Glad to see that they published the Privacy Impact Assessment. Source code would give better assurance…:
[…] The app, available for Android and iOS, uses some code from Singapore’s TraceTogther app and uses Amazon Web Services to store registration information, encrypted user IDs, and contact data.
While source code of the app has not been released, a privacy impact assessment [PDF] drawn up by lawyers recommends it be made available. The Department of Health’s response [PDF] concurs, saying it “will be released subject to consultation with the Australian Signals Directorate’s Australian Cyber Security Centre.”
No timeframe for that consultation is offered, nor is there a guarantee the Cyber Security Centre will agree to the release of the source code.