diff --git a/README.md b/README.md
index 73301d1..0b7890a 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@ The complete list is:
 - [COVIDSafe's new payload encryption scheme (15 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-15COVIDSafesNewEncryptionScheme.md) by Chris Culnane, Ben Frengley, Eleanor McMurtry, Jim Mussared, Yaakov Smith, Alwen Tiu and me.
 - [Issues with COVIDSafe's new encryption scheme (19 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-19IssueswithCOVIDSafesNewEncryptionScheme.md) by the same authors.
 - [The current state of COVIDSafe (mid-June 2020) (22 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-22OutstandingPrivacyIssues.md) by the same authors.
-- [COVIDSafe issues found by the tech community (7 July, updated 28 Oct)](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
+- [COVIDSafe issues found by the tech community (7 July, updated 1 Jan 2020)](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
 - [Fools rush in where angels fear to tread - why Herald won't be ready by Christmas](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-07COVIDSafeHerald.md) by Jim Mussared and me.
 - [**Why GAEN Exposure Information should be shuffled relative to Diagnosis Keys - this post (16 Dec, updated 19 Dec)**](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-16TheImportanceOfShufflingInGAEN.md)
 ---------------------------------------
diff --git a/blog/2020-03-30TweakingTracetogether.md b/blog/2020-03-30TweakingTracetogether.md
index 2254677..64b9c6e 100644
--- a/blog/2020-03-30TweakingTracetogether.md
+++ b/blog/2020-03-30TweakingTracetogether.md
@@ -12,7 +12,7 @@ The complete list is:
  Smith, Alwen Tiu and me.
 - [Issues with COVIDSafe's new encryption scheme (19 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-19IssueswithCOVIDSafesNewEncryptionScheme.md) by the same authors.
 - [The current state of COVIDSafe (mid-June 2020) (22 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-22OutstandingPrivacyIssues.md) by the same authors.
-- [COVIDSafe issues found by the tech community (7 July, updated 28 Oct)](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
+- [COVIDSafe issues found by the tech community (7 July, updated 1 Jan 2021)](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
 - [Fools rush in where angels fear to tread - why Herald won't be ready by Christmas](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-07COVIDSafeHerald.md) by Jim Mussared and me.
 - [Why GAEN Exposure Information should be shuffled relative to Diagnosis Keys (16 Dec)](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-16TheImportanceOfShufflingInGAEN.md)
 --------------------------------------------------------------------------
diff --git a/blog/2020-04-07ContactTracingWithoutSurveillance.md b/blog/2020-04-07ContactTracingWithoutSurveillance.md
index 8ea97ec..3d99ee1 100644
--- a/blog/2020-04-07ContactTracingWithoutSurveillance.md
+++ b/blog/2020-04-07ContactTracingWithoutSurveillance.md
@@ -12,7 +12,7 @@ The complete list is:
  Smith, Alwen Tiu and me.
 - [Issues with COVIDSafe's new encryption scheme (19 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-19IssueswithCOVIDSafesNewEncryptionScheme.md) by the same authors.
 - [The current state of COVIDSafe (mid-June 2020) (22 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-22OutstandingPrivacyIssues.md) by the same authors.
-- [COVIDSafe issues found by the tech community (7 July, updated 28 Oct)](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
+- [COVIDSafe issues found by the tech community (7 July, updated 1 Jan 2021)](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
 - [Fools rush in where angels fear to tread - why Herald won't be ready by Christmas](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-07COVIDSafeHerald.md) by Jim Mussared and me.
 - [Why GAEN Exposure Information should be shuffled relative to Diagnosis Keys (16 Dec)](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-16TheImportanceOfShufflingInGAEN.md)
 
