Apple and Google are encouraging health care providers around the world to create contact finder apps that work in a decentralized way, letting people know when they were in contact with an infected person, but preventing governments from using that data. to build a picture of population movements as a whole.
But the rules, released last week, only apply to apps that don’t involve creating a centralized contact database. This means that if the NHS goes ahead with its original plans, its application will face serious limitations on its operation.
The app would not work if the phone screen was turned off or an app other than the contact tracker was used at the same time. This would require the screen to be active all the time, which would quickly reduce battery life and endanger users’ personal data if their phone was lost or stolen while the app was in use. .
A spokesperson for the NHSX – the digital transformation branch of the health service – denied the “showdown” claims, “This suggestion is completely false. Everyone agrees that user privacy is paramount, and although our app is not dependent on the changes they make, we think they will be useful and complementary. “
The limitations reflect the problems encountered by Singapore, which released its contact tracking application, TraceTogether, before Apple and Google announced their policies. The app, rated three stars on the Singapore App Store, was installed by only 12% of the population.
“The important thing here is that if you want your iPhones to work with this in your country, then you will need to adhere effectively to Apple’s privacy standard for the system,” said Dr. Michael Veale, professor of digital rights and regulation. at UCL.
“Apple said the privacy standard it demanded was a decentralized system. Otherwise, it will be very difficult to get iPhones to work without a workaround that will simply prevent people from using it. “
The limits exist because modern smartphones tightly control what apps can do with technologies like Bluetooth to prevent privacy breaches. On iPhones, for example, a normal application has strictly limited access to Bluetooth unless it is running in the “foreground” – that is, actively on the screen and in use – to prevent apps from surreptitiously tracking users without consent.
The NHS hoped these limits would be lifted for Covid-19 contact tracing applications, according to a source familiar with the development of the applications.
In a joint announcement on Friday, Apple and Google announced their intention to do so, introducing a new set of tools that public health officials could use starting in May to create apps capable of tracing backward contacts. plan.
But the new tools, which come in the form of an API that allows developers to code applications with special access to Bluetooth, severely limit the information that public health authorities can collect. Most importantly, a public health authority cannot ask a phone to compile a list of all the other phones it has been in contact with.
Instead, it can only perform a much more limited version of contact tracking, which involves sending each phone on the system a list of other phones that have been reported as contagious and asking them, indeed, “have you seen this phone? Said Veale.
The limits will prevent the NHS from obtaining useful information on overall population flows, tracking “near misses” or receiving contact information from people who have opted for the system but have not not recently checked their phones.
On Tuesday evening, during a press call to journalists, Google said that these limits were in place because neither of the two companies wanted to provide functionality in their operating systems to enable surveillance efforts that could to be abused.