You are using an older browser version. Please use a supported version for the best MSN experience.

COVIDSafe coronavirus contact-tracing app faces software bugs and lingering iPhone issues

ABC Health logo ABC Health 30/04/2020 By technology reporter Ariel Bogle
a laptop computer sitting on top of a keyboard: Almost one week on, millions of Australians have downloaded COVIDSafe but technology experts hope some bugs will be fixed. (Solua Middleton) © Provided by ABC Health Almost one week on, millions of Australians have downloaded COVIDSafe but technology experts hope some bugs will be fixed. (Solua Middleton)

More than 3 million Australians have downloaded COVIDSafe, but concerns remain about the performance of the Federal Government's coronavirus contact-tracing app on iPhone and other software bugs.

The app, which aims to speed up the process of identifying those who may have been exposed to COVID-19, uses Bluetooth to record encrypted IDs from nearby devices that also have the app.

Almost one week since launch, the Government is yet to release its source code, but that has not stopped software specialists from dissecting it.

The industry consensus so far suggests the app works largely as described — it does not collect your GPS location and deletes all information held on the app older than 21 days — but that some of its design could be improved.

"Given the timeframes they pulled this off in, it's quite a good initial release," said Jessica Glenn, executive chair of technology firm QTE.am, which has analysed the app.

"There are some bugs, but that's inherent in all software. I imagine we'll see many of them resolved in the next update."

The Government did not comment when asked for details on the timeframe for the first COVIDSafe software update.

iPhone issues remain

Whether COVIDSafe performs effectively on iPhone remains a key issue.

The software works best when the iPhone is unlocked and the app is open on the screen, according to the Digital Transformation Agency (DTA), which oversees the project.

A DTA spokesperson admitted there were limitations to Bluetooth functionality when an app was running in the background on an iPhone.

"When [an app] is running in the background, there may be some variability in the digital handshakes on iOS devices," he said, or its ability to exchange signals with other apps on iOS.

An app is foregrounded when the phone is unlocked and the app is open on the screen, according to the DTA. The background refers to when you switch from using the app to another app or when the phone is locked.

This technical limitation could affect the app's ability to pick up close contacts, and so reduce its usefulness to the contact-tracing process as Australia relaxes lockdown measures.

During testing, Ms Glenn said her team found "mixed" performance on iPhones when the app was in the background — or running but not the app that was in view.

Apple's iOS typically prevent third-party apps from running in the background and broadcasting Bluetooth signals — a security rule that meant Singapore's TraceTogether app, on which COVIDSafe is modelled, also worked best on an unlocked iPhone.

Apple and Google are building their own contact-tracing approach, and the DTA said it would determine if that capability could "enhance the performance of COVIDSafe".

Difficulty signing up

Open-source engineer Geoffrey Huntley has taken a close look at the Android version of the COVIDSafe app.

He found an accessibility issue when people first start entering their details into the app.

When trying to sign up, some people may see an error message that suggests their mobile number is invalid. In some instances, this can be fixed by turning off the Wi-Fi and instead using the mobile network for initial set-up.

The app will also try to send a verification code via SMS. That process cannot take place over Wi-Fi if you're with mobile network operators like Telstra that don't allow Wi-Fi SMS, as Gizmodo also reported.

That means the app isn't easily accessed by those without reliable mobile reception — in rural areas, for example.

"If the Government is going to try and get people on board … this is an outstanding [issue] that has been open now for four days," Mr Huntley said. "It needs resolving."

A Telstra spokesperson said it is planning to introduce a SMS over Wi-Fi capability into the network, and will work with the Government "on alternative methods for the COVIDSafe app to send an authentication code".

While it investigates the issue, the DTA advised impacted users to register on the app over mobile network the next time they are in a coverage area. "This might be when they travel into town to purchase groceries or supplies," a spokesperson said.

There are also obstacles for those who are from overseas, or who may be using numbers and devices purchased in other countries.

The app only allows numbers with a +61 country code to register. Likewise, both the Android and iOS app can only be downloaded from their respective app stores with an Australian account, which means tourists and immigrant workers may not be able to use the app.

"It's not as simple as switching between the different stores," Mr Huntley said. "You can't do that unless you cancel all of your subscriptions on your UK account, like Spotify … it's a major hindrance."

A DTA spokesperson said it was aware of the issue. "We are exploring options to make sure as many Australians as possible can download and use COVIDSafe," he said.

The app is also not available on smartphones with older operating systems due to security and Bluetooth limitations, according to the DTA. For Android, you need Android 6.0 or higher. For iOS, you need iOS 10 or higher.

How to report a bug

While software engineers are pouring over COVIDSafe, the Government has not publicised a way for the software bugs and vulnerabilities they find to be reported and addressed — a common practice in the technology industry.

"I would love if there was an easy reporting mechanism … and an official bug bounty program would be very wise," Ms Glenn said, referring to the process by which companies pay those who identify serious vulnerabilities in their software.

Mr Huntley has also tried to report the bugs he has found to the Government. "I have not found a direct engineer-to-engineer contact," he said.

The DTA now says bugs can be reported via the app's "Report an Issue" functionality or by emailing .

Public understanding of how the app operates is also evolving as the app is more closely scrutinised.

While initial reporting and government explanations of the app suggested it only collected IDs from phones with COVIDSafe within 1.5 metres for more than 15 minutes, it in fact collects IDs from all phones within Bluetooth range — a practice some have called "excessive".

If you're diagnosed with COVID-19 and consent, that data will be shared with a central server and then "interpreted by an algorithm to provide state health officials information only about close contacts".

As the ABC previously reported, the app also collects the model of phones it has encountered.

"Because mobile phone device models are different in Bluetooth strength and how they operate, all contacts within Bluetooth range are noted on the user's device," a DTA spokesperson said.

"The phone model data is not used as part of the contact-tracing process."

image beaconimage beaconimage beacon