The Government is scrapping the current version of its track and trace app over privacy concerns, switching to a system developed by Apple and Google.

Contracts worth £4.8m had reportedly been awarded to the developer VMWare Pivotal Labs for the abandoned a three-month attempt undertaken by the UK Government to create their own version of the technology.

Health Secretary Matt Hancock said the NHS would switch to an alternative designed by Apple and Google. At the Downing Street briefing,he said the government would not put a date on when the new app may be launched. The original plan as highlighted by Boris Johnson said on the 20th of May was:

“We have growing confidence that we will have a test, track and trace operation that will be world-beating and, yes, it will be in place by June 1.”

At the Downing Street briefing, Hancock said:

“Apple software prevents iPhones being used effectively for contact tracing unless you’re using Apple’s own technology. Our app won’t work because Apple won’t change that system… and their app can’t measure distance well enough to a standard that we are satisfied with. What matters is what works. Because what works will save lives.”

It is understood that he is referring to reports that the Government developed app could only detect four percent of iPhones it came into contact with, compared with 75 percent of Androids. In contrast, iPhones running the Apple-Google system spotted 99 per cent of handsets.

As we reported in May, the much anticipated coronavirus contact tracing app failed cyber security, performance and clinical safety tests. Concerns regarding the app’s privacy and information governance have been discussed nationally.

The concept is based on letting users report if they’re experiencing symptoms and the app will then notify other users if they’ve been in contact with an infected user. If a user tests positive then this will trigger an alert to others informing them that they were in close proximity to someone with COVID-19.

According to the NHS, the app is planned to give the public a simple way to make a difference and to help keep themselves and their families safe.

“Once you install the app, it will start logging the distance between your phone and other phones nearby that also have the app installed using Bluetooth Low Energy. This anonymous log of how close you are to others will be stored securely on your phone.”

Health is a devolved issue, as such this app is currently for England only. Northern Ireland, Scotland and Wales have yet to commit to the app but are able to do so should they choose to be involved.

George Allison
George has a degree in Cyber Security from Glasgow Caledonian University and has a keen interest in naval and cyber security matters and has appeared on national radio and television to discuss current events. George is on Twitter at @geoallison

22 COMMENTS

    • Indeed….
      Ecclesiastes 12:14
      For God shall bring every work into judgment, with every secret thing, whether it be good, or whether it be evil.

  1. Funny, having read about the results of the test of this app in the Isle of Wight and it’s very low effectiveness, particularly with Apple phones, i thought it was being ditched because it simply does not do the job……

  2. did they not give the app to test at raf leeming first ,who knocked it back due to security issues around it,but the gov decided to go ahead with it anyway?

  3. I’m not sure the Govt App was abandoned solely because of privacy concerns. My reading of what Hancock said was that it just doesn’t work with Apple phones. Somehow this is Apple’s fault. What we wrote was a Rolls Royce app that works on half the phones. Hancock decided to chop this in for a Ford Escort App that works on all phones and has the potential to synch with other European Apps, except France who also have chosen a central hub architecture. Pragmatic decision.

    • My understanding is that Apple does not give access anywhere on the phones except in specific circumstances. The more they control Apps the less likely the phone is to crash. Its a strategy that works!

  4. It strikes me it’s self centred civil servants this time from the DofH peddling their own furrow. But generally we Brits are not as regimented or subservient as say those from Singapore. Would it ever work for us?

    • Much as people enjoy berating civil servants, politicians et al I’m not sure that the main obstacle here is not the laws of physics. The requirements definition here must have been easy. Getting close even without Apple throwing spanners in the works must have been tricky – if indeed they did?

      • The person at fault is Matthew Could who has scrounged lots of jobs off chums from the Oxbridge set. Like Osborne. Someone who thinks he’s cleverer than he really is. His background is philosophy and divinity from Cambridge. But he somehow bluffed himself into a well heeled tech NHS Quango.
        Not the greatest fan of “Guido Fawkes” blog… But his comment rings true to me.

        So I think it is the civil servants at fault.

        • Trevor, I think if you asked the majority of civil servants if they felt they were accountable for their actions you might not get a polite response. If, as you suggest, this guy is in a role for which he does not have the requisite skills I am sure he is not the first and certainly will not be the last. Things need to change.

          I cringe when I see an organisation like the NHS without the necessary IT and think what could be achieved with a modest but well targeted amount time, effort and money.

          • The NHS has NHS Digital. This was a new quango dreamed up about 2018… The ‘App’ which was attempted was from, NHSX. The guy who runs is is a career diplomat, one Matthew Gould who used to be ambassador to Israel.

            These are wheels within wheels, and we can only imagine how procurement and design goes on in the MoD.

    • The very same civil servants who tried their hardest to keep you safe and healthy for the last 3 months. We have some very dedicated and capable people work in government who have an impossible task to deal with, they are not all bad, not by a long way.

      • You have an excellent point there. There were a lot of people behind the scenes working hard to make things happen during the pandemic and not all got the praise afforded to the frontline staff.

        Most organisations generally need to constantly keep re-evaluating where they can improve. The Civil Service is no exception. The people in the organisations tend to know better than anyone else where things need to change. However it is for us the voters to say that perhaps change needs to happen. I am not sure the politicians would do anything unless the public were behind them.

