Will you download the app?

One of the biggest difference between the NHSX approach and Apple/Google is that Apple/Google will send an alert from anyone who reports symptoms even if those are malicious or misreported. With the NHSX approach a test will be sent out, if it isn’t completed or comes back negative, that reporting will be discounted creating less false positives.

I know for my own experience the more notifications I get from a service, the more I am likely to ignore and miss the important ones.

Suity was canned then?

So how isn't it?

I've spent the last year tearing hair out as both Android and Apple increasing lock down notifications, background jobs etc. How has the official app got round the operating system restrictions?

Spent some time looking at this today including the detailed technical design doc. There's so much tulip information about this flying around on social media and as per usual the government have done a terrible job of explaining how it works, but to clear up a few things:

* It's not true that Apple do not allow Bluetooth apps to run in the background. There are some limitations but apps can declare support for both bluetooth central (scanning) and peripheral (broadcasting) background modes. It should be possible for apps to detect the unique service UUID that the app is advertising in the background which will trigger the app to wake up and execute in the background - long enough to receive a message from the device and write that message to a local log. The bluetooth APIs also support state restoration which means they can be restored after the app is *terminated* and relaunched into the background.

* The app does not upload anything unless somebody self-reports - in the meantime the log is stored securely on the device - this is the same as the Apple/Google approach.

* In order to work in a centralised way, it is necessary for the remote service to be able to link a log entry from somebody's uploaded event log to a specific *device* (not a person). When the app is activated the server generates a unique GUID (installation ID) and a private/public key pair, the public key and GUID is returned to the app. The installation ID is encrypted using this key and transmitted in the Bluetooth packet and stored in the event log of other devices (they cannot read the installation ID as they do not have the private key).

* The server, when it receives this log, does have the private keys necessary to decrypt the log and tie the events back to an installation ID and can use this to send a notification. One advantage of the centralised system is that there is more control over who gets notified and when, which may make it easier to handle bad actors and false positives. The technical document talks about triaging notifications for human review and the ability to send out false positive alerts.

* If this works how I think it does, deleting the app and reinstalling it should result in a new activation and a new installation ID. Even though the app doesn't submit any PII anyway, for those who are concerned this would seem to be an effective killswitch as deleting the app would break the link from your device to any historical proximity events.

The source code should be published today. This won't convince conspiracy theorists who will just claim the code isn't the real source code but I'm not expecting to see anything innocuous. I'm curious to see the iOS bluetooth implementation and some details around the activation process. No doubt people will be putting the app through rigorous testing to see what data it's sending out over BT and HTTP.

I think the government would have found it an easier to sell to privacy geeks if they'd used the Apple/Google exposure notification APIs but it's not immediately clear to me why one is superior than the other. The government believe that a centralised model is better from an epidemiological POV. They may be right, I'm not qualified to judge, but it won't matter if enough people won't install it.

Tech spec: GCHQ

So this app:

and:

The second part I can quite understand but if this is a contact tracing app then the first makes no sense. You need to know where outbreaks of Covid are and then react to tthat...

The app asks for the first half of your postcode and can presumably use that to analyse data and discover potential outbreaks. Ultimately, the goal here is to notify those who have been contact with people who are likely infected and get them to self-isolate.

Saw that in this article: UK finds itself almost alone with centralized virus contact-tracing app that probably won't work well, asks for your location, may be illegal • The Register

I've been doing some testing with the iOS bluetooth APIs today because despite lots of people going on about how iOS apps can't run Bluetooth in the background, the documentation says otherwise. In fact, iOS has two explicit background modes - bluetooth-central and bluetooth-peripheral which are intended for exactly this. An app can be both.

My testing has been mixed. I've been able to confirm that an iOS app can advertise itself whilst running in the background and be detected by another iOS device explicitly scanning for the service UUID whilst running in the foreground (as the documentation states). I've also been able to get an app running in the background to scan and detect a device running as a peripheral in the foreground.

There does seem to be a problem when both devices are running in the background and are locked. Even though I've been able to prove that an app can both scan for a specific service and advertise a specific service whilst in the background, having both in the background doesn't seem to work. No discovery occurs. If you then re-open the peripheral the background central device will detect it. Conversely if you instead open the central device it will discover the background peripheral device. Given this, I can't understand why they aren't discovering each other whilst both in the background.

Until the source code for the NHS app is available its hard to see if they've managed to come up with a workaround for this but I can't think of one off the top of my head. If this is the case, then this surely has to be a show-stopper?

Whilst I think the privacy concerns of the centralised model are a bit overblown, given the above technical limitation and privacy/legal experts clamouring to get the NHS to move to a decentralised model (where they could use the Apple/Google exposure notification APIs) how long can it be before there's a massive U-Turn?

“ As a result, Android phones, which are less aggressive about shutting down unused apps to preserve battery life, will be key to ensuring the contact tracing works: they will “wake up” nearby iPhones, ensuring that the contact tracing works.

If even that does not occur, the app has a second fallback, sending a push notification to users asking them to re-open the application, in effect restarting the clock.”

Critical mass of Android users 'needed for success of NHS contact tracing app' | World news | The Guardian

What a load of crap

We are truly doomed now

My inital reaction was "good idea but unsure about privacy concerns" now its - test and trace is the best method of managing virus outbreaks- much better than vaccine which can take years if ever to materialise and can have other drawbacks ditto as Im sure you will agree with lockdowns - South Korea seems a good example of how to really get in top of a virus outbreak using test and trace - avoiding massive economic disruption that lockdown etc entails.

Surely it is the Intelligent approach to containing a virus outbreak.

So yes I will download- for the greater good and all that - I will do my wee bit.