British Covid-19 Tracing App Adopts Google, Apple Approach

The NHS Coronavirus contact tracing app is abandoning its centralised approach, and instead opting for the decentralised model pushed by Apple and Google.

The decision is a significant u-turn, but comes after similar decisions from countries such as Germany, Italy and Denmark, which also moved to the tech giants’ model.

The NHS app had been delayed, as it was initially expected in mid May. Earlier this month a government a minister confirmed the app would be in place by the end of June, but new reports suggest it won’t be ready until the winter.

App development

Whenever it arrives, the app will mostly likely be needed in the future, especially if the world has to contend with another global pandemic.

The beta app had been initially been tested at a Royal Air Force base in North Yorkshire, before it was trialled on the Isle of Wight, where it was downloaded more than 55,000 times.

The app was also published to Apple and Google’s app stores, but was effectively hidden from the general public.

The NHS app has been developed by NHSX – the health service’s digital innovation unit – and last month the source code was published to GitHub to allow scrutiny from others.

But within a couple of weeks, Australian cryptographers warned of wide-ranging security flaws with the app, and said the problems pose risks to users’ privacy and could be abused to prevent contagion alerts being sent.

The problems found by the researchers include weaknesses in the registration process that could allow attackers to steal encryption keys. This could prevent users from being notified if a contact tested positive for Covid-19. Or it could result in the creation of a false alert.

Centralised approach

Developers of the app had argued that its own centralised model was more effective than the model being proposed by the technology companies.

Under the centralised approach, when someone tests positive for Covid-19, the app will track down whom the patient has been in contact with and isolate them.

The UK’s NHS app uses Bluetooth signals to detect and log other phones with a compatible app in the vicinity.

When a person develops a confirmed case, the app alerts those who have come into contact with the individual.

But the NHS’ “centralised” approach has come under fire for exposing users to privacy risks and, as a result, potentially making people less willing to use the software.

The NHS app processes anonymised data on a central server, allowing the NHS to track trends in the way the virus is spreading and to detect hotspots.

That approach contrasts to the “decentralised” approach adopted by many other countries, where all data processing is carried out on the devices themselves.

Apple and Google are developing a decentralised API that is to be built into iOS and Android devices, and the method has been widely adopted across Europe and elsewhere.

France and Japan are two notable exceptions, by opting to employ centralised servers.

But now according to Sky News, the government this afternoon will announce it is switching to the technology provided by Google and Apple.

Although more privacy-focused, it does potentially mean that epidemiologists will have access to less data.

The decision to switch comes the day after the BBC revealed that a former Apple executive, Simon Thompson, was taking charge of the late-running project.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Uber, Lyft Drivers Classified As Employees, Judge Rules

Gig economy change. Judge in California rules drivers for Uber and Lyft are employees, and…

9 hours ago

Tim Cook Now A Billionaire After Apple Share Surge

Welcome to the club. CEO Tim Cook now said to be a billionaire after almost…

11 hours ago

Police Use Of Facial Recognition Breached Privacy, Court Rules

Milestone ruling. The UK Court of Appeal rules use of automatic facial recognition (AFR) tech…

12 hours ago

Trump Administration Announces 5G Spectrum Auction

5G growth. The White House has announced a spectrum auction to strengthen “the United States’…

14 hours ago

Toshiba Confirms Exit From Laptop Sector

Japanese conglomerate sells its final stake in PC maker Dynabook, marking the end of 35…

15 hours ago

Researchers Uncover Stuxnet-Style Flaw In Windows

The zero-day vulnerability affects the same Windows component used by Stuxnet to attack critical infrastructure…

2 days ago