There is so much conjecture surrounding the recent announcement by our Federal Government to ‘opt in’ to the tracing app.
Most recently, our Health minister Greg Hunt has put a question mark over whether a promise to release all source code for the federal government’s forthcoming COVID-19 contact tracing app is actually possible due to security concerns.
So, what does this all mean for us and how do we go about protecting our data and its privacy? We are not here to advise you whether you should or shouldn’t download the Government’s tracing app but rather give you some informed tips on how you can better protect your data and keep its integrity in place.
Update your software
Your device operating systems get out-of-date over time, and old software can contain security bugs or settings that leak personal data. Set your devices (and the apps on them) them to update automatically. That way you’ll always have the latest, safest versions.
Update your privacy settings
Make sure your devices are using the best privacy settings. Especially make sure you adjust per-app location settings, so that your location history isn’t leaking where it shouldn’t. For added safety, review the apps you have installed. If there are any you haven’t used for a while, remove them to reduce the chance of your personal data being shared in the background.
Set up two-factor authentication
Two-factor authentication (also known as multi-step login) is where you use a code to log in to websites in addition to your password. You should set up two-factor authentication (2FA) wherever possible, and certainly on your major accounts (email, financial, etc.). You can check if major sites have it available here, which also links directly to the right documentation pages.
Go through your phone settings to make sure the manufacturer, Google, Apple, and your apps aren’t granted unnecessary access to any private data. Switch off location tracking services, access to your camera and microphone, and data sharing features that you don’t need. On iPhones and newer Android devices, you can enable and disable these services on an app-by-app basis. Keep in mind that disabling a permission can potentially cripple an app, so make sure it isn’t necessary for the app to function properly.
Just like desktops, VPNs are becoming increasingly important on mobile as a means to encrypt internet traffic traveling to and from your device. A handful of free mobile VPNs are available like Tunnelbear and Hotspot Shield, while paid services often include support for both desktops and mobile devices. Look for logless VPNs with strong encryption standards to keep your web browsing and app usage private. As an added benefit a VPN can let you access Netflix abroad along with other geo-blocked streaming services.
Encrypted calls and chat
Not all chat apps are encrypted and, even if they are, the company that makes them may well have the key to decrypting them. WhatsApp, Viber, iMessage, Snapchat, and Facebook Messenger all have some level of encryption. WeChat and Line are not encrypted by default. Even on those encrypted channels, whether your messages remain private depends on how difficult it is for a hacker to reverse engineer the app or how easily the company gives into government coercion. A few encrypted chat apps exist specifically for those who don’t want their privacy in the hands of a multinational corporation, such as CryptoCat. If you want to encrypt live phone calls, Signal is probably your best bet. The free app offers encrypted voice calling and instant messaging.
Strong, varied passwords are a key component in guarding your privacy online, but memorising different passwords for every account is a hassle. For this, there are password managers. A password manager let’s you encrypt and store all of your passwords into a single app so you only need to memorise a single master password. MasterPassword and LastPass both make password managers for mobile devices, which we’d recommend.
Set a pin or swipe code
It can be annoying to have to swipe or type in a passcode every time you want to access your phone, but it’s a precaution worthy of your two seconds of added effort. Passwords are the most secure, followed by PIN numbers, and finally swipe codes. That’s because thieves can look at the oil residue on your phone to see where you’ve been swiping. Nevertheless, it’s the fastest option and something is better than nothing.
Android Device Manager and iCloud
Both iOS and Android have remote phone tracking and limited control features that require limited setup to use. Enable Find My Phone and set up an iCloud account on iPhones, and allow Google to track your location on an Android phone. These features will not only assist you in locating a lost or stolen device, they will let allow you to remotely wipe it and return the phone to factory settings. The caveat here is that you must sacrifice some privacy to Apple or Google in order to use these services.
Always check permissions on new apps and updates
Every time you install a new app, don’t just scroll past the permissions page and hit accept. In particular if the app is from a less well-known publisher, ask yourself whether it really needs all those permissions. If you want to install the app but want to exclude a particular permission, you can usually disable specific permissions in your device’s app settings. Look out for permission changes in new updates as well.
A wealth of privacy and security apps are available on reputable app stores for your perusal. We won’t go through them all here, but some of our favourites include Disconnect (anti-tracking), HTTPS Everywhere, VeraCrypt (disk encryption), Orbot (Tor for Android), and several antivirus and anti-malware apps. Android tends to have more of these because Apple prefers to take security into its own hands on iOS.
To reiterate, we are not here to advocate the tracing app or make comment on its overall objective. We are lucky to live in a democratic country, so it’s completely your choice whether you download it. However, we hope that by presenting some of these security preventative measures to you, it now gives you the confidence to make a well-informed decision.
If you’d like to discuss some of the finer points in this article or need step-by-step instructions, please don’t hesitate to call our offices on 1300 765 014.