diff --git a/blog/2020-04-23ContactTracingAndConsent.md b/blog/2020-04-23ContactTracingAndConsent.md
index c8265b2..504a368 100644
--- a/blog/2020-04-23ContactTracingAndConsent.md
+++ b/blog/2020-04-23ContactTracingAndConsent.md
@@ -12,7 +12,7 @@ The complete list is:
  Smith, Alwen Tiu and me.
 - [Issues with COVIDSafe's new encryption scheme (19 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-19IssueswithCOVIDSafesNewEncryptionScheme.md) by the same authors.
 - [The current state of COVIDSafe (mid-June 2020) (22 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-22OutstandingPrivacyIssues.md) by the same authors.
-- [COVIDSafe issues found by the tech community (7 July, updated 28 Oct)](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
+- [COVIDSafe issues found by the tech community (7 July, updated 1 Jan 2021)](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
 - [Fools rush in where angels fear to tread - why Herald won't be ready by Christmas](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-07COVIDSafeHerald.md) by Jim Mussared and me.
 - [Why GAEN Exposure Information should be shuffled relative to Diagnosis Keys (16 Dec)](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-16TheImportanceOfShufflingInGAEN.md)
 
diff --git a/blog/2020-04-27TracingTheChallenges.md b/blog/2020-04-27TracingTheChallenges.md
index 75503de..b9f400a 100644
--- a/blog/2020-04-27TracingTheChallenges.md
+++ b/blog/2020-04-27TracingTheChallenges.md
@@ -12,7 +12,7 @@ The complete list is:
  Smith, Alwen Tiu and me.
 - [Issues with COVIDSafe's new encryption scheme (19 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-19IssueswithCOVIDSafesNewEncryptionScheme.md) by the same authors.
 - [The current state of COVIDSafe (mid-June 2020) (22 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-22OutstandingPrivacyIssues.md) by the same authors.
-- [COVIDSafe issues found by the tech community (7 July, updated 28 Oct)](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
+- [COVIDSafe issues found by the tech community (7 July, updated 1 Jan 2021)](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
 - [Fools rush in where angels fear to tread - why Herald won't be ready by Christmas](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-07COVIDSafeHerald.md) by Jim Mussared and me.
 - [Why GAEN Exposure Information should be shuffled relative to Diagnosis Keys (16 Dec)](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-16TheImportanceOfShufflingInGAEN.md)
 - 
diff --git a/blog/2020-05-14TheMissingServerCode.md b/blog/2020-05-14TheMissingServerCode.md
index d386a19..b910756 100644
--- a/blog/2020-05-14TheMissingServerCode.md
+++ b/blog/2020-05-14TheMissingServerCode.md
@@ -12,7 +12,7 @@ The complete list is:
  Smith, Alwen Tiu and me.
 - [Issues with COVIDSafe's new encryption scheme (19 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-19IssueswithCOVIDSafesNewEncryptionScheme.md) by the same authors.
 - [The current state of COVIDSafe (mid-June 2020) (22 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-22OutstandingPrivacyIssues.md) by the same authors.
-- [COVIDSafe issues found by the tech community (7 July, updated 28 Oct)](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
+- [COVIDSafe issues found by the tech community (7 July, updated 1 Jan 2021)](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
 - [Fools rush in where angels fear to tread - why Herald won't be ready by Christmas](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-07COVIDSafeHerald.md) by Jim Mussared and me.
 - [Why GAEN Exposure Information should be shuffled relative to Diagnosis Keys (16 Dec)](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-16TheImportanceOfShufflingInGAEN.md)
 
