The UK National Health Service is forging ahead with plans to release its own coronavirus contract tracing app for iOS and Android. Unfortunately, the app will not use of the Apple/Google privacy-conscious exposure notification framework, and instead the NHS are rolling their own solution, as reported in a statement to BBC News today.
The NHS app will send exposure events to a centralized server, which means it will necessitate that users share more information than if they had adopted the official Exposure Notification API, which Apple and Google are evangelizing. The approach will also drain user’s batteries faster, which could impact uptake of the app by the public.
Apple has previously promoted NHS efforts, such as featuring a video statement from the UK’s Chief Medical Officer in the App Store and Apple Music apps. The BBC says that Apple will allow the NHS to release the app to the App Store even though it goes against Apple’s recommendations.
Apple’s solution — which will be available in beta tomorrow — relies on anonymous identifiers that can be collected in a on-device database. When a user reports themselves as COVID-19 positive, everyone else’s devices can check their local list of nearby identifiers to see if there is a match. This preserves user privacy and is very power efficient.
The NHS methodology will still use short-range Bluetooth signals to determine proximity, however it will send all proximity events to a server. The server then performs the matches and manages the distribution of notifications.
The NHS believes a centralized system will allow it to collate more data about the spread of the coronavirus across the country. However, this means every user’s device will be constantly sending information back to NHS servers over the Internet, naturally raising concerns about user privacy and the consequences on battery life.
iOS sandboxing rules automatically limit how much access third-party apps get to Bluetooth data whilst in the background. The NHS app will need to be woken up by the system every time someone else comes close, likely hurting battery life. The recommended Exposure Notification API will not be beholden to these restrictions, and the collection of identifiers happens without waking each app individually.
FTC: We use income earning auto affiliate links. More.