Technology behind COVIDSafe
COVIDSafe was initially built using the BlueTrace protocol. The Digital Transformation Agency (DTA) worked with Department of Health to build the app and release it on April 2020. In a major update in December 2020, we integrated the Herald Protocol into COVIDSafe to make significant improvements to the Bluetooth tracing capabilities and performance of the app.
The DTA released the source code for the COVIDSafe app to the public on 8 May 2020. Any member of the public can view the source code, which is hosted in a GitHub repository.
We invite you to send comments and other information through the feedback channels in the GitHub repository. If you identify a vulnerability or risk, please report them through the secure channel.
In some instances, the DTA may contact you to gain a deeper understanding about the issues you've raised.
COVIDSafe is a system
COVIDSafe consists of:
- the COVIDSafe app that users have installed on their mobile device
- the Health Portal that state and territory health officials (contact tracers) use to identify close contacts
- the National COVIDSafe Data Store where information collected or generated through the use of COVIDSafe is stored securely
Encounter data is only uploaded from your phone to the Data Store with your consent after a discussion with a health official.
Improvements made to one part of the system improve the entire system, meaning contact tracers are better able to use COVIDSafe to identify close contacts.
How the app works
Once users have downloaded, installed and confirmed that COVIDSafe is active with the right settings, the user’s device will start using Bluetooth® technology to look for other devices with COVIDSafe installed.
Terms commonly used to explain how the app works:
TempID (encrypted code)
One of the ways your data is protected in COVIDSafe is through the temporary identifier (tempID) from the COVIDSafe servers. The tempIDs are periodically generated and expire after a certain time. They contain a random unique identifier. This is used to identify you as an individual user of the app without including any personally identifiable information like your phone number, name, postcode or age. This keeps your information safe.
The tempID appears completely random to devices that have the COVIDSafe app so they can’t tell who you are. Only the National Data Store can match a particular tempID to say which user it was issued to.
Read more on the Temporary identifiers section of the COVIDSafe Cryptography Specification.
Whenever you are in Bluetooth range of another COVIDSafe user, your apps perform a 'digital handshake' by exchanging information over Bluetooth. This includes your tempID, information about phone model and Bluetooth signal strength.
When a digital handshake occurs between 2 COVIDSafe users, the information that is exchanged is encrypted, so that only the National Data Store can read it. This encryption is like a padlock: anyone can use an open padlock to lock up a box of valuables, but only the trusted person with the key will be able to open it and access what’s inside. The encrypted encounter data is deleted from your phone after 21 days.
The probability of the devices being within 1.5m of each other is calculated using RSSI (Received Signal Strength Indicator) and Tx Power (Transmission Power). RSSI or Bluetooth signal strength is used to determine proximity to a close contact.
An encounter is a series of Bluetooth handshakes between two devices running the COVIDSafe App. Health officials use encounters to determine if a user’s period of close contact with a COVIDSafe user who tested positive may require further advice on isolation or testing.
Using the Health Portal to assist in contact tracing
If a user tests positive for COVID-19, a state or territory health official will contact the person and will ask if they have the COVIDSafe app. If the user has the app, the health official will seek their consent to voluntarily upload digital handshake information to the National COVIDSafe Data Store. The health official will give the user a unique PIN for this upload.
Once the data upload process is complete, the health official will be able to use the Health Portal to identify people who may have had an encounter with the user. Uploading the information is a crucial part of alerting others who may be at risk, and could save lives.
A Close contact is highlighted to a health official using the Health Portal when:
- a COVIDSafe user has come into contact with another COVIDSafe user
- there is a sequence of encounters (Bluetooth handshakes lasting longer than 15 minutes from first to the last handshake)
- at least one of those handshakes has a medium or high probability of contact within 1.5 metres. This is calculated using the RSSI (Received Signal Strength Indicator) and Tx Power (Transmission Power) to determine the probable distance and duration of each handshake.
A health official will contact the person identified as a close contact in accordance with state or territory health authority procedures.
