UK rejects the contact-tracing app proposed by Apple and Google - Money

The UK is once again bucking the trend in its quest to conquer the coronavirus as it opts not to use the framework created by Apple and Google for its NHS COVID-19 contact-tracing app.

Instead, NHSX — the digital arm of the nation’s health organisation — is creating a centralised app that strays from the Apple-Google model.

NHS officials hope their app will provide better insight into the spread of COVID-19 and help flatten the curve of coronavirus infections.

But security experts warn the method has significant privacy implications, could upset the tech firms, and provide the blueprint for unethical mass-surveillance once the pandemic ends.

Apple and Google, along with GCHQ’s National Cyber Security Centre and the National Cyber Security Centre (NCSC) are still assisting and advising on the NHS app, according to reports.

Scroll down for video

The UK is once again bucking the trend in its quest to conquer coronavirus as it opts not to use the framework created by Apple and Google. NHS officials hope their method will provide better insight into the spread of COVID-19 and improve treatment and diagnostics

Google and Apple joined forces earlier this month and announced they were combining their expertise to turn smartphones into coronavirus-tracking devices.

The unprecedented collaboration comes from two companies that both place a high value on the privacy of users.

As a result, their system, which was designed to work optimally on both iOS and Android, is decentralised. No movement or tracking information will be stored on a central server, meaning it is invisible to Google, Apple and the NHS.

It works by keeping a exchanging a digital ‘token’ with every phone you come within Bluetooth range of over a fixed period.

If one person develops symptoms of the coronavirus or tests positive, they will be able to enter this information into the app.

The phone will then send out a notification to all the devices they have exchanged tokens with during the infection window, to make people aware they may have been exposed to COVID-19.

The process is confined to the individual’s handset and the scope of the information sent to the NHS is strictly limited.

Battery life implications of the NHS’s decentralised NHS contact tracing coronavirus app

The system built by Apple and Google was intended to be energy efficient and it was hoped this would preserve battery life.

Apple allowed phones using its API – application programming interface – to conduct Bluetooth ‘handshakes’ in the background.

In this process, a phone regularly changes its unique ID.

The phone will also store IDs of phones it has come into contact with.

This is all done with the app lying dormant and not having to wake up.

If someone is found to have COVID-19 they would input a code into their app and this authorises the automatic dispersal of a notification to any people who may be affected.

This was all authorised by Apple and Google to streamline the process and make it as smooth a possible.

However, in the NHS’s centralised app, which goes against the grain of what Apple and Google created, the app running in the background must be ‘woke up’ every time a Bluetooth connection to another device is made. This uses energy.

Some inherent code will then run, logging the interaction and storing the appropriate IDs.

It will then go back to its dormant state.

Apple’s exchange of data via the Bluetooth ‘handshake’ is also quicker than the version being built by the NHS, further adding to the battery life disparity.

Australia appears to have avoided staying within the confines of the Google-Apple API but has acknowledged notable power consumption problems.

The Australian government has also admitted issues with the app working properly if the phone is using its Bluetooth for other purposes – such as speakers etc.

However, the method proposed by NHSX focuses on a centralised scheme.

In it, the data is still collected via Bluetooth but any interactions between people is recorded by the phone and then sent back to a server run by the NHS.

Here, all data on all movements will be kept. This level of data collection on a person’s movements is fraught with hazards, experts claim.

The NHS, unsurprisingly, is facing questions as to why it needs to develop the app in this manner when other countries are plumping for the more privacy-centric approach.

In a weekend blog post, NHSX writes: ‘The data will only ever be used for NHS care, management, evaluation and research.

‘You will always be able to delete the app and all associated data whenever you want. We will always comply with the law around the use of your data, including the Data Protection Act and will explain how we intend to use it.

‘We will be totally open and transparent about your choices in the app and what they mean.

‘If we make any changes to how the app works over time, we will explain in plain English why those changes were made and what they mean for you. Your privacy is crucial to the NHS, and so while these are unusual times, we are acutely aware of our obligations to you.’

The security and privacy issues have been sized up and balanced against potential public health benefits and the officials in charge of the UK’s coronavirus response deem the centralised app a necessary step.

The health gains they expect to come from data analysis could save lives and this, in the eyes of the health officials, outweighs any privacy quandary.

A centralised app run by the NHS with expert assistance may provide invaluable insight into how COVID-19 is spread.

Professor Christopher Fraser, one of the epidemiologists advising NHSX, explained to the BBC: ‘One of the advantages is that it’s easier to audit the system and adapt it more quickly as scientific evidence accumulates.

‘The principal aim is to give notifications to people who are most at risk of having got infected, and not to people who are much lower risk.

‘It’s probably easier to do that with a centralised system.’

At a meeting of the Science and Technology Committee held today, it was revealed the NHS app will likely be rolled out in two to three weeks, but a trial with a small number of people in a very localised, and as yet undisclosed, area will test the app first.

NHSX chief executive Matthew Gould said talks are still being held with Google and Apple, despite the decision to move to a centralised version of the app.

Germany had previously sided with Britain and hoped to create its own centralised app. But on Sunday the German government performed a dramatic U-turn and is now heading towards a decentralised version.

It also leaves the UK at odds with Switzerland, Austria, a pan-European group called DP3T and the tech-savvy Estonians who are all backing a decentralised app, as advocated by Google and Apple.

In Europe, only France, and now Britain, have come out as supporters of a centralised system. Australia, it is believed, is also running a centralised app.

