Key COVIDSafe improvements enhance and protect your privacy

7 September 2020

Key improvements have been made to the COVIDSafe app to better protect the security and privacy of all users.

On 8 May 2020, we released the app’s source code to our GitHub repository. As part of our commitment to transparency, today we’re releasing the COVIDSafe Cryptography Specification. We have worked with government experts, academia, industry specialists and the tech community to make sure the best security and privacy protections possible for all COVIDSafe app users.

Information that COVIDSafe exchanges between devices

One of the ways your data is protected in COVIDSafe is through the temporary identifier (“tempID”) from the COVIDSafe servers. The tempIDs are periodically generated and expire after a certain time. They contain a random unique-identifier. This is used to identify you as an individual user of the app without including any personally identifiable information, such as your phone number, name, postcode or age. This keeps your information safe. The tempID appears completely random to devices that have the COVIDSafe app so they can’t tell who you are. Only the National Data Store can recover, from a particular tempID, which user it was issued to.

How COVIDSafe exchanges my temporary identifier with nearby devices

Whenever you are in range of another COVIDSafe user, your apps perform a “digital handshake” by exchanging information over Bluetooth. This includes your tempID, and information about phone model and Bluetooth signal strength. More recent versions of COVIDSafe include the time each digital handshake occurs as part of the information exchanged. This allows the server to perform better validation checks. It also means the app can run for up to a week without needing an internet connection, which improves its performance. 

When a digital handshake occurs between 2 COVIDSafe users, the information that is exchanged is encrypted so that only the National Data Store can read it. This encryption is like a padlock: anyone can use an open padlock to lock up a box of valuables, but only the trusted person with the key will be able to open it and access what’s inside.

Figure 1: Data sent in the digital handshake is now encrypted, so only the COVIDSafe server can read it. The process is as follows:a)	When there is a handshake with another device, your tempID, phone model, Bluetooth signal strength and timestamp of the handshake is packaged and encrypted using Asymmetric Encryption to keep this data safe.b)	The encrypted package is then sent via Bluetooth to the other device, and vice versa.c)	If you test positive for COVID-19 and consent to uploading your COVIDSafe data, the encrypted packages your device has received within the last 21 days will be sent to the National Data Store.d)	From there, they are decrypted and the data is provided to state or territory health officials to assist them in contact tracing.

Figure 1: data sent in the digital handshake is now encrypted, so only the COVIDSafe server can read it

The encrypted encounter data your phone stores from other users is uploaded to the National Data Store with your consent if you test positive for COVID-19. It cannot be decrypted by unauthorised third parties.

Figure 2: a user’s tempID can only be unencrypted by the server. a)	Let’s say User A and B come in contact with each other.b)	User A’s encrypted tempID is packaged and sent to User B’s device, and vice versa.c)	User B tests positive for COVID-19, and consents to uploading their COVIDSafe data.d)	The encrypted data is sent to the COVIDSafe server (National Data Store) and the server decrypts the tempID to recover which unique identifier it was issued to (User A)

Figure 2: a user’s tempID can only be unencrypted by the server.

Improved privacy protections

The data exchanged in the digital handshake now changes every 7.5 minutes instead of every 2 hours. This is a significant improvement to the privacy of users. It reduces the time COVIDSafe sends the same identifier to other app users by up to 93%.

New protections for COVIDSafe data

Working with subject matter experts in industry and academia, we have improved the COVIDSafe code and design. We have enhanced privacy by adding an additional layer of encryption to the Bluetooth exchange.

We also continue to work closely with government, industry, academia and members of the community – including software developers and researchers – to improve the security, privacy and usability of COVIDSafe. We would like to thank everyone for their feedback and recommendations, which continue to inform the development of the app.

For media enquiries email us at media@dta.gov.au or call 0438 156 883

For other enquiries email us at info@dta.gov.au