Integration of Herald Bluetooth Protocol for COVIDSafe 2.0
Date of release: December 2020
A new Bluetooth protocol called Herald improves the Bluetooth performance in COVIDSafe when in background mode on iOS devices. Background mode means the app is not the focus on the screen of your device. Herald allowed for the current COVIDSafe operating model to be maintained which has been designed and optimised to align with sovereign contact tracing processes.
The Herald Protocol is a VMware-founded open source project and part of on-going contributions towards the Linux Foundation Public Health initiative which aims to use open source technologies to help public health authorities across the world combat COVID-19 and future epidemics.
Results from testing indicate that Herald offers a significant increase in Bluetooth performance. Compared to previous versions of COVIDSafe, Herald provides:
- an increase in Bluetooth performance while in the background leading to more encounters captured between devices
- better accuracy identifying close contacts during a 15-minute window for both iOS and Android
- low battery usage – 1% to 2% per hour on average, depending on the age of the phone and its battery capacity
We will continue to monitor Herald’s performance and use what we learn to further improve the app. We will also continue to consider recommendations from the technology community on how to improve COVIDSafe.
The technical implementation of Herald does not change the architecture of COVIDSafe:
- The COVIDSafe app collects and uses the same user registration data with Herald as it does on previous versions of the app.
- COVIDSafe’s existing handshake data remains unchanged (the data package that is shared within the COVIDSafe system).
- End-to-end encryption that secures your data remains unchanged.
- The National COVIDSafe Data Store and Health Portal stay the same.
- From a user’s perspective, the implementation of Herald is done through a version update of their current COVIDSafe app. There are no major changes to how users interact with the interface.
We adapted the Herald protocol to communicate with the BlueTrace protocol so that users on older versions of the app can record encounters with the Herald-enabled version.
Techniques used to improve Bluetooth performance
Herald introduces new techniques that improves COVIDSafe’s performance in capturing close contacts.
Technique 1: Data sharing (calling card)
Herald can use nearby Android devices to transfer data between iOS devices that have the app in background. iOS devices that have the app in a background state will always connect with an Android device but may not always see iOS devices that also have the app in background.
Android devices can share data they have recently received from iOS devices in background mode with other iOS devices in background mode that cannot see each other. This ensures close contacts are recorded by all users who are near each other.
The data exchanged remains encrypted and secure. The data will only be available for viewing by health officials once it is uploaded to the National COVIDSafe Data Store.
Technique 2: Enhanced Received Signal Strength Indicator (RSSI) exchange
COVIDSafe currently uses RSSI to estimate the distance between users. This happens once per digital handshake. In contrast, Herald regularly captures RSSI data while users are near each other. COVIDSafe can use this data to better estimate the closeness of users and improve the efficacy of determining a close contact encounter.
The continuous RSSI data exchange also keeps the app active on an iOS device for longer. It helps improve iOS Bluetooth performance when the app is in a background state.
Technique 3: Requesting iOS Location Permissions
Herald improves the app’s performance by asking a device to let it know when location services have been activated on iOS devices. This notification itself wakes the app up when in background and improves its ability to capture digital handshakes. When the app wakes up on one iOS device, it will wake up other iOS devices nearby. As with all previous releases of COVIDSafe, the Herald-enabled version of COVIDSafe will not capture or record any location data.
This technique is very effective because location services are regularly activated whenever a user turns on their device’s screen. Research suggests smartphone users will do this every 10 to 15 minutes.
Users must grant permission for COVIDSafe to access location services on their device to use this technique.
Similar to Android, COVIDSafe on iOS will not capture or record location or GPS data.
Security and Privacy
Strengthening the security of the application and protecting the privacy of Australians is paramount.
We would like to thank the members of the technology community, including software developers and researchers, who have worked with us in addressing security and privacy issues.
As part of our commitment to transparency, we also released the COVIDSafe Cryptography Specification. We have worked with government experts, academia, industry specialists and the technology community to make sure the best security and privacy protections possible for all COVIDSafe app users.
Read the COVIDSafe Application Privacy Impact Assessment (PIA).
Read the information on technical cyber security advice from Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC).
Ongoing enhancements and improvements
Since COVIDSafe’s launch, the DTA has made iterative enhancements to the app and the Health Portal to improve the system’s performance, functionality, accessibility, privacy and security.
