A photo illustration shows a new COVIDSafe app by the Australian government as seen on an Iphone to install in Sydney on April 27, 2020. (AFP / Saeed Khan)

False claim circulates that Android users in Australia have been automatically signed up to COVIDSafe app

Copyright © AFP 2017-2023. All rights reserved.

Multiple posts shared repeatedly on Facebook state Android users in Australia have been automatically signed up to COVIDSafe, the government's COVID-19 contact tracing app, through an application programming interface (API) operated by Google. The claim is false; a cybersecurity expert said the API is “not an app”, and that the use of it is optional; the Australian government said the COVIDSafe app is available for voluntary download and cannot operate without being downloaded.

The claim was published in an image in this Facebook post on June 6 alongside the caption: “Congrats Androids. You are now being tracked without your consent.” 

The text overlaid in the image reads: “Android users BEWARE, google automatically signed you up to COVID-19 tracing app

"If you use an Android phone, and have not installed the COVIDSafe app, then you may have COVID-19 Exposure Notification already on your phone. To check:

"1. Go to Settings
"2. Scroll down to Google Services and launch
"3. If COVID-19 Exposure Notifications is on top of the list, then tap on the three dots on the top right hand corner of your screen
"4. Tap Usage & Diagnostics
"5. Turn off
"Check regularly in case the Android system turns this on automatically."

A screenshot of the misleading Facebook post as of June 15, 2020

The COVIDSafe contact tracing app was launched in April 2020 as part of the Australian government’s plan to ease social distancing restrictions imposed to curb the spread of the novel coronavirus. The download and use of the app, which is designed to help public health officials find close contacts of COVID-19 cases, is voluntary. 

Similar virus tracing apps have also been introduced in other countries including France, Germany, India and the UK

A similar claim was published on Facebook here, here, and here.

The claim is false. The Exposure Notifications API developed by Google and Apple is not an app and does not function in the same way, according to cybersecurity experts.

In an email to AFP on June 16, Vanessa Teague, CEO of Thinking Cybersecurity and an associate professor at the Australian National University, further explained the differences between a contact tracing app and the new Exposure Notification API.

“First of all, an API is not an app -- it's a set of functions that health authorities in each country can use to build an app on, if they want,” Teague wrote. “If you were living in a country that based its COVID-19 notifications on the Google-Apple Exposure Notification API, you would need to turn on exposure notifications (using the helpful instructions above, but 'on' instead of off) and also install your country's app.

“Second, the Exposure Notification API is for exposure notification, not tracing. The difference is important: centralised tracing apps like COVIDSafe upload a list of your contacts to a health authority if you've tested positive for COVID-19 -- this allows those exposed people to be traced. Exposure notification notifies the people directly without a central authority doing the tracing.”

In a joint statement released on May 20, Google and Apple announced the launch of the Exposure Notifications API, a technology designed to “support public health agencies”. 

API, or application programming interface, consists of sets of standardised requests that allow different computer programmes to communicate with each other. API provides building blocks for programmers to build mobile apps, which are oriented to users. 

Google and Apple clarified in their joint statement: “What we’ve built is not an app -- rather public health agencies will incorporate the API into their own apps that people install.

“Our technology is designed to make these apps work better. Each user gets to decide whether or not to opt-in to Exposure Notifications; the system does not collect or use location from the device; and if a person is diagnosed with COVID-19, it is up to them whether or not to report that in the public health app.”

While Google and Apple have included the Exposure Notifications API in the latest updates for their respective operating systems, iOS and Android, smartphone users need to manually turn on the exposure logging function. Also, that function only works if an authorised, compatible public health app is installed. 

An Australian Department of Health spokesperson told AFP by email on June 17, 2020 that the COVIDSafe app “does not currently use the exposure notification framework.”

“The [Digital Transformation Agency] are working in partnership with Apple and Google to understand the native contact tracing functionality and whether it can and should be used within the COVIDSafe app in the future,” the spokesperson added.