diff --git a/blog/2020-06-15COVIDSafesNewEncryptionScheme.md b/blog/2020-06-15COVIDSafesNewEncryptionScheme.md
index a297368..9d37ed9 100644
--- a/blog/2020-06-15COVIDSafesNewEncryptionScheme.md
+++ b/blog/2020-06-15COVIDSafesNewEncryptionScheme.md
@@ -12,7 +12,7 @@ The complete list is:
  Smith, Alwen Tiu and me.
 - [Issues with COVIDSafe's new encryption scheme (19 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-19IssueswithCOVIDSafesNewEncryptionScheme.md) by the same authors.
 - [The current state of COVIDSafe (mid-June 2020) (22 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-22OutstandingPrivacyIssues.md) by the same authors.
-- [COVIDSafe issues found by the tech community (7 July, updated 28 Oct)](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
+- [COVIDSafe issues found by the tech community (7 July, updated 1 Jan 2021)](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
 - [Fools rush in where angels fear to tread - why Herald won't be ready by Christmas](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-07COVIDSafeHerald.md) by Jim Mussared and me.
 - [Why GAEN Exposure Information should be shuffled relative to Diagnosis Keys (16 Dec)](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-16TheImportanceOfShufflingInGAEN.md)
 - 
diff --git a/blog/2020-06-19IssueswithCOVIDSafesNewEncryptionScheme.md b/blog/2020-06-19IssueswithCOVIDSafesNewEncryptionScheme.md
index 0262db1..aa32964 100644
--- a/blog/2020-06-19IssueswithCOVIDSafesNewEncryptionScheme.md
+++ b/blog/2020-06-19IssueswithCOVIDSafesNewEncryptionScheme.md
@@ -12,7 +12,7 @@ The complete list is:
  Smith, Alwen Tiu and me.
 - [**Issues with COVIDSafe's new encryption scheme (19 June) - this post**](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-19IssueswithCOVIDSafesNewEncryptionScheme.md) by the same authors.
 - [The current state of COVIDSafe (mid-June 2020) (22 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-22OutstandingPrivacyIssues.md) by the same authors.
-- [COVIDSafe issues found by the tech community (7 July, updated 28 Oct)](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
+- [COVIDSafe issues found by the tech community (7 July, updated 1 Jan 2021)](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
 - [Fools rush in where angels fear to tread - why Herald won't be ready by Christmas](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-07COVIDSafeHerald.md) by Jim Mussared and me.
 - [Why GAEN Exposure Information should be shuffled relative to Diagnosis Keys (16 Dec)](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-16TheImportanceOfShufflingInGAEN.md)
 - 
diff --git a/blog/2020-06-22OutstandingPrivacyIssues.md b/blog/2020-06-22OutstandingPrivacyIssues.md
index 7ec6122..7347bb5 100644
--- a/blog/2020-06-22OutstandingPrivacyIssues.md
+++ b/blog/2020-06-22OutstandingPrivacyIssues.md
@@ -12,7 +12,7 @@ The complete list is:
  Smith, Alwen Tiu and me.
 - [Issues with COVIDSafe's new encryption scheme (19 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-19IssueswithCOVIDSafesNewEncryptionScheme.md) by the same authors.
 - [**The current state of COVIDSafe (mid-June 2020) (22 June) - this post**](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-22OutstandingPrivacyIssues.md) by the same authors.
-- [COVIDSafe issues found by the tech community (7 July, updated 28 Oct) - this post](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
+- [COVIDSafe issues found by the tech community (7 July, updated 1 Jan 2021) - this post](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
 - [Fools rush in where angels fear to tread - why Herald won't be ready by Christmas](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-07COVIDSafeHerald.md) by Jim Mussared and me.
 - [Why GAEN Exposure Information should be shuffled relative to Diagnosis Keys (16 Dec)](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-16TheImportanceOfShufflingInGAEN.md)
 - 
diff --git a/blog/2020-07-07IssueSummary.md b/blog/2020-07-07IssueSummary.md
index 8fa604a..90ede98 100644
--- a/blog/2020-07-07IssueSummary.md
+++ b/blog/2020-07-07IssueSummary.md
@@ -11,7 +11,7 @@ The complete list is:
 - [COVIDSafe's new payload encryption scheme (15 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-15COVIDSafesNewEncryptionScheme.md) by Chris Culnane, Ben Frengley, Eleanor McMurtry, Jim Mussared, Yaakov Smith, Alwen Tiu and me.
 - [Issues with COVIDSafe's new encryption scheme (19 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-19IssueswithCOVIDSafesNewEncryptionScheme.md) by the same authors.
 - [The current state of COVIDSafe (mid-June 2020) (22 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-22OutstandingPrivacyIssues.md) by the same authors.
-- [**COVIDSafe issues found by the tech community (7 July, updated 28 Oct) - this post**](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
+- [**COVIDSafe issues found by the tech community (7 July, updated 1 Jan 2021) - this post**](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
 - [Fools rush in where angels fear to tread - why Herald won't be ready by Christmas](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-07COVIDSafeHerald.md) by Jim Mussared and me.
 - [Why GAEN Exposure Information should be shuffled relative to Diagnosis Keys (16 Dec)](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-16TheImportanceOfShufflingInGAEN.md)
 
@@ -20,7 +20,7 @@ The complete list is:
 Jim Mussared: jim.mussared [at] gmail.com / [@jim_mussared](https://twitter.com/jim_mussared)   
 Vanessa Teague: [ThinkingCybersecurity Pty Ltd](https://www.thinkingcybersecurity.com) / [@VTeagueAus](https://twitter.com/vteagueaus)
 
-Last updated: October 28th 2020, for Android v1.13 / iPhone v1.13. New fixes are noted below.
+Last updated: Jan 1 2021, for Android v2.0 / iPhone v2.1.1. New fixes are noted below.
 
