NHS Tracing App – Is it a technical master piece?

Ann Marie
Posted by Ann-Marie

4 minute read

nhs tracing app on a phone

NHS Tracing App – On Monday 4th May, the UK Government explained in depth and in clearly written language how its IOS and Android smartphone application – undergoing trials in the Isle of Wight – will work.

In simple terms, you can go shopping to the supermarket, go to work, go for a run and the entire time the NHS Tracing App will record all the interactions you have with other people who have got the App installed.  The NHS store this information on your phone, and not centrally.  If you become unwell, you go to your phone and upload your interactions to a centralised database and it then sends a push notification to the other people you have interacted with.

NHS Tracing App – A Deep diving into the technology which is a master piece of engineering

The App works by broadcasting a uniquely assigned random ID via low powered bluetooth (BLE).  The app then links this unique ID to the phone and stores it in a centralised database.  The app stores no identifiable personalised data other than the random unique ID.  As the person goes about their business, the App collects the random ID’s from the other App’s it interacts with. Meanwhile also collecting data about the interaction – time and distance.  If a person reports they are unwell, they can choose to upload their ID and the other interaction data via the App to the Central Database.

The central database uses an NHS clinical mathematical algorithm to assess the uploaded interaction data and identify the risk posed by each interaction.  People (identified by their ID’s) who have had high risk interactions with the unwell person, are sent a push notification to their phone targeted with NHS advice.

From a privacy point of view, it feels solid:

  1. Your unique randomly assigned ID can only identify your phone and not you personally.
  2. Your GPS position cannot be tracked.
  3. Only your interactions with other phones running the App can be traced.
  4. Only interaction data of unwell people will be stored centrally.

The one concern from a privacy perspective is that the time of the interaction is captured. However, this is the critical dimension in tracing the interactions.

NHS Tracing App – Proof of Concept

We took on a Proof of Concept into how the technology might work behind the mobile NHS Tracing App, and hit a few technical issues which needed to be overcome:

On Android (since version 8) and IOS, the operating system will not allow an application to broadcast its ID via Bluetooth to surrounding devices. This is when it’s running in the background and not in active use.  Apple’s IOS forbids it, and newer Google Android versions limit it to a few minutes after the App falls into the background.  This means that, unless people have the App running in the foreground and their phones awake most of the time, the fundamental principle underpinning the entire system – that nearby phones detect your phone – won’t work.

We found it will work if you open the app, leave it open and also leave it unlocked. But if you close it and forget to reopen it, or the phone falls asleep, the app will not broadcast its ID. And as a result, no other phones around you will register that you’ve been close by.

There is a way to run a background process every 15 minutes.  This would set the minimum granularity of scans to every 15 minutes.

Running a bluetooth scan to collect nearby ID’s, is power intensive, so your battery will drain much quicker.   There may be some other coding tricks we can use to bring this down.

The Bluetooth BLE broadcast itself, is ultra-low power, and we don’t think this will significantly affect battery life.

Conclusion

The NHS tracing app is an engineering marvel.  The software design is solid and the security is good.  It will be really interesting to see how the NHS got around the technical problems we encountered in our Proof-of-Concept:

  1. Battery drain
  2. How did they solve the issue of enabling Bluetooth scans whilst the phone is sleeping?

Let’s hope they release the source code so we can all scrutinise and learn from it.

To learn more, take a look at this article – https://www.gov.uk/government/collections/nhs-covid-19-app