Then it’s a “no” from me.
While it is possible that the secret parts of the code are where yet another backdoor is hidden, it is more likely that this is where the security weakness is (“security through obscurity”). You can bet that Chinese government cyber agents will be reverse engineering that part of the code even if we in Australia don’t get to see it. What is wrong with this picture?
Any claims about “how an app will work” that are not backed by complete source code are just hot air.
You aren’t anonymous when you get tested, I believe.
Perhaps this problem could be solved with a dual “key” system i.e. in order for your app to report in that you have been diagnosed with COVID, it needs both your authorisation and the tester’s authorisation. So if you get a positive result via text message that could include some kind of one-time-key from the tester, which you then input to the app to enable the app to report your diagnosis.
I haven’t read all the details but I haven’t seen anything specifically saying that the Bluetooth signal strength is relevant. A contact may be defined by
a) any successful Bluetooth data exchange, and
b) lasting for X minutes (X may be 15).
So the “paper-thin apartment walls” case would be a false positive but the “back to back” case would not be a false negative.
You could address the “apartment walls” case by disabling the app / disabling Bluetooth while at home with only the normal occupants of the property. (That means that if you test positive, the normal occupants would not be contact-traced automatically but presumably commonsense would deal with that.)
