Discusses the possible threats to the privacy of a user data, location and activities from the use of the CovidSafe app.

Home, - Discusses the possible threats to the privacy of a user data

Question - Discusses the possible threats to the privacy of a user data, location and activities from the use of the CovidSafe app.

Answer - Privacy threats with COVIDsafe application

Some of the privacy concerns associated with the COVIDsafe application in related to the usage by the private sector as well as Australian government (Shibuya, 2020).

Privacy concern by Australian government

Function creep

The function creep normally refers to the information employed for the purposes which are not for carry out specific task. The concern may emerge in related to the function creep as the information were used for the law enforcement but the Biosecurity act 2015 has prohibited this kind of activity. And also the laws persist has delivered that this action will be considered as the offences because the data collected by this application will be used for other purposes other than the tracing (Bradford, 2020).


The major concern emerges while tracking the people and thus this type of concerns can be minimized by not using the GPS. The large number of users performs the data alteration while transferring the data (Leicht, 2019).

Privacy professionals

Even though the COVIDsafe app does not seems to protect privacy of Australians but it is fairly accepted by the privacy professionals. The Australian government has released the source code for the public inspection purposes and thus it paves the way for several attackers. Thus the intruder will attempt in copying of the source code and generates serious of concerns to the user data (Alnemari, 2019).

Replay attack

The goal of the intruders is to enforce the users to reserve the misleading contact data and it will results in the false positives. It is the simplest attack and can be made against the users of this application. The adversary may attempts to capture this advertised data by the user and suddenly passes the captured message at same location and thus extending the message range. The replay message has the valid ID such as TempID and it has the very short expiry time in the centralised systems. Thus the centralized model of this application can make the attacker to make the attack on this developed system.

Location confirmation

The attacker aim is to discover the user presence in the known location such as neighbourhood and it is possible by the usage of this attack. The BLE advertisements and data contained in exchange of the messages in centralised architecture will be employed to confirm the location of the user (Samuel, 2012).

Enumeration attack

The main goal of this attack is to count the number of individuals who has tested positive and thus the hackers will voluntarily upload their tracing data into the server. In the centralised architecture, the data regarding positive cases and close contact details were reserved in the server and thus the users can be prevented from this enumeration attack by performing this activity.

Denial of service

The consumption of the resources such as battery, bandwidth and processing etc. that are available in the user mobile takes place with the usage of this application. The processing time in the server may get increased after involved in this attack.

Cyber security review

The cyber security takes place by the cyber security center and thus the personal information must be used in limited manner. Thus the over control on the data will cause the data privacy concerns and individual will get affected. Before indulging in the review of security attributes associated with the centralized architecture, the data should be processed in the effective manner.

Breaching of Privacy policy

The data persist in the COVIDsafe application will not be used by any private organisations. The Amazon Web Services will supply infrastructure and other services for the data store of the COVIDsafe app. Thus there will not be existence of any agreements with the applications to ensure the privacy of the application. The government should strongly make the recommendation to provide suitable privacy policy.

Issues to centralized model

The usage of the centralized model has increased the intrusiveness rate and several hackers involved in hacking of the data with the usage of the different hacking methodology. It will cause the privacy concerns to the user data.

Lack of training to users

The users must be given appropriate training to how to use and disclose the data in the secured manner and it will reduce the chances of the web based attacks. For instances, the user may forgot to disclose the information in appropriate and keeping the session in open for longer duration also increase the privacy risks.

Unique identifier attacks

The use of the unique identifier for longer period of duration can cause the intruders to pick the identifier easier and thus it will provide as key to retrieve the valuable data of the user.

Leave a comment


Related :-