← Government App
C

COVIDSafe App

Notable issues
Australian Government · 🇦🇺 Australia
PolicyApp PermissionsNetwork TrafficFirmwareRegulatory
Technical details
App: COVIDSafe
Manufacturer: Australian Government (DTA)

The bottom line

$9.1 million for an app that found 2 contacts that manual tracers hadn't already found. Two. The Prime Minister called it "the ticket to a COVID-safe Australia." 7.9 million Australians downloaded it. It was the most expensive way to find two phone numbers in Australian history. The law said delete everything when the pandemic ends. The app was killed in August 2022. Months later, the government still could not confirm the data was actually gone. FOI requests were denied. The intelligence oversight body was never given access to check. "Trust us, we deleted it" is not deletion.

Legal jurisdiction
🇦🇺 Australia (headquarters)
Assistance and Access Act read more →
Govt can force companies to build backdoors in encryption — and gag them from telling you
Metadata Retention read more →
ISPs and telcos must store 2 years of your connection data for law enforcement
Spying
0/4 N/A
Is someone spying on me?
Data Sharing
2/4 MODERATE
Who gets my data?
Security
0/4 N/A
Is it actually secure?
Honesty
1/4 LOW
Can I trust what they say?
ACCEPTABLE Moderate concerns. Standard privacy hygiene applies.
4Contradictions
0Critical
3High
1Medium
4Sources
Findings by concern
Data Sharing 2/4 MODERATE 3 findings
⚡ highprivacy policy vs regulatory
The law said delete everything when the pandemic ends. The app was killed in August 2022. Months later, the government still could not confirm the data was actually gone. FOI requests were denied. The intelligence oversight body was never given access to check. "Trust us, we deleted it" is not deletion.

What they claim: COVIDSafe legislation required all data to be stored on Australian servers and deleted when the pandemic was declared over

What we found: After the app was decommissioned in August 2022, the government took months to confirm that all data had been deleted from the National COVIDSafe Data Store hosted on AWS. The Inspector-General of Intelligence and Security was never given oversight of the data store. Freedom of Information requests about deletion timelines were denied on "operational" grounds.

⚡ highmarketing vs third party research
Half of Australian smartphones are iPhones. The government knew within weeks that COVIDSafe was broken on every single one of them — it could not scan Bluetooth in the background. They kept running ads telling people to download it. Millions of iPhone users walked around thinking they were protected. They were carrying a placebo.

What they claim: Government urged all Australians to download COVIDSafe, saying "the more people who download it, the safer we all are"

What we found: The app was fundamentally broken on iPhones. Apple's iOS restrictions prevented Bluetooth scanning when the app was in the background, meaning the app only worked on iPhones when it was open and the screen was on. The government knew this within weeks of launch but continued promoting the app without disclosing the limitation.

⚫ mediummarketing vs third party research
The government said your contact tracing data would stay under Australian law. They stored it on Amazon's servers. Amazon is an American company subject to the CLOUD Act — which means a US court can order Amazon to hand over data regardless of where the server sits. "Under Australian law" meant "on an American company's hardware."

What they claim: COVIDSafe was promoted as keeping data secure "under Australian law" with data sovereignty protections

What we found: The National COVIDSafe Data Store was hosted on Amazon Web Services (AWS). While AWS has Australian data centres, Amazon is subject to US law including the CLOUD Act, which allows US authorities to compel access to data stored by US companies regardless of where the servers are located. Legal experts warned this created a sovereignty gap.

Honesty 1/4 LOW 1 finding
⚡ highmarketing vs regulatory
$9.1 million for an app that found 2 contacts that manual tracers hadn't already found. Two. The Prime Minister called it "the ticket to a COVID-safe Australia." 7.9 million Australians downloaded it. It was the most expensive way to find two phone numbers in Australian history.

What they claim: Prime Minister Scott Morrison said COVIDSafe was "the ticket to a COVID-safe Australia" and urged all Australians to download it

What we found: Senate Estimates revealed COVIDSafe identified only 2 close contacts nationally that were not already found by manual contact tracers. The app cost $9.1 million to develop and was downloaded 7.9 million times. A University of Melbourne study found the Bluetooth technology was unreliable on iPhones when the app was in the background.

Sources