Go back

NHSX launches Covid-19 tracking app despite privacy concerns

Developers promise to make app code open-source, and to publish privacy assessment

Privacy is “at the heart” of a new Covid-19 contact-tracing app launched today, its NHS makers have insisted, after researchers voiced concerns over the security of the technology.

Speaking at a Science Media Centre briefing on the launch of the app, Matthew Gould, chief executive officer for NHSX, said he believed the technology would play an important role in the UK’s wider “test and trace” strategy, announced today.

“The underlying logic for doing this is very clear: the earlier we can identify and isolate those who have been in contact with cases of Covid-19, the greater the confidence we can have in releasing restrictions,” he told journalists.

The app, which will be trialled in the Isle of Wight ahead of a wider national rollout, uses Bluetooth technology to register contact when people come within six feet of the user for at least 15 minutes.

If a user becomes symptomatic, they have the option to inform the NHS and an alert is sent out to other users they have been in contact with.

The announcements come after more than 170 UK scientists and researchers in the fields of information security and privacy urged specialists to analyse the health benefits of the app and find out if it is “of value to justify the dangers involved”.

Responding to security concerns about the app, Gould insisted that privacy was “right at the heart of how it works”.

“The app is designed so that you don’t have to give it your personal details to use it,” he explained. “It does ask for the first half of your postcode, but only that, so you can use it without any other personal details at all. It doesn’t know who you are, who you have been near, where you have been. Rather, what it does, is it assigns randomised identifiers to its users.”

Gould added that NHSX had committed to open source the code of the app as well as to publish the privacy assessment, privacy notice, privacy and security models.

Jonathan Montgomery, a professor of healthcare law at UCL and chair of the ethics advisory board for the app, said the board had held a number of roundtables with academics working on privacy and technology as well as focus groups to understand public concerns.

“We don’t think there is a privacy risk, and we think the security risks are in hand,” said Montgomery. “That is what’s been reported to the ethics advisory board, which is satisfied then that it would be appropriate to invite the public to use the app.”

Jonathan Van-Tam, deputy chief medical officer for England, said that the app was “potentially going to be of very great use” alongside traditional epidemiological contact tracing.