Government’s Bluetooth Fix For COVIDSafe Won’t Help Much, Say Developers


Australia’s contact tracing mobile app, COVIDSafe, is getting a new Bluetooth protocol which the government says will improve the detection of close contacts through “unparalleled app-level Bluetooth performance”.

But the new protocol, known as Herald, relies on a bluetooth mode that other countries are not using, according to local software developers, reigniting criticism of the troubled app.

Herald is a VMware backed open source project that began in July. The code was open sourced in September. But the projects ties to VMware – the company involved in the UK government’s original but eventually discarded contact tracing app – created some confusion this week when the Australian government made its announcement.

The UK government experienced difficulty picking up contacts involving locked iPhones when it used VMware’s protocol earlier this year. Ultimately the Uk instead went with an Apple and Google framework that uses Bluetooth beacons.

VMware says the Herald protocol is in no way related to the protocol it initially developed for the UK app.

Last Thursday VMware publicly released the code behind Herald on Github, to help “further adopters of Herald in the healthcare space and beyond”.

By Monday, the Australian government was touting its adoption of Herald as a world first and claimed Google and Apple have been involved in its implementation, even as the tech giants offer their own exposure notification framework for contact tracing – an approach Australia’s app does not utilise.

“Australia’s technology capability and contact tracing systems are world-leading and we will be the first country in the world to adopt the Herald Bluetooth protocol, which has been shown to significantly improve our capability through the COVIDSafe App,’ said Minister for Government Services Stuart Robert in a statement.

Which-50 has asked the DTA to confirm when it began work on incorporating Herald but a response was not provided.

Developer Doubts
Geoffrey Hunt, a software engineer who has followed the development of the COVIDSafe app and has been highly critical of the DTA’s approach, says the decision to implement Herald will continue to hinder contact tracers and health workers.

In a video posted to Twitter on Monday, Hunt challenged the Australian government’s claims about Herald and criticised its reluctance to use the Google and Apple framework – a long-standing complaint of COVIDSafe critics.

Even with the Herald update, Hunt says, the DTA is still tying COVIDSafe to a less effective “pairing” form of Bluetooth exchange, which means problems around device connectivity will persist across platforms and in situations where many people are present like at sports stadiums.

“It’s really sad,” Hunt says in the video. “At the core of it, our medical professionals deserve tools that work.”

According to Hunt, the government’s claims of a world-first use of Herald don’t hold much water either. “We will be the first country to move to the Herald system because other countries rejected it. The UK government rejected Herald because it doesn’t work.”

The DTA tweeted Monday that the Herald protocol it is adopting is not the same as the one dumped by the UK. VMware also says the protocols are different.

A Herald protocol based app will still face challenges in detecting iPhones in some scenarios, Hunt says, and simply will not work when the app is not active. The Apple and Google alternative, however, works well across ecosystems and apps do not necessarily need to be running. Although an official government contact tracing app is required to use the framework.

“Why are we moving to technology that doesn’t work when it’s in the background to another technology where it still doesn’t work in the background?” Hunt asks in the video.

“That’s bullshit. Our medical professionals deserve technology that works.”

Several other prominent developers and cryptographers have expressed similar doubts this week online about the efficacy of Herald, as well as frustration they have again not been consulted on the changes.

Vanessa Teague, an ANU Associate Professor, and cryptographer, tweeted, “Lots of us have spent months and months fixing #COVIDSafe and trying to engage the DTA in a rational discussion of future options, but nobody who had helped was even told about this before the AFR [story announcing the Herald update].

“I share both Geoffrey Huntley’s technical assessment and his feelings.”

The DTA says the Australian tech community will be given a chance to provide feedback on the new source code (iOS and Android) before the update that will bring Herald to COVIDSafe.

New And Improved
The DTA says its testing shows the Herald protocol will be able to log at least 80 per cent of close contacts when two people have the app, regardless of the operating system or whether the app is running in the background or foreground; or if the devices are locked or unlocked.

The current COVIDSafe app, which does not yet incorporate Herald, struggles to detect contacts when iPhones are involved and one or more of them are locked. In a scenario where two iPhones using COVIDSafe are locked, for example, up to half the contacts will be missed.

The Australian Cyber Security Centre has been involved in testing to ensure the update meets the same security requirements of the previous versions, according to the DTA.

COVIDSafe has been downloaded over seven million times this year and led to a handful of additional contacts being traced than would have otherwise occurred without it. The DTA refuses to share information on actual usage of the app, citing strict privacy protections that prevent it from accessing the data.

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x