How the COVID-19 tracker app works
14 May 2020: Countries across the globe are launching apps aimed at slowing the spread of COVID-19. Here we explain how they work, their potential benefits and risks, and the approaches different governments are taking.
The outbreak of COVID-19 has impacted nations across the globe, and with a host of countries currently in lockdown to slow the spread of the virus, technology has become a vital tool for businesses to continue trading. But while the initial focus may have been solely on business continuity, the focus has shifted to how technology can be utilised to help countries move out of lockdown.
The role of tracker apps
There has been a lot of interest in the use of mobile phone tracker apps as part of the exit strategy for COVID-19 lockdowns. The idea is that mobile phones exchange encrypted digital identifiers via Bluetooth connections when they are in close proximity with one another for sustained periods of time. If a user subsequently tests positive for COVID-19 the users of phones who were in close proximity, and therefore exposed to the virus, are notified and told to take appropriate measures such as self-isolate. This fits into wider ‘track and contact’ tracing programmes and should enable quicker and scaled up responses.
Many countries are exploring and adopting these kinds of apps. Experience from Asia, in particular, suggests that digital tools can play a useful role in coming out of lockdown and suppressing the disease. Singapore’s TraceTogether app was one of the early examples of these kinds of tracker apps. South Korea has its Corona 100m app and China has employed a wide range of digital tools to support tracking, tracing and quarantining measures.
However, there is still very little hard evidence about their effectiveness compared to other more traditional measures, and even countries such as Singapore have only seen about 20% adoption from the population of their tracker app. Therefore, it’s important to place them in a wider context and not see them as a silver bullet, weighing up advantages and potential risks, as well as looking at how they support more traditional means of contact tracing which is done by people.
Is a centralised or decentralised approach better?
There are different ways that tracker apps can be designed. At the heart of the debate is the question of whether to take a centralised or decentralised approach. The decentralised approach is generally recognised to be more inherently privacy-protecting. These kinds of apps store the encrypted identifiers of other phones on the device for a limited period of time and regularly check in to a server to see if any of their stored identifiers match those of people who have tested positive. If that’s the case, the user will be given appropriate advice.
This approach has been adopted by Google and Apple, who have developed APIs to support such apps, and was also described as the best starting point by the UK Information Commissioner, Elizabeth Denham. However, the drawback with the decentralised approach is that it focuses purely on contact tracing functionality rather than generating data that could be useful for governments and health services when trying to map and contain the spread the of the virus.
As a result, the UK and a handful of other countries, such as Australia and France have adopted a more centralised approach. In the UK, this means that when someone tests positive or self-reports symptoms, all the relevant contact identifiers will be transferred to a central server for further analysis and action by the NHS. The government argues that this could provide them with more valuable data about the spread of the disease and will also enable them to provide more nuanced messaging to users about actions they need to take.
However, this centralised approach does raise many more questions about privacy, data protection and surveillance. Managing these concerns is critical to success because the app needs substantial take-up if it is to be really useful. The NHS team has recognised this and insists that everything will be transparent, and no data will be personally identifiable. It also argues that any privacy risks should be balanced against the benefits of the extra functionality in comparison to the decentralised approach.
Managing the privacy risks
While the Information Commissioner’s Office has been clear that a centralised approach can protect people’s privacy and has been providing some expert input into the design process, the onus is on the government to explain how its approach manages the apparent privacy risks. For example, if it is going beyond pure contact tracing, what is the exact purpose of the app? And is the government collecting the minimal amount of data needed in order to deliver that purpose?
There are also questions about what happens to user data. Once it is been uploaded to the central server, it cannot be deleted and NHSX, the tech development wing of the NHS, suggests that at the end of the crisis, the data could be fully anonymised and retained for research purposes.
Questions have been raised about whether such datasets could be sold to third parties in the UK or overseas and NHSX has stated that this would be inconceivable. However, clarity around what happens to the system once the crisis is over will be important. Questions on oversight and audit of the system also need to be answered. All of these questions should be addressed in the data protection impact assessment.
Other barriers to success
Privacy and trust aren’t the only potential issues with the UK and other centralised apps. There are concerns that they simply won’t work or may drain batteries very quickly. The decision not to use the approach developed by Google and Apple means that the app won’t run as efficiently on phones, as identifiers won’t be picked up in the background so easily. This is a particular problem with iPhones and there are already reports from Australia about practical problems in the operation of the app as a result.
There are also broader concerns about the use of digital tools. Reliance on Bluetooth itself raises questions, as it is not necessarily a reliable guide to the physical proximity of users. For example, the signal may transmit through walls while the virus cannot. There are concerns about adoption by groups such as the over-70s or those in deprived areas, where digital adoption is lower than in other parts of the population but where vulnerability to the virus is higher.
Using self-reporting of symptoms, rather than relying on testing, raises risks of disruptive behaviour, where people misreport and force others to self-isolate for no reason. There are also concerns about cybercriminals phishing citizens or using other similar tactics to trick them into clicking on fake links or providing personal data. This has already reportedly happened in India, with their track and trace app ‘Aarogya Setu’ spoofed to harvest personal data.
The next crucial stage for the UK app is the review of the data protection impact assessment and other technical information which have all been published. This will allow experts to give a view about the risks and mitigations in place. It is to be hoped that app developers have taken on board the concerns raised to date by privacy experts and others, and have developed mitigations that promote confidence and trust in the app.
The trials of the app will also show the extent to which the technical issues cause genuine difficulties in real-life settings. NHSX has confirmed that switching to a decentralised model would still be possible, so the story of the UK app may not be over yet.