        • Yes, civil servants don’t need our votes. I don’t even think all the MP’s are that bad, I think many of them go into it for genuine reasons. They get a lot of crap, and very little praise, and it’s not even that well paid in the grand scheme of things, until they get to minister level. Thanks Mark, have a good weekend ?

      • Who says they are not. But this idea came from the head of that organisation, a arival organisation to tbe NHSs own department, and no one except him wanted it.

  5. There does seem to be much confusion here.

    Can you interrogate the bluetooth device in the phone when it latches on to other devices and based on the signal strength work out how far away that device is?

    I can imagine that it is much easier to directly access the necessary information on an “Open” android device than a closed system such as Apple.

    Certainly Apple could either provide an App themselves and/or provide an interface (API) to allow the necessary access and control. I suspect they are doing this.

    I suspect that any software company being chucked this hot potato would either do it on a “R&D” basis or given the circumstances developed it for free. A collaboration between several companies might have been the best way forward.

    The way Governments procure stuff – especially stuff they don’t understand needs to be changed. The sooner the better?

    • That’s exactly what they are doing. Apple and Google collaborated to create a new API common across both iOS and Android called “Exposure Notifications” and authorised health authorities can request a key to allow access to that API. No other app developers are allowed to use it because they won’t be granted a key.

      If the Isle of Wight (IoW) app really was dropped because of security concerns that is appalling because the differing security implications inherent in the centralised IoW app architecture vs the distributed data architecture underlying the Google/Apple API have been well known for months now. What a total and utter waste of precious time going down this wrong track.

      I believe the other issue was accessing the Bluetooth radio at regular intervals when the app is not necessarily (in fact almost certainly not) always running in the foreground. Having the app go active every 5 minutes to re-interrogate the Bluetooth radio also apparently had a horrible effect on battery life whereas because Google and Apple are implementing the code to interface with Bluetooth entirely within their respective operating systems means it can be done far more efficiently. Apple in particular is quite brutal about limiting what apps can do in the background so various tricks had to be used by the developers of the IoW app that, as well as draining battery, weren’t always effective. Similar problems actually exist, to a lesser extent, on Android if one tries to do a home-grown app as opposed to using the official APIs.

      Detailed API specifications for anyone technical who is interested in more detail are here – https://www.apple.com/covid19/contacttracing/

      Personally this is exactly what I expected to happen, a switch of strategy to use the EN APIs, I’m just annoyed that so much time has been lost.

      There are however still some issues with EN, in particular how accurate is using attenuation of a Bluetooth signal in judging distance between phones since the medium through which each contact’s signal is passing (bags, walls, wallets, etc) can’t be known.

      • Sorry, shouldn’t have said active every 5 minutes. I don’t know how often the app was trying to ensure it was woken up, possibly way more often than that.

        • Hi Julian, thanks for this – that spec was illuminating to say the least. I agree with you need to have the key code embedded in the OS otherwise you end up in all sorts of trouble. It looks like most if not all of the IOW efforts were indeed wasted.

          I agree with your worries about the signal attenuation. We might only be able to say someone with Covid was on the same train carriage for example. I think we have to proceed anyway and weather the storm. It is likely the information will be of some benefit and to not have it should it prove to work better than or as well as expected would be unforgivable.

          If you are running a technical organisation you need technical skills amongst others but you certainly need to be surrounded by people who know their business and be prepared to listen.

          I expect someone is considering their position.

      • Last week my Phone (Android) had a ‘moment’ ,now theres a notification trace on it ,much the same with other people i know.

        • Yes, both Google and Apple have pushed out the code to implement the Exposure Notification API to phones running their software. That doesn’t mean that the tracking is active though. There needs to be an app downloaded onto your phone that tells the tracking to turn on in order for it to actually start working and not just any app can do that. In order to activate the API two things are necessary …

          1 – The app developer needs to be approved by Apple and/or Google in order to access the API. Both Google and Apple have said that they will only issue such permission to official national (or state) health authorities and they will only authorise one app per health authority.

          2 – Even if an app is authorised to use the API when it is first run a message will come up asking you, if the API has not already been explicitly enabled by you in settings (it is disabled by default), to enable the API and allow that app to access the Exposure Notification services. That is exactly like the messages you might have encountered already from newly installed apps such as the “do you want to allow app xyz to access your microphone/camera/bluetooth/etc?”.

          Basically you need to both download a national health authority approved app and then explicitly enable EN services before tracking will actually be enabled. Right now in the U.K. the EN stuff is code in the OS that is not used.

  6. The problem seems simple to me. Apple/Google are Goodfellas:

    Got a good idea for your OWN app to use on MY phones? F.U. Pay me!

    Need me to integrate your great app into my system for the good of your citizens? F.U. pay me!

    You already spent millions on development and all you need is for me to simply integrate it? F.U. Pay me!

    It means you would have to waste millions in hard earned money taken from your people? F.U. Pay me!

    Big Tech is now a straightforward protection racket. I give some credit to HMG for trying to break out of it but they never had a winning hand because the past has caught up with us in allowing this to happen.

    Apple won’t even give the codes to US security services to unlock the data on phones used by murderous terrorists. That used to be called treason. Politicians, for years, have had too much mouth and nowhere near enough round things!

LEAVE A REPLY

Please enter your comment!
Please enter your name here