Australia’s COVID-19 tracing app, COVIDSafe was launched on Sunday night and saw a massive uptake with over one million downloads in the first 4.5 hours.

The app is designed to communicate via Bluetooth with other users you have been close to, making it easier to trace other people who have been contact with a person tests positive for COVID-19.

The government has said 40 per cent of Australians need to voluntarily download the app for it to be successful and possibly pave the way for restrictions to be eased.

Prime Minister, Scott Morrison, said the app is all about keeping Australians safe.

“The more people who download this important public health app, the safer they and their family will be, the safer their community will be and the sooner we can safely lift restrictions and get back to business and do the things we love.”

Debate about the app raged for weeks leading up to its launch with privacy advocates calling for more transparency about how the app works and protect its users’ privacy.

When US-based Amazon Web Services (AWS) won a contract to store the app’s data, it raised concerns that Australian data could be accessed by US intelligence agencies the CLOUD Act.

The government denied this would be the case citing pre-existing government contracts with AWS as proof that Australian data is safe with US tech giants.

Both sides of politics, however, agreed that the app ought to be included as part of Australia’s coronavirus fighting measures.

Shadow Health Minister, Chris Bowen, said there were “legitimate concerns” about the app but that he joined the one million early adopters on Sunday night.

“We’ve always said this app could play an important role, a constructive role, as part of our response to defeat COVID-19,” he told RN Breakfast.

No legislation yet

Acknowledging the government’s poor track record on data use and technology rollouts, Bowen he was expecting to see legislation about the app introduced when parliament next sits on 11 May.

In the meantime, Health Minister, Greg Hunt made a determination under the Biosecurity Act on Saturday providing temporary measures to control the COVIDSafe app.

According to Hunt’s determination, only employees of a state or territory health authority can access data “only to the extent required for the purpose of undertaking contact tracing” or for maintaining the app.

It also prohibits decrypting app data stored on mobile devices and says people cannot be coerced into downloading the app or discriminated against for not installing the app.

But Alice Drury, Senior Lawyer at the Human Rights Law Centre, said laws must be passed in parliament that “provide for independent oversight and mandatory public reporting of all uses of the data”.

“Designed properly, technology can see us innovate while protecting human rights,” Drury said. “Our privacy does not need to be collateral damage.”

No source code yet, either

Despite a Privacy Impact Assessment from the Department of Health suggesting that the app’s source code be released to the public, the government did not publish the code prior to the app’s release.

However, curious developers like Geoffrey Huntly began decompiling the Android app immediately after it went live, finding that much of the app was built using OpenTrace, an open-source app released under the GNU GPL 3 license.

Huntly created a Google Doc for his tear down of the app and noted a defect where the app is configured to point to the Singapore version of OpenTrace, TraceTogether.

Since going live, no one appears to have found any major issues with COVIDSafe’s code.

Cybersecurity analyst, Gabor Szathmari, put together a report on the app giving it a ‘low risk’ security score.

And developer Matthew Robbins said from his analysis that “everything in the [COVIDSafe] app is above board, very transparent and follows industry standard”.

The app is available from both the Google Play and Apple App stores.