Security News > 2020 > April > Australian contact-tracing app leaks telling info and increases chances of third-party tracking, say security folks
The design of Australia's COVIDSafe contact-tracing app creates some unintended surveillance opportunities, according to a group of four security pros who unpacked its.
The first-addressed is the decision to change UniqueIDs - the identifier the app shares with other users - once every two hours and for devices to only accept a new UniqueID if the app is running.
The four researchers say this will make it possible for the government to understand if users are running the app.
"The difference between 15 minutes' and two hours' worth of tracking opportunities is substantial. Suppose for example that the person has a home tracking device such as a Google home mini or Amazon Alexa, or even a cheap Bluetooth-enabled IoT device, which records the person's UniqueID at home before they leave. Then consider that if the person goes to a shopping mall or other public space, every device that cooperates with their home device can share the information about where they went."
The authors conclude the app is not an immediate danger to users.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/04/28/covidsafe_analysis/