NHSX contact-tracing app reportedly failed cyber security tests

Report emerges as Apple and Google double-down on privacy with location tracking ban

The contact-tracing app developed by the NHSX has been described as “a bit wobbly” by senior NHS employees, who told the Health Service Journal (HSJ) that it has so far failed security tests. 

The anonymous sources revealed to the medical policy news service that the app had initially failed all of the tests required in order to be included in the NHS app library, including cyber security, performance and clinical safety.

However, a spokesperson for the Department of Health and Social Care (DHSC) denied the claims. 

“The NHS COVID-19 app has not failed any clinical assessments and NHS Digital has been clear it will go through the normal assessment and approval process following the Isle of Wight roll-out,” they said.

The DHSC spokesperson also clarified that the app would monitor people’s locations, a possibility which was seen as a significant privacy violation.

“Privacy and security has been paramount throughout the app’s development, and we have worked in partnership with the National Cyber Security Centre throughout. The app uses low-energy Bluetooth, not GPS, and therefore it does not track people’s locations or record their locations.”

The news comes as Google and Apple announced that they would ban the use of location tracking in apps that use their contact-tracing API, which uses Bluetooth signals to detect encounters but does not use or store GPS location data.

A number of European countries have leaned towards the decentralised Apple-Google API, while the UK snubbed the two tech giants last week and announced it would be developing its own centralised model.

Related Resource

Don’t just collect data, innovate with it.

Removing the barriers to the experience economy

Download now

Senior NHS sources told HSJ that the UK government was “going about it in a kind of a hamfisted way. They haven’t got clear versions, so it’s been impossible to get a fixed code base from them for NHS Digital to test. They keep changing it all over the place”. 

In spite of all these issues, HSJ’s sources clarified that the app was not a “big disaster”. Starting today, the system is being trialled on the Isle of Wight and, if it passes tests, it is expected to become available to the public in mid-May, when lockdown restrictions are expected to be gradually lifted.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021
CISOs aren’t leading by example when it comes to cyber security
cyber security

CISOs aren’t leading by example when it comes to cyber security

24 May 2021
New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
How LSE is using digital technology to shape the future of higher education
digital transformation

How LSE is using digital technology to shape the future of higher education

15 Jun 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021