Mobile app security sceptics refuted

July 28, 2022

The Office of the Government Chief Information Officer today said the LeaveHomeSafe mobile app strictly follows the Government’s policies, requirements and standards on information security and privacy protection.


This statement was made in response to a report presented by an overseas cyber security company claiming that the app has security flaws.


Expressing its deep regrets and strong opposition at the inaccurate report and unfair accusation, the office stressed that the protection of personal privacy has always been the prime objective in the LeaveHomeSafe app’s design, development and use. No registration is required and all data related to personal privacy stored in the app are masked and encrypted.


As a digital tool commonly used by the general public on a daily basis, with over eight million downloads since its launch, no security or privacy-related incidents have been reported.


Regarding allegations about the facial recognition module, the office has repeatedly explained that the app neither uses nor requires any facial recognition function, and the relevant module has been removed already as pledged.


Moreover, prior to the launch of all major updated versions, the app has passed privacy impact assessments, security risk assessments and audits conducted by independent professional third parties to confirm that it is safe and reliable.


The office also noted that each version of the app must pass different app stores’ stringent reviews to ensure compliance with the requirements for personal privacy protection. At the same time, to ensure that the app is run in accordance with the Personal Data (Privacy) Ordinance, the Office of the Privacy Commissioner for Personal Data has been consulted on every new function added to the app.


The app’s technical specifications, as well as relevant privacy impact assessments, security risk assessments and audits, are publicised online for public reference, the office added.

Back to top