 # COVIDSafe issues found by the tech community
 
@@ -32,7 +32,9 @@ Many issues have been found as well as recommendations for how to fix them, and
 
 Most, but not all, of these issues have been fixed.  However, due to a quirk in the way that COVIDSafe works, it is not clear that users are actually receiving automatic updates to the app.  If you haven't checked you are running the most recent version, you should check manually and update now.
 
-Oct 28th: The most important message for users is for Issue 25: **users need to open the app, check that its location permissions are OK (have a green tick) and, if not, grant location permission to the app (again).** Note that leaving the global location setting off also prevents scanning - see Issue 23.
+Oct 28th 2020: The most important message for users is for Issue 25: **users need to open the app, check that its location permissions are OK (have a green tick) and, if not, grant location permission to the app (again).** Note that leaving the global location setting off also prevents scanning - see Issue 23.
+
+Jan 1st 2021: COVIDSafe has been update to use the [Herald](https://vmware.github.io/herald/) framework for Bluetooth communications. Several issues were (re-)introduced during this migration.
 
 ## Types of issues
 
@@ -283,7 +285,7 @@ The core issue was fixed in v1.0.39 however there are some [UI problems that nee
 The main screen tells users that it is not active, when it is active and working in most circumstances, as described above.
 
 ###  24. The app didn't auto-update 
-Status: Fix in-progress (starting with v1.8 & v1.0.49)   
+Status: Uncertain   
 Type: Functionality, Privacy, Usability, Security   
 Affects: Android   
 More info: [Blog post](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-22OutstandingPrivacyIssues.md#the-app-does-not-automatically-update)
@@ -295,9 +297,11 @@ v1.0.39 for Android and v1.8 for iOS add support for push notifications (using F
 
 **We are not certain of the current status of this problem. Users should probably still check manually that they have received the most recent update.**
 
+Early reports suggest that since the change to use Herald, that this now possibly the iPhone app. No push notifications have been sent yet.
+
 
-### 25. 🚨 Android app loses location permission after 1.0.39 update 🚨
-Status: **Fixed, then un-fixed again for v1.13**   
+### 25. Android app loses location permission after 1.0.39 update
+Status: Fixed   
 Type: Functionality, Usability   
 Affects: Android   
 More info: [GitHub Issue](https://github.com/AU-COVIDSafe/mobile-android/issues/14)
@@ -312,27 +316,31 @@ There is a notification shown, however it's not a new notification, rather it ju
 
 It's confusing to users that the app suddenly seems to require location permission, and might make it seem like the new version is now introducing additional location-based functionality (which it isn't).
 
+This change was then reverted a couple of months later, leading to the exact same confusion.
 
-### 26. 🚨 Can't click "continue" in Android registration screen  🚨
-Status: **Not fixed**   
+
+### 26. Can't click "continue" in Android registration screen   
+Status: Fixed   
 Type: Functionality, Usability   
 Affects: Android   
 More info: [GitHub Issue](https://github.com/AU-COVIDSafe/mobile-android/issues/17)
 
-A user interface issue prevents the "Continue" and "Get Pin" buttons from being pressed during the registration screen. It's not intuitive how to work around this issue.
+A user interface issue prevented the "Continue" and "Get Pin" buttons from being pressed during the registration screen. It's not intuitive how to work around this issue.
 
