Close this search box.

Is police use of COVID-19 apps check-in data to solve crime acceptable?


Australian law enforcement agencies have used contact-tracing data at least 6 times to solve unrelated crimes, causing huge concerns over privacy and data use

Key takeaways

  • Australian police departments have used COVID-19 QR code data at least 6 times in active crime cases
  • Queensland police have used COVID-19 QR code data in crime-fighting
  • This has raised significant concerns over data privacy
  • Some politicians have called for an end to mandatory check-ins on apps once pandemic is brought mostly under control

As the most recent wave of the COVID-19 pandemic rages across large parts of Australia, a disturbing new revelation has come to light.

It is the use of check-in data from one of the pillars of modern-day pandemic-response: the “check-in app” that we’ve all become accustomed to.

Specifically, there have been recent revelations (most recently from Queensland) that Australian police have used COVID-19 check-in apps’ data to help them solve criminal cases entirely unrelated to people’s actions and movements related to lockdowns themselves.

The nation’s privacy watchdog has called for police forces to be banned from accessing information from QR code check-in applications after law enforcement agencies have sought to use the contact-tracing data on at least 6 occasions to solve unrelated crimes.

There are also growing calls from MPs and civil liberties groups to phase out the compulsory check-in applications once the worst of the pandemic is over.

Queensland's COVID app accessed a million times in a fortnight
The Queensland version of the “check-in” app

In the most recent case, Queensland Police gained access to the Check In Qld app in June through a search warrant after the theft of a police-issued firearm, which led to an officer being stood down.

Western Australian Police has used its data twice without a warrant, which led to the state then banning police from accessing the data, while Victoria Police has tried but been rebuffed on at least three occasions.

NSW, South Australia and the Northern Territory have ruled out the use of the check-in app data by police.

A spokesperson for the Office of the Australian Information Commissioner said protecting personal information was central to maintaining public trust and promoting compliance with health orders and contact tracing.

“The OAIC considers that personal information collected for contact-tracing purposes should not be used for other purposes such as law enforcement or even direct marketing,” the spokesperson said.

The OAIC said there should be “nationally consistent requirements regarding the collection, use and disclosure of contact-tracing information”.

Liberal senator James Paterson, chair of federal Parliament’s intelligence and security committee, said states should replicate the “gold-standard” privacy protections in the Commonwealth COVID safe app which ensured the data can only be used for public health purposes.

“If regular state police access to check-in data undermines trust and confidence in their apps it will be entirely self-defeating,” he said. “We do not need to make the task of contact tracers any harder by discouraging people from using the apps.”

Check In to make COVID safe simple in Queensland - Restaurant Catering  Magazine

Liberal MP Tim Wilson said, “we were told QR check-ins were for health purposes only, if they’re now being used for law enforcement it is a fundamental breach of trust”.

“The fastest way to break public confidence and willingness to ‘check in’ is to rake the data for secondary purposes we were explicitly told would not happen.”

Labor’s legal affairs spokesman Mark Dreyfus said QR codes had been a critical tool in fighting COVID-19, but members of the public needed to have complete confidence in them.

“COVID-19 is a national problem, and so we should be looking to address these concerns at a national level and in a nationally consistent way,” he said.

Labor spokeswoman for government services Kimberley Kitching said a national standard was needed so that all Australians could have confidence in the check-in apps.

Our perspective – data privacy is paramount

In our perspective, these developments are of grave concern. The COVID-19 pandemic is one of the challenges of our lifetimes, and Australia has managed to do relatively well so far.

As a society, we have teetered on the edge of all-out lunacy on the issue, but have been largely less affected by the politicisation of the issue than other places, particularly America. Breaching public trust through indiscretions related to data is a one-way street to reifying the theories of those who are out to undermine public health responses.

Governments and all government departments would do well to think long and hard about how they could undermine the very confidence the government is trying to build. Improper use of COVID-related data would be top of the list, and the knock-on impacts would be on people’s adherence to rules that have largely kept Australia protected.

While the ongoing third wave has been upsetting for most people (including the lockdown measures it has brought), if people’s adherence to government requirements drops further, we could be in a far more parlous situation still.

Encouragingly, a public health order in NSW now bans the use of QR code data for police investigations, stipulating it can only be used “for the purposes of contact tracing during the COVID-19 pandemic”.

This is how it should have been all along.

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →