"experts" should be ashamed
Honestly this goes to show how clueless or double standards people like cannon brookes are...
First of all No DNS security... what does that mean ?
DNSSEC would be part of the way to prevent middle box's at schools/gov depts etc from intercepting traffic CovidSafe app has No protection.
(you can host your domain on a DNSSEC aware Name server and still use AWS)
Secondly No TLS cert declaration... what does that mean ?
Things like HSTS mean that putting a TLS proxy would be harder to intercept, Manipulate and account for CovidSafe. The app has NO protection.
(this is basic webserver security that high school students are capable of)
Thirdly it does not work in the background for at least 40% of the Australian population.... what does that mean?
iPhone etc do not allow the gov or anyone for that matter to broadcast in the background so you have to use the Apple API to broadcast continuously, there are several privacy preserving app's that do that however they are not deployed yet as Apple/Google is not active yet... Australian Gov pushed ahead anyway while the German gov went with a private approach... https://github.com/DP-3T/documents
Honestly I want them to do this right so I hope they fix the errors in server infrastructure deployment and change the app to use matching on the client rather than server. The App can still request data from users but it should not be the default or required for the app to work.
Glossing over errors is not helpful, maybe, just maybe Australians deserve better and our leaders will deliver in the future because the "tech billionaires" are not helpful.