The project team working on COVIDSafe identifies potential improvements to the app and the portal through:
- consultation with state and federal health agencies
- ongoing testing
- support tickets
- feedback from the technology community
- app reviews
- user research
- academic and industry research
The improvements are then prioritised, actioned and implemented every 2 weeks, but may take longer depending on the complexity of the change.
Usability and Accessibility
We would like as many Australians as possible to choose to download and use COVIDSafe. COVIDSafe supports a wide range of people to use the app, regardless of ability or environment.
In past releases, we addressed accessibility issues including:
- VoiceOver and TalkBack functionality
- improved recognition of buttons, headings and checkboxes
- content updates to make registration easier and explain the upload process better
- more intuitive descriptions of fields within the app
- improved recognition of back arrows and other buttons
- landscape orientation for screens
- improved the order of registration questions
- increased the size of button text to improve readability
- improved contrast between the text and background, making it easier for people to read
- support for 9 frequently spoken languages other than English within Australia
- translated the COVIDSafe user guide into 63 languages
The app now supports 98 percent of Android users (5.1 and above) and 95 percent of iPhone users (iOS 10 and above).
In July 2020, Vision Australia determined that the COVIDSafe app and associated website has satisfied Level A and Level AA success criteria of Web Content Accessibility Guidelines (WCAG) 2.1 specification.
Adapting to changes on Android
Android Location Permissions
COVIDSafe has been built with security and privacy by design. COVIDSafe does not use or track a user’s location.
The activation of Location Services and Bluetooth Services are bundled together by Google and, as a result, a permission request is presented to a user to activate Location Services when they provide Bluetooth permissions. This applies to COVIDSafe, even though it does not use Bluetooth to gather any sort of location and the Location Services feature on Android devices is not used.
COVIDSafe users with an Android device can have confidence that their privacy is protected and no location data is being collected and should grant location permissions for Bluetooth to work on the COVIDSafe app.
Google API 29 compatibility
COVIDSafe needs to remain compatible with Google’s app development requirements. To do this, COVIDSafe now targets API 29 of Google’s software development kit. These Android changes will bring security and performance improvements, in addition to enhancing the overall user experience.
COVIDSafe notifications make sure your app is working effectively and help you address technical issues, quickly and easily. The notifications will alert you when your Bluetooth is turned off, or if a battery optimisation setting on your device is preventing the app from working effectively.
The notifications will guide you through a simple troubleshooting process to resolve technical issues. You will also receive a reminder to update the app when a new version is available.
Read the guide on notifications sent from COVIDSafe.
- 5 May 2020 – Update 1: Interface improvements, rebrand and source code
- 14 May 2020 – Update 2: Push notifications reminding users to keep COVIDSafe running became operational
- 26 May 2020 – Update 3: Bluetooth improvements based on Singaporean and UK source code changes, Bluetooth security and malicious beacon fix and push notifications
- 5 June 2020 – Update 4: End-to-end encryption, strengthening privacy and enhanced accessibility
- 12 June 2020 – Update 5: Backwards compatibility increased, international App stores access and accessibility enhancements
- 19 June 2020 – Update 6: Norfolk Island and international phone numbers able to register, fixes to a temporary ID bug on iOS devices, permissions and enhanced accessibility
- 3 July 2020 – Update 7: Mandarin, Cantonese, Vietnamese, Arabic and Korean languages added, and enhanced accessibility
- 21 July 2020 – Update 8: Greek and Italian languages added, enhanced accessibility, and improved notifications and security
- 3 - 5 August 2020 – Update 9: Enhanced accessibility, Bluetooth, privacy and improved notifications
- 14 - 22 August 2020 – Update 10: Turkish and Punjabi languages added, privacy enhancements and improved troubleshooting notifications
- 10 - 18 September 2020 – Update 11: National, State and Territory cases statistics included in the App
- 25 September 2020 – Update 12: Improved functionality for the registration process for users
- 13 - 23 October 2020 – Update 13: Assistance notifications to help users make sure their app is running
- 10 November 2020 – Update 14: Improvements to registration and performance
- 19 December 2020 – Update 15: Integration of Herald Bluetooth Protocol