 
-### 27. 🚨 App silently doesn't function on some Android 5.1/6.0/7.0 devices  🚨
-Status: **Not fixed**   
+### 27. App silently doesn't function on some Android 5.1/6.0/7.0 devices   
+Status: Cannot be fixed   
 Type: Functionality   
 Affects: Android   
 More info: [GitHub Issue](https://github.com/AU-COVIDSafe/mobile-android/issues/18)
 
 Although the COVIDSafe app supports phones running versions of Android all the way back to Android 5.1, some phones running 5.1, 6.0, and 7.0 do not have the Bluetooth functionality required to run COVIDSafe. The app does not detect this and appears like everything is working, when app cannot actually be detected by other phones.
 
+The Herald migration is supposed to address this, but the result is no different. The system continues to rely on the older phones finding newer phones, so it is not possible for two old phones to exchange details. Herald has a feature that allows a third phone to act as a "proxy" but this feature is not enabled in COVIDSafe.
+
 
-### 28. 🚨 Android app can corrupt its registration token leading to crash on startup  🚨
-Status: **Workaround - status unclear**   
+### 28. Android app can corrupt its registration token leading to crash on startup
+Status: Likely fixed (no new reports)   
 Type: Functionality, Usability  
 Affects: Android   
 More info: [GitHub Issue](https://github.com/AU-COVIDSafe/mobile-android/issues/23)
@@ -345,6 +353,96 @@ The root cause and suggested fix is complicated, see the GitHub issue linked abo
 
 We are not sure of the current status of this problem.  There seems to be an attempted fix, but we are not sure whether it solves the underlying problem or merely prevents it causing a crash.
 
