This week NHSX launch their new Covid-19 Contact Tracing app which will eventually make its way into the hands of those living on the Isle of Wight.
There's been a lot of talk about the privacy concerns of this app and I don't intend to repeat the concerns here. Personally I would be happy to use a contact tracing app regardless of the privacy concerns, as I see my health as much more valuable than my privacy.
The problem is however, that this app simply will not work!
I am an iOS (Apple) app developer and I will tell you why.
This article is based from my 8 years experience developing apps for iOS. I cannot comment on the Android version of the app.

How should it work

Covid-19 symptoms don't always appear for the first 7 days. If you've been out shopping and came into contact with somebody that later starts to show symptoms, there's a possibility that you have caught it from them. Receiving a notification that you have been in contact with an infected person means you can self isolate yourself for 7 days to see if you yourself start to show symptoms whilst you are not spreading the disease even further.
Users of this app will be relying on it to tell them if they have been in contact with somebody that now has Covid-19 symptoms.

Summary of the Problem in layman’s terms:
For the app to record that 2 people were in close contact, both must have the app installed and at least one of them MUST have it open in the foreground of their phone. If neither of them have the app open and on screen, then no contact will be recorded as having taken place.

The Problem in Detail:

How does it work (Basic theory)

In very simple terms, your phone will broadcast itself as a Bluetooth LE (Low Energy) peripheral. A bit like a heart rate monitor or Bluetooth door lock. Any Bluetooth scanner will be able to see it, connect to it, and read any information it wants to share. This is nothing new and many apps already use this technology.
Alongside this, your phone will also be scanning for Bluetooth peripherals nearby. Just like an app can scan to find your heart rate monitor, or your front door lock to open it.
When your phone discovers another phone with the app nearby, it can read the private token and store it for later use and vice versa.
If a user's token has been registered as recently developing Covid-19 symptoms, you can be informed about it and start to self isolate.

How does it work (Technical)

iPhone apps that are published on the Apple App Store, must only use Apples documented API's (Code)
There are a few API's that an App Developer can use to interact with Bluetooth on an iPhone.
The Apple documentation for Core Bluetooth explains the API's in great detail, but I will simplify things here.

A BluetoothLE peripheral is like a device you might buy. eg. A heartrate monitor, a blood pressure monitor, a door lock.
Every peripheral has an ID that identifies the type of device. The Bluetooth spec has a set list of ID's that represent different hardware. eg. A blood pressure monitor would use 0x1810. A heart rate monitor 0x180D.
An app can simulate being one of these standard devices, or it can use its own unique ID so it appears as its own unique 'thing'.

  • CBPeripheral: This is the Apple API that makes your phone discoverable. An app creates a CBPeripheral by assigning it an ID.
    The Covid tracing app uses the unique ID C1F5983C-FA94-4AC8-8E2E-BB86D6DE9B21 which represents itself to other apps as the Covid tracing app.
  • CBCentral: This is the Apple API that allows an app to scan for nearby BluetoothLE devices (Peripherals).
    You can tell the CBCentral to only scan for peripherals matching a specific ID. Like 'Find nearby heart rate monitors'. Or you can just scan for everything nearby and let your app handle whatever it discovers.
    So in the case of the Covid tracing app, it would simply use its own ID to look for any nearby phones that have the same app broadcasting the CBPeripheral above (i.e. C1F5983C-FA94-4AC8-8E2E-BB86D6DE9B21).
  • It seems so simple, so what's the problem?

    The problem - Background applications

    Apple have worked very hard to make sure iOS gives us great battery life. There's many different API's that developers can use to make an app do certain things while it isn't currently open and at the forefront of your phone.
    Apple has a document specifically explaining how to use Core Bluetooth in the background <Core Bluetooth Background Processing>

  • bluetooth-central: As explained in the document above, an app can register to be woken up and given 10 seconds to run some code whenever a specific bluetooth peripheral is discovered.
    This is how a door lock can automatically unlock when you approach it, even without opening an app.
    As explained in the documentation for the method that kick starts a bluetooth scan:
    Your app can scan for Bluetooth devices in the background by specifying the bluetooth-central background mode. To do this, your app must explicitly scan for one or more services by specifying them in the serviceUUIDs parameter.
    So we must supply the ID C1F5983C-FA94-4AC8-8E2E-BB86D6DE9B21 to say that we want the app woken up whenever another device with the Covid tracing app running is discovered.

  • bluetooth-peripheral: As explained in the above document, an app can broadcast as a peripheral and be woken up to run 10 seconds of code whenever another bluetooth device connects to it. However, it says:
  • should be aware that advertising while your app is in the background operates differently than when your app is in the foreground. In particular, when your app is advertising while in the background:
  • All service UUIDs contained in the value of the CBAdvertisementDataServiceUUIDsKey advertisement key are placed in a special “overflow” area; they can be discovered only by an iOS device that is explicitly scanning for them.
  • Firstly take note that these background peripherals can only be discovered by iOS devices. Secondly what the documents don't tell you is that a background central can also not see them. Only when an app is open and scanning for devices can it find a peripheral that is in the background
    I wrote about this briefly almost 7 years ago after doing weeks of testing here on Stack Overflow
    ...the 2 cancel each other out. As your background scan can only scan for devices with a specific ID and your background peripheral cannot advertise its ID, they cannot see each other.
    The above is extremely hard to debug. Developers would usually use an iPhone plugged into their computer running a debugger that tells them what the app is doing. The problem here is that the app never completely goes into the background whilst connected to the debugger. So a developer can easily be fooled into thinking their app is working as it should.
    The only way I have managed to debug this myself in the past, is to set the app up to fire local notifications when events happen, so you can physically see if the app has been woken from background.
    There's also the problem, how do you know the app has completely entered the background in first place. These things aren't easy.

    No test is better than a bad test

    This phrase has been bandied about by all the top politicians when quizzed about Covid-19 testing, so why should it be any different for a contact tracing app that people are going to rely on?
    People will put their trust into this app thinking it will help them stop spreading Covid-19, but the fact it doesn't work and is flaky at best means we have people walking around thinking they are perfectly healthy when in fact they might not be.

    It's no different than having a bad test that says you are healthy or immune when in fact you are carrying the disease!

    How did we get here?

    It turns out that NHSX outsourced the development of this app to Pivotal Labs which is a software company in California.
    It's also rumoured that they paid a LOT of money for this. It scares me to even mention the figures i've read.
    If you were a company asked to produce what is effectively a simple app (I could have written this in a week) for an absurd amount of money, would you tell your client it wouldn't work?!

    What's the solution?

    Apple and Google have collectively designed an API that allows phones to discover each other even whilst in standby. There's been a lot of debate surrounding the privacy model they have chosen, however it is the ONLY method that will allow an app to work as expected.
    Install it, forget about it. If you've been near somebody that has recently been diagnosed, the app will tell you. Simple.
    The government need to scrap this ridiculous idea that they must reinvent the wheel and keep hold of all the data and stop this app early before they waste too much money, time and trust.

    Self promotion

    If you are still reading, let me quickly tell you about my new app Pass On.
    Have you ever wondered what happens to your phone or computer when you die? You really should give it some thought.
    With modern technology, everything on your phone or computer will be totally inaccesible to those you leave behind.
    Please read about Pass On and be prepared