Critical COVIDSafe Bug ‘Still Not Fixed’, Government Insists Everything is Fine
By now, you’ve probably heard COVIDSafe is struggling to perform up to its expectations. Perhaps they were unrealistic to begin with, but developers argue it’s hard for the app to perform when crucial bugs are still not being fixed.
Another update, its eighth, was released on July 21 and claimed to fix some bug issues as well as adding language support for Greek and Italian speakers.
But software developers Jim Mussared and Richard Nelson, who have been combing through the app’s code and testing for bugs, were surprised by an omission — the new update failed to address a critical bug first reported on July 5 by them and added back in mid-May’s second update.
The bug, according to the developers, affects Apple devices and is potentially the root cause for the Bluetooth device issues some users have been reporting.
Confounding. If @DTA actually worked with the community on fixes and developed transparently, we would have spotted this prior to release.
— Richard Nelson (@wabzqem) July 22, 2020
The bug in question is a particularly crippling two-fold issue. First, those ‘handshakes’ made between COVIDSafe apps don’t cancel and when the other device is out of range, it continues to indefinitely try to reconnect to it. This issue is made worse by the fact that the app’s design means a new handshake ID is created every few minutes. Therefore, an Apple device could be trying to indefinitely reconnect with multiple IDs, including expired ones, of a single device it’s been in range with.
That aspect is not great design, but it’s the fact that there’s a connection limit associated with Bluetooth on Apple devices that makes it a serious bug.
Nelson and Mussared estimate an Apple device has an approximate limit of 200 Bluetooth connections, so if the COVIDSafe app is running and the connections hit that limit, it supposedly won’t register any further contacts.
It’s suspected this is also what’s causing connection issues with other devices — like headphones and smartwatches — that use Bluetooth to connect to your phone. That limit means something has to budge and for affected users, it seems to be the COVIDSafe app.
“This is a big deal, obviously causing many, many problems,” Nelson said in an email.
“Without enough people running the app, statistically it becomes clear that results won’t be effective at all.”
Fixes might be on the way but the app’s creators won’t confirm
Gizmodo Australia asked the the Digital Transformation Agency (DTA), the government agency behind the app, whether it was aware of this issue and when it was planning on fixing it. It did not specifically address the questions, although the issue was acknowledged by the agency on July 6 on Github.
“Based on the feedback from the tech community the DTA implemented an improvement to the app to address the issue raised, this improvement was implemented in the most recent release for the app (Release 8). We have continued to investigate the issue and will implement further improvements in the next release (Release 9),” a DTA spokesperson said.
“Improvements that have been continuously implemented to the app and [health] portal mean contact tracers are better able to establish and identify close contacts, these improvements are able to compensate for Bluetooth performance variabilities on the mobile device if they were to occur.
“The Australian community can have confidence that COVIDSafe is working securely and effectively.”
With the app struggling to detect cases the overloaded manual contact tracing teams haven’t, it’s hard to say definitively whether the failure lies solely in its design or whether persistent bugs are also part of the equation.
If it gets one these aspects right, then we’ll know whether Australia’s technological answer to COVID-19 contact tracing really is the “great global success story” the government keeps trying to sell.