+
+### 29. Insecure random number generator leads to device tracking   
+Status: Fixed   
+Type: Privacy   
+Affects: Android   
+More info: [Blog post](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-07COVIDSafeHerald.md#privacy), [GitHub issue](https://github.com/vmware/herald-for-android/issues/110)   
+
+This is almost identical to issue #1 above, and was introduced in the migration to Herald due to Herald's use of an [insecure random number generator](https://owasp.org/www-community/vulnerabilities/Insecure_Randomness).
+
+This was briefly [fixed upstream in Herald](https://github.com/vmware/herald-for-android/pull/91), and then the fix was [replaced](https://github.com/vmware/herald-for-android/issues/81) with a new use of an insecure random number generator, and this code is still broken upstream.
+
+COVIDSafe have applied a temporary fix to use Android's `SecureRandom`. There are [suggestions from the Herald team](https://github.com/vmware/herald-for-android/issues/109#issuecomment-744508712) that maybe this will lead to the app stopping working on some phones.
+
+
+### 30. iPhone app prevents Bluetooth from making new connections   
+Status: Fixed in v2.1.1   
+Type: Functionality   
+Affects: iOS   
+More info: [GitHub issue](https://github.com/AU-COVIDSafe/mobile-ios/issues/38)   
+
+This is identical to #13 above, and was re-introduced in the Herald migration, due to the way that Herald manages connection to iPhones.
+
+This prevented the app from functioning at all on iPhones, and also prevented other Bluetooth functionality from working (such as wireless headphones, medical devices, remote controls).
+
+An emergency patch was released on Dec 23.
+
+
+### 31. 🚨 Android app registers multiple Bluetooth services 🚨
+Status: Not fixed   
+Type: Functionality   
+Affects: Android   
+More info: [GitHub issue (COVIDSafe)](https://github.com/AU-COVIDSafe/mobile-android/issues/33), [GitHub issue (Herald)](https://github.com/vmware/herald-for-android/issues/107)
+
+Since the Herald migration, the Android app uses the Bluetooth interface in a complicated way that can result in the phone registering the COVIDSafe service multiple times. This is particularly easy to trigger when enabling/disabling the Bluetooth functionality on the phone.
+
+The effect is that the phone will appear to look like multiple phones to other nearby phones, which leads to more crowding issues (lower detection efficiency) and higher battery drain. Additionally, after registering the service too many times, the app stops functioning.
+
+A fix was attempted before launch after this issue was raised, but it did not solve the issue.
+
+
+### 32. 🚨 COVIDSafe is a significant battery drain 🚨
+Status: Not fixed   
+Type: Functionality, Usability   
+Affects: Android & iOS   
+More info: [GitHub issue](https://github.com/AU-COVIDSafe/mobile-ios/issues/31)
+
+There have been numerous reports of COVIDSafe being a serious battery drain, and the Herald update has made this worse. This is driving people to uninstall the app.
+
+Inspection of the Herald code shows many reasons why this is the case -- the app connects to all nearby Apple devices, not just ones running COVIDSafe, as well as very aggressive connection keep-alive and re-connections. Additionally, the phone is prevented from properly entering low power mode.
+
+Even the [DTA's own battery testing](https://www.dta.gov.au/news/covidsafe-captures-close-contacts-new-herald-protocol) shows some fairly extraordinary numbers for battery use for a "background" app.
+
+
+### 33. 🚨 Location access is confusing users 🚨
+Status: Not fixed   
+Type: Functionality, Usability   
+Affects: iOS  
+More info:   GitHub issues: [32](https://github.com/AU-COVIDSafe/mobile-ios/issues/32), [38](https://github.com/AU-COVIDSafe/mobile-ios/issues/38), [34](https://github.com/AU-COVIDSafe/mobile-ios/issues/34), [30](https://github.com/AU-COVIDSafe/mobile-ios/issues/30), [29](https://github.com/AU-COVIDSafe/mobile-ios/issues/29#issuecomment-736531034)   
+
+The Herald update now requires that the iOS app is granted permission for location access, and iOS will now periodically tell the user how many times COVIDSafe "access the location in the background".
+
+The app doesn't actually use location data, rather the location access is used to "wake up" the app. However there is very little reason for a user to understand this distinction, and a user cannot easily verify this for themselves.
+
+This was raised before release, but was deemed unimportant. However, this has also driven more people to uninstall the app.
+
+
+### 34. 🚨 Herald reduces connection efficiency 🚨
+Status: Not fixed   
+Type: Functionality
+Affects: Android & iOS   
+More info: [GitHub issue](https://github.com/AU-COVIDSafe/mobile-android/issues/32)
+
+Herald only exchanges tracing data in one direction for a given connection (with some exceptions). COVIDSafe originally was able to share this data in both directions, meaning that a single connection was sufficient for two phones to record an encounter. Since the Herald update, it now requires a second connection to be established in the reverse direction.
+
+This reduces the efficiency of encounter recording, especially in crowded environments.
+
+
+### 35. 🚨 The app cannot measure distance (e.g. 1.5 metres) 🚨
+Status: Not fixed   
+Type: Functionality, Privacy   
+Affects: iOS & Android   
+More info: [GitHub issue](https://github.com/AU-COVIDSafe/mobile-android/issues/31)
+
+Since launch, COVIDSafe has claimed to be able to detect exposures of "less than 1.5 metres for 15 minutes". There has never been any evidence to support this claim, either from the DTA or from any other contact tracing teams.
+
+On the contrary, many experts have repeatedly pointed out that Bluetooth cannot be used to accurately measure distance, as there are far too many complicated interactions and real-world considerations to take into account. At best, it can only be used to get a very crude estimate of "proximity".
+
+The migration to Herald complicates this because the Herald project makes similarly strong claims about their ability to measure distance (despite not actually having any distance measurement functionality).
+
+
 ## Recommendations
 
 ### Apple/Google Exposure Notification API
@@ -355,12 +453,13 @@ The Apple/Google Exposure Notification API is not perfect, and does have its own
 
 Human contact tracers can be involved in an app based on the Google/Apple API.  The [Irish app](https://www.irishtimes.com/business/technology/what-is-covid-tracker-ireland-1.4298128) allows users to opt in to giving their phone number so they can be contacted by a person if they are identified as having been exposed.  The difference between this and COVIDSafe is that the authority does not receive each infected person's list of face-to-face contacts, just a notification that a particular person has been exposed.
 
