top of page

Pandemic Android: an overview of the recent NHS COVID-19 app

Charlotte Tomlinson provides an outline of the new NHS COVID-19 app, how it works, and its efficacy so far.

On the 24th of September, the Government launched a new app in England and Wales originally developed by NHSX, called NHS COVID-19. The purpose of the app was to use contact tracing to track those who have been exposed to the virus. Contact tracing is where personal data (information that can be used to identify a living person) is used to catalogue people who may have been in contact with an infected individual. Users could also check alert levels in their area, book a test, and check into venues by scanning a QR code.

How does the contact tracing app work?

The app requires the user to enter the first half of their postcode and records the model of their phone. Any users/phones they have been in contact with are recorded via Bluetooth. This is done by exchanging random ID numbers with other devices in the vicinity, which have the app downloaded. The user is then notified via Apple and Google’s Exposure Notification system. So the idea is, you sign into a place by scanning the QR code, and if someone else there later reports a positive test through the app, you would be notified.

The app has a 'centralized' model, meaning a central server belonging to an organisation is involved. Therefore, the NHS can use the data to track the spread of the infection. Recorded positive cases go straight to the central server, then the server can then alert app users that have encountered the positive case. Any data recorded would be deleted after 28 days.

How successful has the app been so far?

For the app to be effective in stopping the pandemic, 56% of the UK population need to download it. So far, the app has been downloaded over 10 million times, with 460,000 businesses printing QR codes and users making 1.5 million venue check-ins. This is a positive response from the public, indicating that the app can be an effective and central feature of the Test and Trace program in monitoring and containing the spread of the virus.

However, the unprecedented amount of data collection by the Government raises ethical questions about data privacy rights. For instance, it has been reported that restaurants have been selling their customers’ names, addresses and phone numbers to the highest bidder (often credit and insurance companies).

Data hoarding is a significant problem with the centralised model. Data stored in the model is meant to be deleted after 28 days, but reported positive cases are kept for longer. Initially Public Health England wanted positive cases stored for 20 years, but campaigning from the Open Rights Group has reduced that to eight. Germany moved from a centralised to a 'decentralised' model, meaning no central server is involved and everything happens on individual phones instead. This avoids less personal data being shared and ensures more protection over privacy.

Many users have also complained about false notifications from the app. Many have received a notification about possible exposure, with no follow up information regarding whether or not they should self-isolate. This faulty notification is due to differences in the iOS and Android operating systems, which NHSX cannot directly fix but has to work around due to server commitments. If this were a decentralised system, Google and Apple would have to guarantee its software’s compatibility with the different operating systems.

From COVID-19 mini issue, 2020

For more information, see;

11 views0 comments


bottom of page