Professor Alan Woodward, from the Surrey Centre for Cyber Security at the University of Surrey mentions the fact Apple and Google do not want to assist in developing a system which effectively tracks users as it could later be adopted and tweaked to spy on people en masse.

He told PA news agency: ‘There may be some pushback, I think – the simple way to put it – because what Apple does not want is somebody building a system that could be used as a tracking system, a generalised tracking system.

‘So, repurposing the technology, later on, for example – never mind now in this emergency of the data collected – but could someone, later on, build technology along the same principles just to use Bluetooth to track people?

‘And the whole point was, iOS particularly was built, and Android’s later versions, are built so that you cannot do that.

‘They (Apple and Google) know that their customer base is global, it’s not just the US or the UK or European, it’s all over the world, so they want their users to not think that governments can somehow subvert their operating systems to become trackers.

‘So there is a bit of a danger it might get some pushback.

‘And I think, if the UK Government are going to sell this to the public, they have to have those epidemiologists, the public health people, out, front and centre, justifying why they need that data.’

Contact tracing reduces the time it takes to isolate infected people by nearly two days

Contact tracing reduces the time taken to isolate people with COVID-19 by nearly two days, making it key to controlling the spread of coronavirus, a new study claims.

Chinese researchers claim contact tracing reduced time taken to isolate infected people from an average of 4.6 days down to 2.7 days.

The study was based on an analysis of 391 coronavirus cases and 1,286 of their close contacts in Shenzhen, China, over four weeks between January 14 and February 12.

The disease prevention method also quickened the average time for new cases to be confirmed from 5.5 days to 3.2 days, it found.

Contact tracing – which involves locating those who have been in close contact with an infected person – followed by and rapid isolation can reduce the length of time people are infectious in the community, the study suggests.

Since global lockdowns, contact tracing has increasingly come in the form of government-backed apps for users to report any symptoms.

The invasive nature of the app was acknowledged by the NHS.

Mr Gould said during the meeting of the Science and Technology Committee that ‘a huge communications effort’ would be needed to get the message across of the app’s benefits outweighing any potential concerns.

Other countries that have developed similar apps with the same goal in mind have encountered difficulties when straying away from the Goole-Apple ideal.

The main reason is that the companies have specifically tried to make it as difficult as possible to collect data using Bluetooth.

Performance concerns have also been raised by some, which compound the privacy concerns.

If it is not built within restrictions laid out by Apple and Google, it risks falling foul of more technical glitches than if it were to adhere to the model.

For example, software engineers around the world have had issues getting the app to actively collect data if the app is not active or on-screen.

NHSX claims it has found ways to resolve this issue and is able to make the app perform ‘sufficiently well’.

An NHSX spokesman said: ‘Engineers have met several core challenges for the app to meet public health needs and support detection of contact events sufficiently well, including when the app is in the background, without excessively affecting battery life.

‘This has been achieved using standard Google and Apple published API while adhering to the Bluetooth Low Energy Standard 4.0 and above.’

Experts from GCHQ’s National Cyber Security Centre have assisted in the making of the app where as NCSC claims its involvement has been restricted to advising.

What is the coronavirus app being developed by the NHS?

A smartphone app designed to help limit the spread of coronavirus upon the eventual relaxation of lockdown measures is due to be trialled soon.

But how will it work and what will it do with users’ data?

Here are some answers to those questions and more.

In plain English, what is the contact-tracing app?

The app – which has not yet been given a name – will be downloaded onto smartphones and use low Bluetooth technology to work out when other app users are in close enough proximity to potentially spread the virus.

The data is recorded under an anonymous ID, rather than by the person’s name. If and when someone starts showing symptoms, or tests positive for Covid-19, they are able to share that with the app.

The app then sends a notification warning of possible infection to all those phone users to have come in requisite proximity recently.

Sounds quite technical. I just want to know what it will mean for me. Is the app the key to lockdown being lifted?

It could be an important part of it, yes. The Government has set out its five-strong criteria before it will ease lockdown measures.

The app can help with that because it will be able to identify who might have been infected with the virus unwittingly, and help them to limit the spread by advising them to self-isolate.

This consequently helps alleviate pressure on the NHS.

Sign me up. How do I get it?

Hold your horses. The app is not ready yet.

The team behind the technology expect to trial it in a ‘small area’ in the coming days, with it ready for full roll-out in ‘two to three weeks’.

Great! So that’s lockdown lifted in three weeks then?

Not necessarily. The Government has come under increased pressure to lift lockdown measures introduced on March 23, but Boris Johnson has made it very clear he will not risk a second peak of the virus.

What’s the point of having this app then?

The developers say widespread take-up of the app will be crucial in making sure it works effectively.

The Science and Technology Committee of MPs was told on Tuesday that even a ‘pessimistic’ estimate of 60 per cent% of the population downloading and using the app would be enough to bring the reproduction number to below one – a crucial indicator in the fight against spreading the virus.

What about people without smartphones?

Not everyone has an internet-enabled mobile phone or a mobile phone altogether.

Likewise, not everyone will want to download the app, it is voluntary after all. The Government will have to hope as many of those with phones do, however.

Should I be concerned about my data being shared with third party companies?

Not according to the NHSX – the health service’s digital innovation arm responsible for the app.

Developers are working with the Information Commissioner’s Office to make sure the app is compliant with data protection laws, and say phone users can be ‘confident’ their personal data will not be compromised.

Some experts have concerns over the app being decentralised and the storage and use of mass anonymous data.