What is Contact Tracing, and how does an app help?
This video from The Guardian is an excellent review of how Contact Tracing works in both a traditional and technology-enable world. You should watch it.
An Infographic that explains how Contact Tracing works
Approaches to creating a Contact Tracing app
Google and Apple have combined to work out a solution that works across iOS/Android devices. Here's a document that explains how what they have done would work …
But there are Privacy concerns as this BBC article (with video) explains. Regardless of those concerns the app is being trialled in the Isle of Wight. It’s useful to know the difference between the approach being used by the NHS and the Google-Apple approach, this article explains those differences.
However there are potentially difficulties …
France (how unexpected) have threatened Google-Apple over the fact they won’t work with France’s standalone approach (a similar approach to the UK); and it has been suggested that failure to adopt a common approach could threaten international travel – as “health passports” will be impossible to implement.
Then there are technical difficulties as iOS and Android devices work in different ways (not unsurprisingly) causing success of the Google-Apple approach to be dependent on a very high adoption amongst Android users.
The new NHS contact-tracing app could be used to send malicious alerts causing people to isolate unnecessarily, The Independent has been told. The app, which is being trialled in the Isle of Wight, tells users if someone they have been in close proximity with may be suffering from coronavirus, meaning they could be exposed. But because users can set off the warnings themselves by reporting symptoms – rather than positive Covid-19 test results – it could be used to send out false alerts. Dr Michael Veale, a lecturer in digital rights at University College London, said Britain’s tracing app had no measures in place to stop individuals “maliciously triggering notifications” using its normal functionality.
Then, on the technical front, some notes from Phil Edwards’ friend
On the Apple-Google Indirect approach
“Their approach seems pretty solid. I think they’re basically exposing some features that previously weren’t available to app developers. Both seem pretty determined to limit the potential for it to be exploited by governments; I think they announced yesterday/the day before that any apps using their system can’t also access location data.
Contact tracing is totally doable without central databases. I can see why a government might want to own data themselves, but there are big downsides (especially security when building in such a rush).”
On the NHSx Direct approach
“The implementation of this contact tracing app really hits that sweet spot between ‘Are they incompetent?’ and ‘Do they have ulterior motives?’ I’d advise against installing it but I doubt it’s going to work properly anyway in its current implementation because of various oddities around how Bluetooth LE works. This isn’t a great article but covers some of it.”
A better comment from Hacker News covers it clearer:
“‘Bluetooth LE has four main states: scanning, advertising, peripheral connection, and central connection. In order to exchange the data that the app needs it needs one device in the peripheral connection mode and the other in the central connection mode. This means one device must have previously been advertising and the other scanning. The two important states are advertising and scanning.Android devices can advertise in the background but they can’t scan reliably, they can do this for a short period of time enforced by the Android time limits on apps running in the background and possibly manufacturer specific power savings measures. These limits are not well documented and cause issues on any device using Bluetooth.iOS devices can’t advertise in the background, however they do advertise an Apple specific advertisement which can’t be controlled by the app but can still be connected to. iOS devices also can’t reliably scan in the background however they can scan more reliably for iBeacons (special adverts) [1]Combined this makes it difficult to work well in the background, Android devices can’t reliably connect to any device, iOS devices can’t connect to each other but iOS devices may be able to connect to Android devices.'”
Finally, a potential for Fraud
Plus fraudsters have not been slow to latch-on to the possibility of piggy-backing on the NHS app as this article in The Guardian show (thanks Phil for the link).
Other references: