British Covid-19 Tracing App Adopts Google, Apple Approach

The NHS Coronavirus contact tracing app is abandoning its centralised approach, and instead opting for the decentralised model pushed by Apple and Google.

The decision is a significant u-turn, but comes after similar decisions from countries such as Germany, Italy and Denmark, which also moved to the tech giants’ model.

The NHS app had been delayed, as it was initially expected in mid May. Earlier this month a government a minister confirmed the app would be in place by the end of June, but new reports suggest it won’t be ready until the winter.

App development

Whenever it arrives, the app will mostly likely be needed in the future, especially if the world has to contend with another global pandemic.

The beta app had been initially been tested at a Royal Air Force base in North Yorkshire, before it was trialled on the Isle of Wight, where it was downloaded more than 55,000 times.

The app was also published to Apple and Google’s app stores, but was effectively hidden from the general public.

The NHS app has been developed by NHSX – the health service’s digital innovation unit – and last month the source code was published to GitHub to allow scrutiny from others.

But within a couple of weeks, Australian cryptographers warned of wide-ranging security flaws with the app, and said the problems pose risks to users’ privacy and could be abused to prevent contagion alerts being sent.

The problems found by the researchers include weaknesses in the registration process that could allow attackers to steal encryption keys. This could prevent users from being notified if a contact tested positive for Covid-19. Or it could result in the creation of a false alert.

Centralised approach

Developers of the app had argued that its own centralised model was more effective than the model being proposed by the technology companies.

Under the centralised approach, when someone tests positive for Covid-19, the app will track down whom the patient has been in contact with and isolate them.

The UK’s NHS app uses Bluetooth signals to detect and log other phones with a compatible app in the vicinity.

When a person develops a confirmed case, the app alerts those who have come into contact with the individual.

But the NHS’ “centralised” approach has come under fire for exposing users to privacy risks and, as a result, potentially making people less willing to use the software.

The NHS app processes anonymised data on a central server, allowing the NHS to track trends in the way the virus is spreading and to detect hotspots.

That approach contrasts to the “decentralised” approach adopted by many other countries, where all data processing is carried out on the devices themselves.

Apple and Google are developing a decentralised API that is to be built into iOS and Android devices, and the method has been widely adopted across Europe and elsewhere.

France and Japan are two notable exceptions, by opting to employ centralised servers.

But now according to Sky News, the government this afternoon will announce it is switching to the technology provided by Google and Apple.

Although more privacy-focused, it does potentially mean that epidemiologists will have access to less data.

The decision to switch comes the day after the BBC revealed that a former Apple executive, Simon Thompson, was taking charge of the late-running project.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Meta Sued For $150 Billion By Rohingya Refugees

Meta sued for billions of dollars for not allegedly removing anti-Rohingya hate speech during 2017…

1 hour ago

Intel To List Self-driving Car unit Mobileye

Public offering planned for Intel's self-driving-car unit Mobileye next year, but Intel says it will…

3 hours ago

Virgin Media O2 Completes Gigabit Network Upgrade

Ultrafast broadband. 15.5 million homes can now access speeds of 1.1Gbps, after Virgin Media O2…

4 hours ago

Craig Wright Wins US Case Over Bitcoin Inventor Claim

Computer scientist who claims to be Satoshi Nakamoto, wins US court case against former partner,…

5 hours ago

300 Spar Stores Impacted After Cyberattack On Supplier

Family run firm in Preston, Lancashire suffers cyberattack, which impacts tills and IT systems for…

7 hours ago

EC Gathers Feedback On Microsoft’s Nuance Buy, Despite US Approval

European antitrust regulators are gathering competition data on Microsoft's purchase of Nuance ahead of 21…

7 hours ago