Apple and Google block NHS Covid app update over privacy breaches
Ministers have paused a planned update to the NHS Covid-19 app after Apple and Google blocked it from their stores over privacy violations.
The app, which aids contact tracing in England and Wales, uses technology built by the Silicon Valley companies to track interactions between users with their bluetooth signals and venue “check-ins”.
It was to have been updated on 8 April, in time for lockdown easing and the introduction of free rapid coronavirus testing for everyone in England.
So far, it has allowed people to check into indoor places such as bars and restaurants by scanning a QR code before they enter, but the data was kept on the individual’s phone.
Should a venue be identified as a potential virus hotspot, every device is then sent this data, allowing the app to crosscheck with the owner’s own log of locations and alert them if they might have been exposed.
A new version of the app was planned to automate the process further, instead asking users’ permission to upload their venue history if they test positive.
The move, however, broke the rules set by Apple and Google when they built the contact-tracing technology last summer, leading both to prevent the government rolling out the new version of the app.
When they released their technology for health services’ use, the companies stipulated that any apps would have to work in a “decentralised” way, avoiding privacy violations that could result from tracking the movements of an entire population and saving them in a centralised database.
The plan to allow venue histories to be shared was supposed to be a way around such restrictions because it required active voluntary consent, was only triggered by users who already had a positive test and did not directly use the technology created by Apple and Google, called the Exposure Notification API.
The Department of Health said in early April: “If an app user tests positive, they will be asked to share their venue history in a privacy-protecting way via the app. This will allow venue alerts to be generated more quickly, and improve the ability to identify where outbreaks are occurring and take steps to prevent the virus spreading.”
When the government tried to publish the new version, however, both companies said that any app using the Exposure Notification API had to treat all data collected the same and declined to update the versions on users’ phones.
A similar push for new check-in features in Scotland proceeded without incident because it required a new app, Check In Scotland, and was not built into the existing contact-tracing app.
The ability to check in to venues for contact-tracing purposes has been built into the NHS apps since they were released in autumn last year, but the feature has been criticised for providing little useful data to contact tracers or the venues themselves.
No history of check-ins can be gathered, and though the feature can be used to send out alerts to warn people that they may have been exposed, the local authorities that had the power to issue the alerts rarely did so.
This week’s delayed update was intended to automate the feature, so that if enough users submitted a positive test after visiting the same venue, all other visitors would be automatically warned.
But the terms under which the government is able to use the the Exposure Notification API explicitly bars it from creating apps that “share location data from the user’s device with the public health authority, Apple or Google”.