Arc App

Arc is a free app that enables women experiencing domestic or family violence to track details of abusive behaviour. Users can upload photos, videos, audio and diary entries to create a record of what has happened, when it happened, and how it made them feel. The app is designed specifically “for people experiencing family violence, to help explain their situation to a friend, family member or a support service, to provide key information to police or in court, and reduce the number of times they have to repeat their story.”

• Arc is a popular app often recommended by frontline workers to survivors of domestic or family violence.
• The app is simple to use and easy to navigate.
• The feel of the app is modern, young, ‘diary-like’ and ‘techy’, and the ‘tell your story’ feature is empowering to the user.
• An email address is required to create an account which validates the user.
• Access on a device is protected by device authentication, or ‘Access Verification’ (e.g. Touch or Face ID on iOS).
• Users can record information in the app without an internet connection.
• Arc is predominantly a smartphone app, but functionality is also available through a web application from any web-enabled device. 
• As data is stored in the cloud, a user’s records can be accessed across other devices also, which may be helpful in cases where access to technology is limited.
• Pop up alert windows warn users to the potential risks of clicking on external links.
• The majority of the accessibility options on the device are supported by the app and the pop-up alerts.
• The ability to export data by using the device’s sharing functionality is beneficial to both frontline workers and survivors (e.g. email a PDF, save to Google Drive etc.).
• Content captured via the app’s audio recording feature is not detectable on the device outside of the app. 
• The audio feature allows for recordings of up to 5 minutes in duration. If interrupted, the feature will resume recording upon re-opening of the app.
• Arc design is discreet and the app can be easily deleted and reinstalled within 12 months with no loss of information.
• The app is designed so that users’ stories can be collated across days, months and years.
• The app captures emoji entries in records.
• The external website links and phone numbers provided in the app connect the user to essential services such as police, 1800 RESPECT, Lifeline, QLine, legal services/aid, and ASKIzzy.
• The resource links provided in the app include both localised and nationwide services.
• The app uses a number of Amazon Web Services (i.e. secured cloud services platform that offers compute power, database storage, content delivery and various other functionalities), which are used by multinational corporations to store and process valuable data and generally have a good reputation for privacy and security.
• Data stored in Amazon Web Services cloud servers is physically located in Sydney, Australia and is subject to Australian law. 
• If a user’s data is deleted, it can be retrieved within 12 months.
• If a user has issues with the app they can connect directly to specialised family and domestic violence personnel at the Domestic Violence Resource Centre Victoria.
• The Arc Development Team is actively involved in the management and development of the app and is committed to delivering an app that best meets the needs of the users.

• Visibly displaying the ‘Domestic Violence Resource Centre Victoria’ logo on the app’s splash screen may be a safety concern for some users.
• The ‘Purpose of use’ section is confusing in that it states the app is designed to make notes or record other material of experiences of family violence, yet “must not be used to record conversations or activity that involves anyone other than yourself, in particular it should not be used to record any actual incidences of violence or other forms of physical or verbal abuse at the time such violence or abuse is taking place”, however the Arc Development Team are currently reviewing this wording.
• Additional security options such as two-step verification or multi-factor authentication are not offered, therefore we strongly recommend that users enable the ‘Access Verification’ tool to ensure that the user’s app records cannot be viewed by anyone else who has access to the device.
• The password can be reset if the email account associated with the app account has been breached, hence the importance of users to adopt safe and secure email practices. 
• Some device accessibility options (e.g. text enlargement) are not supported by all sections of the app, and in-app accessibility options are not offered.
• If an audio recording is interrupted during playback, the content continues to play without requiring re-opening of the app, which could pose a safety risk to the user.
• Uploaded app data may be subpoenaed for use in legal proceedings without the user’s consent.
• Increasing the font size of the text on the ‘Helpful Contact Numbers’ resource page could improve comprehension for users with vision impairment and/or who have poor digital literacy.
• Providing users with guidance on how to access the resources via the National Relay Service would benefit those who may be deaf, hard of hearing and/or have a speech impediment.
• Alerting the user around the potential dangers of providing app access to photos/media/files, camera, microphone, device ID and call information could increase their safety.
• As per the privacy policy, users’ data collected by the Domestic Violence Resource Centre Victoria is retained after account deletion and may be shared with 3rd parties, both in Australia and overseas. N.B. As at July 2020 the current privacy policy is under review.
• Account data deleted by a user remains on Arc’s cloud servers for up to 12 months.  
• Data stored in Amazon Web Service’s centralised cloud servers is encrypted, however, the app maintainers (i.e. those who provide maintenance service on the software) have a Master Key that can access and decrypt all data stored by users. If the Master Key password was abused or stolen it could be used to gain access to the plaintext of all data uploaded to the centralised system.
• Extensive activity logs are created as part of using Amazon Web Services and information, such as IP addresses, would be accessible to the app maintainers, as well as some Amazon Web Service employees.