Apple and Google block NHS COVID-19 app update

The update breached the tech giant's rules about collecting and sharing location data

Apple and Google have blocked a new update to the NHS COVID-19 app on iOS and Android because it breaks rules about collecting location data.

The new update to the contact-tracing app, which garnered much publicity last year due to its development back-and-forths, delayed launch, and ‘software glitches’, would have asked users to upload venue check-ins, thereby sharing location data.

The update was set to be released to coincide with the reopening of outdoor hospitality venues in England, with pub gardens and terraces being allowed to welcome back guests on 12 April. If a person tested positive for COVID-19 after visiting a venue, other people who had also visited the place could be alerted of the possibility that they too might have contracted the virus.

However, the function never made it to users’ phones, as the BBC reports that the update had been blocked due to a breach of Apple and Google’s joint Exposure Notifications rules, which bans apps from sharing “location data from the user's device with the public health authority, Apple, or Google”.

The NHS COVID-19 app must comply with the regulations due to it being based on the decentralised API model developed by Apple and Google, which stores the information collected through the app on users’ devices and only shares only a limited amount of data with epidemiologists monitoring the pandemic.

Prior to settling on the Apple-Google API model, the UK government famously considered a centralised coronavirus contact-tracing app which was heavily criticised by privacy campaigners.

Despite the update being blocked from the Google Play and App Store, a spokesperson for the Department for Health and Social Care (DHSC) told IT Pro that the “deployment of the functionality” had been merely “delayed”.

The spokesperson added that the issue “does not impact the functionality of the app” and that DHSC is “in discussions with [its] partners to provide beneficial updates to the app which protect the public”.

Related Resource

The definitive guide to IT security

Protecting your MSP and your customers

The definitive guide to IT security for MSPs - whitepaper from LiongardDownload now

“As venues begin to open up we encourage everyone who can to use the enhanced venue check-in process, which includes advising users to book a test if they attend venues where multiple people have tested positive,” they added.

Apple and Google were not immediately available for comment.

Ray Walsh, digital privacy expert at ProPrivacy, said that the tech giant's decision to block the update “appears to reveal that the government was attempting to deceive the public into believing that location data would still be handled in an appropriately secure and private manner”.

“The Department of Health claimed that the UK’s app would continue to handle data in a private and decentralised manner even if users shared their check-ins to protect fellow users, however, it seems that in reality, the feature would require a centralised repository of data to be amassed by the authorities,” he added.

“It is now clear that the government either misunderstood how it can leverage the technology provided by Google and Apple, or was hoping to sneak this update in the back door and get people to opt-in to a centralised approach without providing transparency about exactly what they were doing.”

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021
Peloton security bug could expose user data
data protection

Peloton security bug could expose user data

6 May 2021
Tens of thousands of Pennsylvanians health data exposed following data breach
data protection

Tens of thousands of Pennsylvanians health data exposed following data breach

4 May 2021
Cost of a data breach report 2020
Whitepaper

Cost of a data breach report 2020

30 Apr 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021