NHS Tracing App – Is it a technical master piece?
Posted by Ann-Marie
4 minute read
On Monday 4th May, the UK Government explained in depth and in clearly written language how its IOS and Android smartphone application – undergoing trials in the Isle of Wight – will work.
In simple terms, you can go shopping to the supermarket, go to work, go for a run and the entire time the App will record all the interactions you have with other people who have got the App installed. This information is stored on your phone, and not centrally. If you become unwell, you go to your phone and upload your interactions to a centralised database and it then sends a push notification to the other people you have interacted with.
Deep diving into the technology which is a master piece of engineering
The App works by broadcasting a uniquely assigned random ID via low powered bluetooth (BLE). This unique ID is linked to the phone and stored in a centralised database. No identifiable personalised data is stored other than the random unique ID. As the person goes about their business, the App in turn collects the random ID’s from the other App’s it interacts with, along with data about the interaction – time and distance. If a person reports they are unwell, they can choose to upload their ID and the other interaction data via the App to the Central Database.
The central database uses an NHS clinical mathematical algorithm to assess the uploaded interaction data and identify the risk posed by each interaction. People (identified by their ID’s) who have had high risk interactions with the unwell person, are sent a push notification to their phone targeted with NHS advice.
From a privacy point of view, it feels solid:
- Your unique randomly assigned ID can only identify your phone and not you personally.
- Your GPS position cannot be tracked.
- Only your interactions with other phones running the App can be traced.
- Only interaction data of unwell people will be stored centrally.
The one concern from a privacy perspective is that the time of the interaction is captured, but this is the critical dimension in tracing the interactions.
Proof of Concept
We took on a Proof of Concept into how the technology might work behind the mobile App, and hit a few technical issues which needed to be overcome:
On Android (since version 8) and IOS, the operating system will not allow an application to broadcast its ID via Bluetooth to surrounding devices when it’s running in the background and not in active use. Apple’s IOS forbids it, and newer Google Android versions limit it to a few minutes after the App falls into the background. This means that unless people have the App running in the foreground and their phones awake most of the time, the fundamental principle underpinning the entire system – that nearby phones detect your phone – won’t work.
We found it will work if you open the App, leave it open and the phone must be unlocked. But if you close it and forget to reopen it, or the phone falls asleep, the app will not broadcast its ID and no other phones around you will register that you’ve been close by.
There is a way to run a background process every 15 minutes. This would set the minimum granularity of scans to every 15 minutes.
Running a bluetooth scan to collect nearby ID’s, is power intensive, so your battery will drain much quicker. There may be some other coding tricks we can use to bring this down.
The Bluetooth BLE broadcast itself, is ultra-low power, and we don’t think this will significantly affect battery life.
The NHS tracing App is an engineering marvel. The software design is solid and the security is good. It will be really interesting to see how the NHS got around the technical problems we encountered in our Proof of Concept:
- Battery drain
- How did they solve the issue of enabling Bluetooth scans whilst the phone is sleeping?
Let’s hope they release the source code so we can all scrutinise and learn from it.