We’re still being urged to use the government virus contact tracing app, despite its numerous problems, and questions about its security. The government promised to release the source code, but that’s still not the end of the story, as IT security expert James Newburrie explains.
The federal government today promised us the CovidSafe source code And they’ve released the client side – but no server side code. I can’t tell you what it links to or how your data is protected.
There many better programmers than me – and every single one of them knows that if you download code from a server without validating that server, a hacker can get nasty stuff onto a phone using your app. The CovidSafe app is exploitable via a function called “foundation”… I do not trust it.
How To Use covidSAFE Safely
If you insist on using Covid Safe – this is how you do it safely…
Go into your desk drawer and get that old smart phone out. Factory reset it so there is no data on it. Go to the supermarket and buy a $2 prepaid sim – use the prepaid sim to setup your old phone.
(Alternatively you could buy a cheap Android phone for this, and no other purpose.)
Setup a new gmail address and log into the AppStore and setup the phone using the new gmail address and put absolutely nothing on the Covid phone. Do not connect the phone to wifi.
Keep your primary phone clear of Covid safe.
And the rest of the issues