Dr Mahmoud Elkhodr is an expert in location privacy at CQ University.
Dr Mahmoud Elkhodr is an expert in location privacy at CQ University.

Coronavirus app gets cautious thumbs-up from CQU IT expert

PRIVACY and security of Gladstone residents' data obtained by the Government's new coronavirus tracking app should not be compromised, says a CQ University IT expert.

Based on an app developed in Singapore, the technology aims to track anyone who comes into contact with a person who has tested positive to COVID-19.

The app works by registering Bluetooth contact between mobile phones, at a distance of 1.5 metres for more than 15 minutes, which enables the government to track contact with virus-positive people.

Mahmoud Elkhodr, a doctor of location privacy and lecturer in IT, said he would recommend Gladstone residents downloading the app to help flatten the virus curve, if guaranteed it only works off Bluetooth technology.

"There is no guarantee the app is not going to try to obtain information via other methods, for example the cellular network," he said.

"Making the application open source is vital for transparency to ensure location is not collected via other methods." Dr Elkhodr said the Government must assure users the app does not have back doors to the technology, leaving it vulnerable to cybercrimnals.

He said legislation must be passed to prevent breaches of security, and ensure complete peace of mind for users.

"I would download it, only because I know the technology well and I know how to turn it off when it needs to be, but for the average user that may be difficult" he said.

"What if a healthcare worker or app administrator decided the sell the database they have access to?"

For increased efficiency, Dr Elkhodr suggested contact for far less than 15 minutes should be adopted.

With only 15 per cent of Australian residents signing up to myhealthrecord, Dr Elkhodr said the government's goal of 40 per cent of the population downloading the app looked unachievable.

Federal Member for Flynn Ken O'Dowd said when a person downloaded the app, their name, verified mobile number, age range and postcode were registered and encrypted on a restricted data storage system.

"They are provided an encoded hashed identifier, which is the only data shared as part of the Bluetooth "digital handshake" and is stored on the user's phone for 21 days until it is automatically deleted," he said. "Contact data only leaves the user's phone if the user they come near is diagnosed as having coronavirus."