+Apple have recently added support for iOS 12.x devices, so the weak excuse that not enough phones support it is no longer even remotely valid.
+
 Although there are pros and cons, there does not seem to be any reasonable analysis or understanding in government of why a centralised model has been chosen. Consider for example Minister Robert's [recent attempt to explain](https://minister.servicesaustralia.gov.au/transcripts/2020-07-07-q-and-speech-national-press-club):
 > *there's an opportunity I think here for the big tech companies to lock step in with sovereign governments and assist them with their sovereign approach to doing tracing. Remember, digital tracing simply enhances a manual tracing process. The big tech companies with their exposure notification framework are saying that digital tracing unto itself is enough. The global experience shows quite clearly it is not enough.*
 
 The world is headed for a large and not very well-controlled empirical test, so we will soon see evidence that allows us to compare the countries with decentralised apps based on the Apple/Google API (such as Italy, Germany, Switzerland, Ireland and the UK) against those that stick with a centralised model.  The Australian authorities are choosing to emphasise centralised data gathering, knowing that this carries a cost for basic successful functioning (for all the reasons described above).  The global experience will soon show whether this was wise.
 
-
 ### The server code
 
 The source code for the the COVIDSafe server code has not been released for public inspection. For more information, please see [The missing server code, and why it matters](https://github.com/vteague/contactTracing/blob/master/blog/2020-05-14TheMissingServerCode.md)
diff --git a/blog/2020-12-07COVIDSafeHerald.md b/blog/2020-12-07COVIDSafeHerald.md
index 98d22f6..868b701 100644
--- a/blog/2020-12-07COVIDSafeHerald.md
+++ b/blog/2020-12-07COVIDSafeHerald.md
@@ -11,7 +11,7 @@ The complete list is:
 - [COVIDSafe's new payload encryption scheme (15 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-15COVIDSafesNewEncryptionScheme.md) by Chris Culnane, Ben Frengley, Eleanor McMurtry, Jim Mussared, Yaakov Smith, Alwen Tiu and me.
 - [Issues with COVIDSafe's new encryption scheme (19 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-19IssueswithCOVIDSafesNewEncryptionScheme.md) by the same authors.
 - [The current state of COVIDSafe (mid-June 2020) (22 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-22OutstandingPrivacyIssues.md) by the same authors.
-- [COVIDSafe issues found by the tech community (7 July, updated 28 Oct)](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
+- [COVIDSafe issues found by the tech community (7 July, updated 1 Jan 2021)](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
 - [**Fools rush in where angels fear to tread - why Herald won't be ready by Christmas - this post (7 Dec)** ](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-07COVIDSafeHerald.md) by Jim Mussared and me.
 - [Why GAEN Exposure Information should be shuffled relative to Diagnosis Keys (16 Dec)](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-16TheImportanceOfShufflingInGAEN.md)
 
diff --git a/blog/2020-12-16TheImportanceOfShufflingInGAEN.md b/blog/2020-12-16TheImportanceOfShufflingInGAEN.md
index 73301d1..eceb2ae 100644
--- a/blog/2020-12-16TheImportanceOfShufflingInGAEN.md
+++ b/blog/2020-12-16TheImportanceOfShufflingInGAEN.md
@@ -11,7 +11,7 @@ The complete list is:
 - [COVIDSafe's new payload encryption scheme (15 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-15COVIDSafesNewEncryptionScheme.md) by Chris Culnane, Ben Frengley, Eleanor McMurtry, Jim Mussared, Yaakov Smith, Alwen Tiu and me.
 - [Issues with COVIDSafe's new encryption scheme (19 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-19IssueswithCOVIDSafesNewEncryptionScheme.md) by the same authors.
 - [The current state of COVIDSafe (mid-June 2020) (22 June)](https://github.com/vteague/contactTracing/blob/master/blog/2020-06-22OutstandingPrivacyIssues.md) by the same authors.
-- [COVIDSafe issues found by the tech community (7 July, updated 28 Oct)](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
+- [COVIDSafe issues found by the tech community (7 July, updated 1 Jan 2021)](https://github.com/vteague/contactTracing/blob/master/blog/2020-07-07IssueSummary.md) by Jim Mussared and me.
 - [Fools rush in where angels fear to tread - why Herald won't be ready by Christmas](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-07COVIDSafeHerald.md) by Jim Mussared and me.
 - [**Why GAEN Exposure Information should be shuffled relative to Diagnosis Keys - this post (16 Dec, updated 19 Dec)**](https://github.com/vteague/contactTracing/blob/master/blog/2020-12-16TheImportanceOfShufflingInGAEN.md)
 ---------------------------------------