Author Topic: Australian COVIDSafe App Source Code  (Read 1089 times)

0 Members and 1 Guest are viewing this topic.

Offline EEVblog

  • Administrator
  • *****
  • Posts: 31526
  • Country: au
    • EEVblog
Australian COVIDSafe App Source Code
« on: April 27, 2020, 01:04:10 pm »
Here is the decompiled source code for the Australian COVIDSafe Android App
It's supposed to be readable in Android Studio but I have not tried it myself as that's not my thing.

https://github.com/EEVblog/COVIDSafe-1.0.11
 
The following users thanked this post: SiliconWizard

Online NivagSwerdna

  • Super Contributor
  • ***
  • Posts: 2098
  • Country: gb
Re: Australian COVIDSafe App Source Code
« Reply #1 on: April 27, 2020, 01:11:39 pm »
also https://github.com/ghuntley/COVIDSafe_1.0.11.apk

It's written in Kotlin so it must be good. (I'm a secret Kotlin admirer)
 

Online SiliconWizard

  • Super Contributor
  • ***
  • Posts: 5439
  • Country: fr
Re: Australian COVIDSafe App Source Code
« Reply #2 on: April 27, 2020, 01:41:59 pm »
Ouch. Of Kotlin, I just know the name... Just took a quick look, but what's all this metadata stuff (which looks like it's not text) and where's the source code?
*confused*
 

Online NivagSwerdna

  • Super Contributor
  • ***
  • Posts: 2098
  • Country: gb
Re: Australian COVIDSafe App Source Code
« Reply #3 on: April 27, 2020, 01:51:43 pm »
Looks like my wife would be able to check up on all the BLE devices I've been spending time with.
 

Offline EEVblog

  • Administrator
  • *****
  • Posts: 31526
  • Country: au
    • EEVblog
 

Offline Wilksey

  • Super Contributor
  • ***
  • Posts: 1210
Re: Australian COVIDSafe App Source Code
« Reply #5 on: April 27, 2020, 05:43:41 pm »
Hmm,
The code is here: https://github.com/EEVblog/COVIDSafe-1.0.11/tree/master/smali/au/gov/health/covidsafe
But it isn't "code", it's I guess you could call it bytecode or IL code sort of.

The trouble is nothing decompiled ever recompiles properly, all a APK file is, is a ZIP file, so the way I reverse engineer is to rename the APK to ZIP, extract the .DEX files, run DEX2JAR to reproduce the .jar file then run it through jd-gui (java decompiler).
 

Online NivagSwerdna

  • Super Contributor
  • ***
  • Posts: 2098
  • Country: gb
 

Online SiliconWizard

  • Super Contributor
  • ***
  • Posts: 5439
  • Country: fr
Re: Australian COVIDSafe App Source Code
« Reply #7 on: April 27, 2020, 06:59:21 pm »
Yeah, so they didn't actually release any source code.

Apparently, they didn't obfuscate the compiled stuff, so yeah you can decompile it and get something readable. No clue how readable that really is though.

But I'm wondering why they didn't release the source code if they wanted to be really transparent.

 

Online NivagSwerdna

  • Super Contributor
  • ***
  • Posts: 2098
  • Country: gb
Re: Australian COVIDSafe App Source Code
« Reply #8 on: April 27, 2020, 07:23:10 pm »
"You’ve have successfully uploaded our information to COVIDSafe`s highly secure server. State and Territory health officials will notify other COVIDSafe users that have recorded instances of close contact with you. Your identity will remain anonymous to other users."

If I am interpreting the app correctly it stores contacts locally and only uploads on user action and then it only uploads contacts you have had with other BLE identified users.  I guess they are then traced and encouraged to upload... and then the network of contacts expands.

Sounds pretty tame.  If I had written it I would upload all contacts automatically and build a network of what people were up to.  >:D

 

Offline Syntax Error

  • Frequent Contributor
  • **
  • Posts: 302
  • Country: 00
Re: Australian COVIDSafe App Source Code
« Reply #9 on: April 28, 2020, 12:05:23 pm »
Just wondering who ends up on the apps...

"Lau/gov/health/covidsafe/streetpass/BlacklistEntry"

...and why?
 

Offline EEVblog

  • Administrator
  • *****
  • Posts: 31526
  • Country: au
    • EEVblog
Re: Australian COVIDSafe App Source Code
« Reply #10 on: April 28, 2020, 01:54:23 pm »
Sounds pretty tame.

It is, because everyone complained about it they had to prune it back to nothing.
The iPhone app doesn't even work unless you have the program in focus and the screen on all the time. Totally useless.
 
The following users thanked this post: Yansi


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf