← Government App
C

Service Victoria App

Notable issues
Victorian Government · 🇦🇺 Australia
PolicyApp PermissionsNetwork TrafficFirmwareRegulatory
Technical details
App: Service Victoria
Manufacturer: Victorian Government

The bottom line

Same story as NSW. Victoria Police helped themselves to QR check-in data meant for contact tracing. Every coffee shop visit, gym session, and doctor's appointment — available to police until the public found out and the government rushed through legislation to stop it. The fact they needed a new law tells you the old rules didn't protect you. No smartphone? No entry to the supermarket. Victoria made its government app mandatory during COVID, and people without phones were turned away from essential services. The Ombudsman got complaints from elderly Victorians who couldn't buy groceries because they didn't have the right app. Digital inclusion means nothing when the government makes exclusion the default.

Legal jurisdiction
🇦🇺 Australia (headquarters)
Assistance and Access Act read more →
Govt can force companies to build backdoors in encryption — and gag them from telling you
Metadata Retention read more →
ISPs and telcos must store 2 years of your connection data for law enforcement
Spying
0/4 N/A
Is someone spying on me?
Data Sharing
2/4 MODERATE
Who gets my data?
Security
2/4 MODERATE
Is it actually secure?
Kids at risk
Honesty
2/4 MODERATE
Can I trust what they say?
ACCEPTABLE Moderate concerns. Standard privacy hygiene applies.
3Contradictions
0Critical
2High
1Medium
3Sources
Findings by concern
Data Sharing 2/4 MODERATE 1 finding
⚡ highmarketing vs regulatory
No smartphone? No entry to the supermarket. Victoria made its government app mandatory during COVID, and people without phones were turned away from essential services. The Ombudsman got complaints from elderly Victorians who couldn't buy groceries because they didn't have the right app. Digital inclusion means nothing when the government makes exclusion the default.

What they claim: Service Victoria app promoted as a convenient digital government service

What we found: During COVID-19 lockdowns, the Victorian Government made the Service Victoria app mandatory for entering venues, workplaces, and retail stores. People without smartphones — including elderly, disabled, and homeless Victorians — were denied entry to essential services. The Victorian Ombudsman received complaints about people being turned away from supermarkets.

Security 2/4 MODERATE 2 findings
⚡ highprivacy policy vs regulatory
Same story as NSW. Victoria Police helped themselves to QR check-in data meant for contact tracing. Every coffee shop visit, gym session, and doctor's appointment — available to police until the public found out and the government rushed through legislation to stop it. The fact they needed a new law tells you the old rules didn't protect you.

What they claim: Service Victoria stated QR code check-in data would be used exclusively for contact tracing

What we found: Victoria Police confirmed they had accessed QR code check-in data for criminal investigations in 2021. The Victorian Government later passed the COVID-19 Omnibus (Emergency Measures) and Other Acts Amendment Act to restrict police access — but only after the breaches had occurred and public outrage forced action.

⚫ mediumprivacy policy vs third party research
Service Victoria stores your Working With Children Check alongside your licence and identity documents. One compromised account doesn't just leak your ID — it reveals whether you've been flagged in child safety screening. That's blackmail-grade information sitting behind a single password.

What they claim: Service Victoria handles sensitive credentials including Working With Children Checks

What we found: The app stores Working With Children Check status alongside identity documents. Security researchers noted that a single compromised account exposes not just identity documents but reveals whether a person has been flagged in child safety screening — information that could be used for blackmail, discrimination, or social engineering attacks.

Sources