On 8 May 2020, we released the app’s source code to our GitHub repository. As part of our commitment to transparency, today we’re releasing the COVIDSafe Cryptography Specification. We have worked with government experts, academia, industry specialists and the tech community to make sure the best security and privacy protections possible for all COVIDSafe app users.

Information that COVIDSafe exchanges between devices

One of the ways your data is protected in COVIDSafe is through the temporary identifier (“tempID”) from the COVIDSafe servers. The tempIDs are periodically generated and expire after a certain time. They contain a random unique-identifier. This is used to identify you as an individual user of the app without including any personally identifiable information, such as your phone number, name, postcode or age. This keeps your information safe. The tempID appears completely random to devices that have the COVIDSafe app so they can’t tell who you are. Only the National Data Store can recover, from a particular tempID, which user it was issued to.

How COVIDSafe exchanges my temporary identifier with nearby devices

Whenever you are in range of another COVIDSafe user, your apps perform a “digital handshake” by exchanging information over Bluetooth. This includes your tempID, and information about phone model and Bluetooth signal strength. More recent versions of COVIDSafe include the time each digital handshake occurs as part of the information exchanged. This allows the server to perform better validation checks. It also means the app can run for up to a week without needing an internet connection, which improves its performance. 

When a digital handshake occurs between 2 COVIDSafe users, the information that is exchanged is encrypted so that only the National Data Store can read it. This encryption is like a padlock: anyone can use an open padlock to lock up a box of valuables, but only the trusted person with the key will be able to open it and access what’s inside.

Figure 1: data sent in the digital handshake is now encrypted, so only the COVIDSafe server can read it

The encrypted encounter data your phone stores from other users is uploaded to the National Data Store with your consent if you test positive for COVID-19. It cannot be decrypted by unauthorised third parties.

Figure 2: a user’s tempID can only be unencrypted by the server.

Improved privacy protections

The data exchanged in the digital handshake now changes every 7.5 minutes instead of every 2 hours. This is a significant improvement to the privacy of users. It reduces the time COVIDSafe sends the same identifier to other app users by up to 93%.

New protections for COVIDSafe data

Working with subject matter experts in industry and academia, we have improved the COVIDSafe code and design. We have enhanced privacy by adding an additional layer of encryption to the Bluetooth exchange.

We also continue to work closely with government, industry, academia and members of the community – including software developers and researchers – to improve the security, privacy and usability of COVIDSafe. We would like to thank everyone for their feedback and recommendations, which continue to inform the development of the app.