On 20 September 2020 the findings of the ACCAN App Safety Centre project were presented by the research team via a webinar: “Choosing Apps for Survivors of DFV”. Following are responses to questions that were not able to be addressed during the presentation:
1) Dr Merkel, were the security issues identified associated with organisations that outsourced or in-sourced their tech builds?
Covered live. Please email [email protected] if you have any specific concerns as Dr Merkel is happy to engage further if needed.
2) Did you identify in your product/service any gaps that all the apps weren’t covering? I.e. given the journey’s victims/survivors go through, did you identify areas which hadn’t yet been thought of in being able to help people at risk of physical or psychological abuse?
Most of the apps required network coverage to function, which wasn’t so much a failing of the app, but more reflective of where improvements could be made Australia-wide with regards to telecommunications infrastructure and reliability.
3) If the client confirms that her partner has installed a spy app on her mobile, where can she get support?
Our www.techsafety.org.au website provides handouts on spyware and mobile device security. Depending on the device, regular OS updates or sweeping the device with reputable antivirus software may help. A factory reset might remove the malware, but not always, and this may remove other evidence of abuse or alert the abuser. Backing-up data is recommended before a factory reset too, however this may also come to the attention of the abuser if they are still living together and sharing home technology and networks. If it is an Apple device and the victim can prove ownership with a receipt, then ‘Genius Bar’ staff at an Apple Store may be able to forensically examine her device.
4) How can victims in rural and remote areas with poor internet coverage be supported with digital technology?
That’s actually one good thing about some of the information apps – they can be designed to make at least some of the resources available without a live internet connection if that’s a design goal.
5) Which of these apps (if any) were developed within Australia? And was there any indication from the technical analysis that data was being transferred to overseas servers (in the circumstance where the App is sharing sensitive data)?
All the apps reviewed were developed in Australia, and as far as we can tell they were generally using Australian backends (e.g. AWS Sydney infrastructure). Some apps were using Google Analytics. Apps with a US focus were deliberately excluded from the project.
6) Really pertinent point about inaccessibility for marginalised victims. This also includes those with disabilities physically and cognitive. How about voice or sensors activation that includes community languages.
Dr Merkel stated that “From a technical perspective, voice activation, particularly in community languages, is dependent on platform providers (e.g. Apple/Google and other specialist voice system providers) making such services available, and app developers/commissioners having the resources to build apps on top of them. The potential is there, but doing it well will take a lot of time, money, effort (including co-design etc., etc).”
7) Do any of the apps collate and share anonymised data and insight for the purposes of future planning? If so, who do they share it with?
Yes, several apps use analytics tools such as Google Analytics to collect anonymised usage data. The information is only available to the app developers/commissioners at this stage, and in some circumstances the platform provider. Apps were occasionally less explicit than they should have been about the use of Google Analytics, though the information collected and retained by Google is anonymised quite carefully and was not integrated into the wider constellation of data Google collects about individuals.