surfisup1000:ronw: There original press release implied data was restrained on phone now it appears it's actually stored in Australia
Yes that is misleading.
For an app that is all about supreme trust that would be a poor start.
Perhaps if people actually read the information that has been put out, that would be a good start. But I do worry that the way this is being communicated is not sufficient for the general public, even those with some technical knowledge.
Amazon Cognito is used for the authentication, hence why AWS Sydney is referenced. Thats where your account auth details are stored.
They are also relying on AWS to distribute the push notifications to alert devices when they have a positive location match. The check-in data is not stored there, it's only stored on your device.
There are plans to open source the code, and it has already been checked by numerous 3rd parties.