James O’Malley

Why the NHS contact tracing app could be dead on arrival

Why the NHS contact tracing app could be dead on arrival
(Photo: iStock)
Text settings

On Tuesday, the Isle of Wight became the nation’s Petri dish – the first place to try the NHS’s Covid-19 contact-tracing app. The app is definitely a clever idea: if our phones silently send a unique ID to everyone around us, when we get symptoms the government can alert everyone we have come into contact with. If enough people use the app – the theory goes – we will finally get a grip on the virus, and it will improve our track and tracing capabilities, limiting the spread of the disease. It might even enable us to get back to normal (or normal-ish) life more quickly.

There’s just one problem: the app might not work.

The reason why is technical, but important. For the app to be useful, it needs to be running on our phones all the time – so that it continues to transmit and receive the Bluetooth signals that determine who we have been in contact with. The problem is that both Apple’s iOS operating system, which runs on iPhones, and Google’s Android operating system, which runs on almost every other smartphone, are not designed to work like this.

Unlike a laptop, where if you open up a programme it will stay running until you close it, mobile operating systems have been designed to preserve memory and save battery. If there’s an app your phone thinks you’ve stopped using, after a little while it will be quietly closed.

This means that – especially on iPhones where the app rules are most strict – if you open the Covid app and then have a look at Facebook or watch a video, you might find it silently stops working in the background. For most apps this isn’t a problem – if your photos app has to restart afresh when you open it, you won’t even notice as it will automatically load up the last image you were looking at. But if the app is supposed to be listening and transmitting in the background, there will be a gap in the data as it won’t have been running.

There are a handful of loopholes to these rules – but both iPhone and Android operating systems are strict about how they apply. For example, voice-over-IP apps like Skype can continue to receive calls in the background, and some apps that use GPS will automatically re-trigger the app if your phone detects you have moved location. But these loopholes appear to be unavailable to NHSX, the arm of the NHS that is developing the app. Developers have already committed to not using location data, for example. Assuming the app is being built to comply with the normal app store rules, there isn’t really a way around it.

To be clear, NHSX is a great organisation with an important mission. It employs some super talented coders and developers. Perhaps they have discovered some clever workaround that somehow gets around this fundamental flaw – but if so, they would probably be among the first developers to achieve what no other third-party app developers, at least for iPhone, have yet managed. I asked the Department of Health about this, and a spokesperson claimed the app will work in the background – but has not yet offered any further explanation.

NHSX could potentially have persuaded Apple and Google to bend the rules on what they allow apps to do – the Covid pandemic is surely a significant enough problem for the tech giants to make an exception to their usual app store policies. But I am still sceptical about whether the platforms would allow it, considering the NHS has already rejected their preferred approach.

At the start of the crisis, arch-rivals Apple and Google took the unusual step of working together on a common set of technological standards for contact tracing. The companies were concerned that if governments dictated the terms of contact-tracing, it would be a disaster for the privacy of their users. So instead, they proposed their own decentralised model.

With the Apple and Google model, when someone is diagnosed with coronavirus, they have the option of uploading their ID number to the cloud. Everyone’s phone would regularly download a list of infected ID numbers and flag up if they had been in contact with any Covid sufferers. The clever contact matching part would take place on the user’s phone, rather than on a health authority’s servers and the government wouldn’t end up with an enormous database cataloguing everyone’s social interactions. Because Google and Apple created this system, it would not rely on an app, and so would be able to transmit and receive ID numbers without the fatal technical flaw described above.

NHSX has admirably done a lot of things right with its app: it has promised to open-source its code and has committed to publishing data protection impact assessments. But this fundamental design flaw may mean that our contact-tracing app will be significantly less effective than if we had used the decentralised system used by most other countries. So why do it this way?

The blame may lie with the NHS’s lack of testing capacity. In a decentralised system, dodgy self-declarations are harder to police and could pollute the system with bad or unreliable data. The only way to make a decentralised system work is to have a much larger testing programme, where the NHS verifies cases before sending out notifications to people saying that they have been in contact with a Covid sufferer.

Instead, the government may have been forced to pursue a centralised system: If NHS servers do the matching centrally, they can find and weed out any bad actors. But as a consequence we may have to rely on an app that does not work effectively.

So now it will be interesting to see the results of the Isle of Wight trial. Perhaps NHSX have figured this out and know something we don’t. Or perhaps the contact-tracing app will, regrettably, be dead on arrival.

James O’Malley tweets as @Psythor.