The NHS coronavirus app, rated

How does the UK's new contact tracing app rank on privacy and data security?
18 May 2020

Interview with 

Greig Paul, University of Strathclyde


App icons on a smartphone screen.


The NHS’ mobile phone app designed to tackle COVID-19 - currently being tested on the Isle of Wight - will soon be rolled out nationwide. It’s job is to track down everyone an infected person has been in contact with, and it’s part of a wider approach to test, trace, and isolate infected individuals so they don’t spread the disease. This so-called “contact tracing” is an old idea that normally involves interviews and questionnaires; the app is for catching connections that the old methods would miss, such as strangers on a bus. But there have been questions surrounding how it treats the data of the people who use it. So Phil asked the opinion of security engineer Greig Paul...

Greig - When you're using the app, you don't need to do anything. In the background, though, your phone is seeing if any other devices appear over Bluetooth; and if there are devices running the app out there, they'll exchange a little handshake and they'll keep a record of that. Nothing will happen with that - it will stay on the phone, and in 21 days' time it'll disappear and be deleted off your phone. But if somebody later reports symptoms - they start to feel unwell - you can click a button and upload to the NHS a list of the people, the devices, that you were in contact with. The app allows the NHS to get an idea of whether this is likely to be a true claim of symptoms or a false claim of symptoms by someone, just having a laugh and clicking the button for example, based on if they've been exposed. But then they can actually alert the people that they've been in contact with. And that could allow you to get people and say to them, "look, you might be exposed, you should self isolate," and then in two or three days' time they might experience symptoms.

Phil - Don't you need everyone to have the app, though?

Greig - You don't need everyone to have the app. Research suggests that if you get about 60% of the population, you'll start to get some gain. You're never going to get everyone to install it; but that's okay, because you're still going to have regular procedures of contact tracing. People will be following distancing measures, they'll be washing their hands; but the idea is to augment that process.

Phil - How does this compare to apps that other countries are trying? Like this COVIDSafe app that Australia has been using?

Greig - So there's two general approaches that are being taken to how these apps are being developed at the moment. There's the centralised and the decentralised model. Australia's COVIDSafe app is using the UK approach, the centralised model.

Phil - What's the difference between that and decentralised?

Greig - Some countries are looking at building decentralised apps - a lot of European countries are interested. These work almost in the reverse manner of how the UK's approach is. The UK focuses on someone who's infected, sending a list of people they were near, to a central server run by the NHS. In the decentralised model, everybody keeps a list of the devices that they see; and if someone gets infected, what everyone else has to do is look through their record of what devices they've been around, and see if any of the infected ones are devices that they've been close to. In both cases, you don't send anything to the health service server unless you've been infected.

Phil - Can I make a comparison to see if I understand it?

Greig - Sure.

Phil - Is it like you've got to give the police an alibi for something? The centralised version is you saying, "well I saw this person, this person, this person, and they can all verify that I'm fine." Whereas the decentralised version is going, "okay, well I was wearing a green hat and a red jumper, and so people would have seen that, so you can ask people if they saw someone with a green hat and a red jumper."

Greig - That's a pretty good analogy. In the decentralised model, you have to tell everybody what happened. Whereas in the centralised one, you tell the NHS what happened and they can go and alert people as needed.

Phil - To someone who's not a software guy that seems like quite a small distinction...

Greig - It seems a small distinction, but from the privacy perspective, the distinction here is quite important. A lot of people feel the privacy of the decentralised system is better. I think what they're often overlooking is that even in the decentralised system, they are actually revealing this information; and if you create a list of people who have been infected, there's a lot of privacy concerns around that, especially when that list is being circulated to everybody as a virtue of the design. With the NHS system, you don't do that. What you do is you privately notify the NHS and the NHS notify someone. There's no big list that anyone could look at to see who's been infected. Any country that's looking to build the decentralised model will end up having such a list; a lot of countries are looking at the Apple and Google approach, and it's the approach they are firmly pushing to everyone.

Phil - But it seems like people are worried rather than about everyone having their information, maybe a big company having the list of where you've been and who you've been in contact with.

Greig - Sure. So the first thing that's important to know is with both of these approaches, there's no list of where people have been. There's no location data being gathered. There's no location data being stored. There's no location data being sent anywhere. Now with regard to who people have been in contact with, we're not talking about names and addresses. We're not talking about phone numbers. What we're talking about is random numbers that are linked to that person, that there isn't actually... it's not possible to go and look at who that is and determine anything based on that.

Phil - Greig, are you going to get the app?

Greig - Yep. Already downloaded it.

Phil - You've already downloaded it!

Greig - Yes. So for the purpose of the research, I've already downloaded it.

Phil - How do you find it?

Greig - It's very simple and straightforward. There's not really much to it, to be quite honest.

Phil - If you had to give it a Greig Paul privacy rating out of 10, what would it be?

Greig - I think for this app would probably be looking somewhere around an 8 out of 10.


Add a comment