NHS rejects Apple and Google's 'decentralised' contact-tracing API

The health service will go its own way to manage the spread of coronavirus once lockdown measures lift

The UK government has snubbed an Apple and Google's jointly-developed contact-tracing API due to its insistence on collecting data in a centralised way.

The NHS had been working with the tech giants on an app to ease society’s return to life as normal once the government was ready to lift lockdown measures by tracing the spread of COVID-19. 

The mechanism would have relied on unique key codes being exchanged between users through Bluetooth signals to register that contact has been made. People would then be notified as and when they may have come into contact with somebody potentially infected with COVID-19. 

The unique code would update when individuals mark themselves as having coronavirus symptoms, or if they test positive for coronavirus. Those who have been in contact with them would subsequently receive a notification.

This system, however, would operate based on a decentralised model by which ‘contacts’ are registered between users’ handsets, and never through a centralised database. The government had been keen on pursuing the latter because it would allow for an overarching view of the populations’ movements and how the virus might be spreading. 

This led to an initial standoff between NHS developers and the tech companies, but with the Silicon Valley giants refusing to budge, the government has rejected Apple and Google's technology entirely. 

This prospect was seen as troublesome because some of the functionality that’s key for contact-tracing working, such as the app being “always awake” in the background even when the phone is asleep or idle, would be difficult to code from scratch. 

Google and Apple’s API was written with problems such as this in mind, so adopting the technology would have expedited the development and distribution process for NHSX, the health service’s digital arm.

The government, however, is confident in the way it’s building its own version of the app, as well as in its functionality, and has reportedly begun testing a prototype version at the North Yorkshire RAF base.

"Engineers have met several core challenges for the app to meet public health needs and support detection of contact events sufficiently well, including when the app is in the background, without excessively affecting battery life," an NHSX spokesperson told BBC News. The spokesperson added the software works “sufficiently well” on iPhones without users needing to keep the app active and on-screen.

Another risk for the government in going it alone, beyond functionality, is adoption, with experts suggesting there needs to be between 60% and 80% uptake for contact-tracing to work.

The decentralised model for contact-tracing is seen by many as more privacy-aware, especially given Google and Apple have insisted they would shut down the system once the pandemic ends. In rejecting this model in favour of a centralised version, the government may be seen to be pursuing a less secure and less privacy-centric model, which would discourage widespread adoption from privacy-conscious individuals.

The German government, which is recognised as having handled the coronavirus crisis better than most nations, announced recently its intention to take up Google and Apple’s API, suggesting any app must meet data protection standards and guarantee security.

Countries like Singapore, meanwhile, which released an app before Google and Apple developed their technology, has seen a low adoption rate of up to 13%, rendering it effectively useless in managing the spread of COVID-19. 

Australia has also released its own contact-tracing app, based on the software developed in Singapore, although it’s seen an encouraging download rate so far, according to SBS News.

While the UK government remains confident in its approach, the Ada Lovelace Institute, an independent research body, poured cold water over the plans in a piece of rapid-response analysis. Chief among the organisation’s complaints was that the UK was ‘too technically limited’ to build and distribute an effective app, with severe limitations and social risks rendering any app launched as futile to its purpose.

IT Pro approached NHSX for a statement, and for clarification on whether it's confident the public would voluntarily download its custom-built app on the scale needed considering the privacy concerns.

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

Hackers using COVID vaccine as a lure to spread malware
hacking

Hackers using COVID vaccine as a lure to spread malware

15 Jan 2021
Website problems slow coronavirus vaccine rollout
hacking

Website problems slow coronavirus vaccine rollout

6 Jan 2021
Upskilling a remote workforce
training

Upskilling a remote workforce

15 Dec 2020
The IT Pro Podcast: The power of disinformation
social media

The IT Pro Podcast: The power of disinformation

11 Dec 2020

Most Popular

150,000 arrest records accidentally deleted from police database
data management

150,000 arrest records accidentally deleted from police database

15 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021