claim “Your identity is safeguarded.”

What you should know about CovidSafe app and the claim “Your identity is safeguarded.”

Mo Hamdouna

Mo Hamdouna

27 Apr 2020 | 4 min read

The government’s new COVIDSafe app has finally been released, with an incredible 1 million downloads in 4 hours upon launch.

The downloads were way ahead of expectations, with Health Minister Greg Hunt saying ‘The numbers in the first five hours, had exceeded those that were expected in the first 5 days’.

At the same time, the app has amassed over 700 1-Star ratings in the iOS store. Many users took it to social media complaining that they couldn’t even register once they have downloaded the app, as it wouldn’t recognise their phone number. If the app did recognise your number, the verification pin was not sent.

Whilst there is some ongoing functionality issues, what interests many is the promise that all data generated by the app is encrypted and protected.

As an agency with extensive app development experience, we thought we’d investigate the app to see how it works. Although the source code has not been released, the Department of Health has agreed to share it with the public in two weeks for better transparency.

Allowing independent analysis of COVIDSafe is a smart decision, that will hopefully give the public more assurance of its privacy protection.

COVIDSafe works by using your Bluetooth signal to track all the devices which come into proximity with your device that also have the app installed.


As explained by the Government Services Minister Stuart Robert, “Users should have the app running in the background when they are coming into contact with others. Your phone does not need to be unlocked for the app to work. It then securely makes a ‘digital handshake’, which notes the date and time, distance and duration of the contact. All information collected by the app is securely encrypted and stored in the app on the user’s phone. No one, not even the user, can access it.”

Our in-house developers had a quick preliminary look at the app and here are our key takeaways: 


  • The Android app is built using Kotin and standard building blocks. iOs is written in Swift. So both are native apps.


  • The app requires you to have your Bluetooth on at all times to work. This may cause some serious battery drainage. 


  • Your broadcasted Bluetooth uses a unique code and not your device’s name. 


  • App data is stored encrypted locally in your phone and can’t be accessed by other apps.


  • All data transmitted to AWS will require user consent. The verification is done via a code sent to your mobile number.


  • App data is only stored for 21 days, then is automatically deleted.


  • It doesn’t require a connection to a mobile network or internet to work.


  • To date, there is no analytical tracking code installed. 


  • Signing up for COVIDSafe is completely voluntary. 



In summary, the COVIDSafe app seems to be very transparent. Sensitive data like your location and real name will not be stored or captured. Considering the number of social apps we use with full access and permissions, COVIDSafe isn’t asking for much. Its main purpose is to give our health workers a clearer picture of the coronavirus spread, making it far easier to track infected people and those they interact with.

The uptake for the app has already shown many Australians are willing to participate in some tracking for the greater good. With this is in mind, the app is worth downloading to continue keeping our community safe against the pandemic and help us all move forward, back to normal life.

In the end, it is your decision to download COVIDSafe and if you decide to delete it later, that is completely within your right.