
Aussie contact-tracing app sent no data and is in breach of privacy policy - ghuntley
https://www.theregister.co.uk/2020/05/07/covidsafe_australia_contact_tracing_app_issues/
======
ghuntley
Geoff here. See
[https://twitter.com/GeoffreyHuntley/status/12581744339796254...](https://twitter.com/GeoffreyHuntley/status/1258174433979625474?s=19)
for more information. We are putting together our findings for the Australian
senate as a group.

See [https://covidsafe.watch/](https://covidsafe.watch/)

We need webdevs to send PRs and help out. Jump in discord. ️

~~~
Juno321
Correct me if I am reading it wrong, but doesn't the Android source code for
COVIDSafe collect and transmit the device ID (Settings.Secure.ANDROID_ID) as
part of the registration info when you register? COVIDSafe supports Android
6.0+, but it wasn't until Android 8.0 that Android made this field unique to
each combination of app-signing key, user, and device (rather than simply an
unanonymized device ID). Device ID isn't mentioned in their privacy policy, so
it would be a breach of their privacy policy, right? It would enable them to
track your device, in addition to knowing your phone number, name, postcode,
age range etc. You can change your phone number, but you can't change your
device ID unless perhaps by doing a factory reset of the phone or buying a new
phone that uses Android 8.0+.

