This week NHSX launch their new Covid-19 Contact Tracing app which will eventually make its way into the hands of those living on the Isle of Wight.
There's been a lot of talk about the privacy concerns of this app and I don't intend to repeat the concerns here. Personally I would be happy to use a contact tracing app regardless of the privacy concerns, as I see my health as much more valuable than my privacy.
The problem is however, that this app simply will not work!
I am an iOS (Apple) app developer and I will tell you why.
This article is based from my 8 years experience developing apps for iOS. I cannot comment on the Android version of the app.
How should it workCovid-19 symptoms don't always appear for the first 7 days. If you've been out shopping and came into contact with somebody that later starts to show symptoms, there's a possibility that you have caught it from them. Receiving a notification that you have been in contact with an infected person means you can self isolate yourself for 7 days to see if you yourself start to show symptoms whilst you are not spreading the disease even further.
Users of this app will be relying on it to tell them if they have been in contact with somebody that now has Covid-19 symptoms.
Summary of the Problem in layman’s terms:For the app to record that 2 people were in close contact, both must have the app installed and at least one of them MUST have it open in the foreground of their phone. If neither of them have the app open and on screen, then no contact will be recorded as having taken place.
The Problem in Detail:
How does it work (Basic theory)In very simple terms, your phone will broadcast itself as a Bluetooth LE (Low Energy) peripheral. A bit like a heart rate monitor or Bluetooth door lock. Any Bluetooth scanner will be able to see it, connect to it, and read any information it wants to share. This is nothing new and many apps already use this technology.
Alongside this, your phone will also be scanning for Bluetooth peripherals nearby. Just like an app can scan to find your heart rate monitor, or your front door lock to open it.
When your phone discovers another phone with the app nearby, it can read the private token and store it for later use and vice versa.
If a user's token has been registered as recently developing Covid-19 symptoms, you can be informed about it and start to self isolate.
How does it work (Technical)iPhone apps that are published on the Apple App Store, must only use Apples documented API's (Code)
There are a few API's that an App Developer can use to interact with Bluetooth on an iPhone.
The Apple documentation for Core Bluetooth explains the API's in great detail, but I will simplify things here.
A BluetoothLE peripheral is like a device you might buy. eg. A heartrate monitor, a blood pressure monitor, a door lock.
Every peripheral has an ID that identifies the type of device. The Bluetooth spec has a set list of ID's that represent different hardware. eg. A blood pressure monitor would use 0x1810. A heart rate monitor 0x180D.
An app can simulate being one of these standard devices, or it can use its own unique ID so it appears as its own unique 'thing'.
The Covid tracing app uses the unique ID C1F5983C-FA94-4AC8-8E2E-BB86D6DE9B21 which represents itself to other apps as the Covid tracing app.
You can tell the CBCentral to only scan for peripherals matching a specific ID. Like 'Find nearby heart rate monitors'. Or you can just scan for everything nearby and let your app handle whatever it discovers.
So in the case of the Covid tracing app, it would simply use its own ID to look for any nearby phones that have the same app broadcasting the CBPeripheral above (i.e. C1F5983C-FA94-4AC8-8E2E-BB86D6DE9B21).
The problem - Background applicationsApple have worked very hard to make sure iOS gives us great battery life. There's many different API's that developers can use to make an app do certain things while it isn't currently open and at the forefront of your phone.
Apple has a document specifically explaining how to use Core Bluetooth in the background <Core Bluetooth Background Processing>
This is how a door lock can automatically unlock when you approach it, even without opening an app.
As explained in the documentation for the method that kick starts a bluetooth scan:
I wrote about this briefly almost 7 years ago after doing weeks of testing here on Stack Overflow
The only way I have managed to debug this myself in the past, is to set the app up to fire local notifications when events happen, so you can physically see if the app has been woken from background.
There's also the problem, how do you know the app has completely entered the background in first place. These things aren't easy.
No test is better than a bad test
People will put their trust into this app thinking it will help them stop spreading Covid-19, but the fact it doesn't work and is flaky at best means we have people walking around thinking they are perfectly healthy when in fact they might not be.
It's no different than having a bad test that says you are healthy or immune when in fact you are carrying the disease!
How did we get here?It turns out that NHSX outsourced the development of this app to Pivotal Labs which is a software company in California.
It's also rumoured that they paid a LOT of money for this. It scares me to even mention the figures i've read.
If you were a company asked to produce what is effectively a simple app (I could have written this in a week) for an absurd amount of money, would you tell your client it wouldn't work?!
What's the solution?Apple and Google have collectively designed an API that allows phones to discover each other even whilst in standby. There's been a lot of debate surrounding the privacy model they have chosen, however it is the ONLY method that will allow an app to work as expected.
Install it, forget about it. If you've been near somebody that has recently been diagnosed, the app will tell you. Simple.
The government need to scrap this ridiculous idea that they must reinvent the wheel and keep hold of all the data and stop this app early before they waste too much money, time and trust.
Self promotionIf you are still reading, let me quickly tell you about my new app Pass On.
Have you ever wondered what happens to your phone or computer when you die? You really should give it some thought.
With modern technology, everything on your phone or computer will be totally inaccesible to those you leave behind.
Please read about Pass On and be prepared