Government announces move to decentralised COVID-19 tracing app model

Concerns over privacy and problems with vendor-specific technology force Government to rethink its approach

The Government's initial COVID-19 contact tracing app hit a myriad of problems

Technology experts have cautiously welcomed the Government’s announcement that it is considering abandoning the centralised COVID-19 contact tracing app and moving towards a decentralised model based around Silicon Valley giants Apple and Google.

In what is seen as a major U-turn, the Government recently announced it was ditching the way its current coronavirus-tracing app works and shifting to a model based on technology provided by Apple and Google, which it hopes will be more privacy focused.

However, such as move would mean epidemiologists would have access to less data in order to make more-informed decisions on what is working in terms of reducing the spread of coronavirus across the UK.

Collecting and parsing vast data sets is inherently complicated, so it not surprising that the UK is shifting gears and switching to tech from two Silicon Valley giants

The Government said it is working towards the launch of a new app in the autumn, though it is not yet known whether the contract tracing element will be ready by then.

Instead the software may be limited to enabling users to report their symptoms and order a test.

Baroness Dido Harding, who heads up the wider Test and Trace programme, said she will only give the green light to actually deploying the Apple-Google technology if she judges it to be fit for purpose, which she does not believe is the case at present.

At a Downing Street briefing, Health Secretary, Matt Hancock, said the original plan might have worked had it not been for Apple's restrictions on third-party apps' use of Bluetooth.

And he said he would not recommend use of a contact-tracing app ‘unless I'm confident in it’.

“Apple software prevents iPhones being used effectively for contact tracing unless you're using Apple's own technology," he said.

"Our app won't work because Apple won't change that system... and their app can't measure distance well enough to a standard that we are satisfied with.

"What matters is what works. Because what works will save lives."

Baroness Harding added: "What we've done in really rigorously testing both our own COVID-19 app and the Google-Apple version is demonstrate that none of them are working sufficiently well enough to be actually reliable to determine whether any of us should self-isolate for two weeks [and] that's true across the world."

In response, Google noted that it and Apple had developed an application programming interface - a set of functions and procedures for others to build on - rather than a fully-fledged app.

The NHS has been testing both centralised and decentralised systems against each other over the course of the past month.

Between Google and Apple, they supply nearly all of the underlying mobile operating systems for the UK’s public mobile phones. As such, these organisations are most likely to be in the best position to design a solution that maximises functionality, including interoperability, provide strong security and data privacy, and to do so quickly

The study found the centralised version trialled on the Isle of Wight worked well at assessing the distance between two users, but was poor at recognising Apple's iPhones.

Specifically, the software registered about 75% of nearby Android handsets, but only 4% of iPhones.

By contrast, the Apple-Google model logged 99% of both Android mobiles and iPhones, but its distance calculations were weaker.

In some instances, it could not differentiate between a phone in a user's pocket 1m away and a phone in a user's hand 3m away.

Commenting on the announcement, Matt Lock, technical director at Varonis told BBH: “Collecting and parsing vast data sets is inherently complicated, so it not surprising that the UK is shifting gears and switching to tech from two Silicon Valley giants.

“Individuals should have reason for concern as our phones track our every move in myriad ways, from the wi-fi we’re in range of to the cell tower we’re closest to, and beyond.

“Researchers have found it’s possible to link anonymised data back to the user and concerns of COVID’s reoccurrence will likely expedite tracking.

“As tracking becomes commonplace, legislation must keep up with the times to ensure privacy.”

And Derek Taylor, lead principal security consultant at Trustwave, agreed that privacy was key.

It is trust that will provide the foundation upon which to drive significant public adoption; which in turn is critical to a successful contact tracing scheme in helping minimise the impacts of the pandemic

He said: “I would view the move of the UK Government, from creating their own solution for contact tracing, to leveraging the solution developed by Google & Apple, as positive.

“Between Google and Apple, they supply nearly all of the underlying mobile operating systems for the UK’s public mobile phones. As such, these organisations are most likely to be in the best position to design a solution that maximises functionality, including interoperability, provide strong security and data privacy, and to do so quickly - which they have.

“This means it is, arguably, easier for the public to trust the contact tracing solutions, without worrying about data privacy concerns of Government over-reach.

“It is this trust that will provide the foundation upon which to drive significant public adoption; which in turn is critical to a successful contact tracing scheme in helping minimise the impacts of the pandemic.”

Companies