Despite ministers’ repeated assurances that Australia’s Covidsafe contact tracing app was functioning well, the government has finally admitted that the app doesn’t work properly on iPhones. The agency in charge of the app has signalled the likelihood that it will need to integrate Google and Apple’s decentralised framework in order to ensure the app runs continuously on iOS handsets. This could signal trouble for the UK, which has also opted for a centralised app – will it be next to shift to a decentralised approach?
Apple and Google are developing a decentralised framework for Covid-19 contact tracing apps that will be able to run seamlessly in the background while other apps run in the foreground or the phone is locked. Ostensibly due to privacy concerns, the companies have said that only contact tracing apps that adopt a similarly decentralised architecture will be able to run in the background of handsets running iOS and Android (i.e. pretty much every handset).
In theory, this means centralised apps are not be able to emit the Bluetooth identifier (required to log an interaction with another phone) while the smartphone isn’t on and the app isn’t open. Despite this, both Australia and the UK have ploughed on with their centralised apps, and both claimed to have devised workarounds to enable the app to work regardless.
However, Guardian Australia reported that the head of the Digital Transformation Agency, the body tasked with developing the app, told Australia’s senate committee that although the app was apparently able to function in the background on iOS devices, it was less effective at exchanging Bluetooth identifiers when this was the case, or when the phone was locked.
This contradicts a live demo of the tech posted on Twitter by software developer and ABC journalist Joshua Byrd. His video shows that as soon as the iPhone is locked or the Covidsafe app closed, the Bluetooth identifier necessary to log an interaction with another smartphone stops emitting.
The UK claims to have found a way to skirt this devilish issue. In iPhones running the NHSX app, the app isn’t able to run continuously in the background, but it can passively listen out for the Bluetooth identifier of other phones that are actively running the app. Once it ‘hears’ the identifier of another phone, it ‘wakes up’ and registers the interaction (by executing some code) before returning to a dormant state. This is less energy efficient than Apple and Google’s framework because the app has to be activated each time, rather than running in the background.
But there are bigger problems too. While just about workable in theory, it means that in practice, iPhone users would have to be around either an Android user with the app installed, or an iPhone user with their phone unlocked and the app running in the foreground in order to exchange Bluetooth identifiers and register an encounter. Two iPhone users who both had their phones locked or both had a different app foregrounded wouldn’t register each other.
The BBC reported yesterday that the NHSX team behind the app insists this isn’t the case. And freelance app developer Jason Kneen, who tested out the software, said it appeared that the app was able to run in the background on iOS devices for up to an hour. Another potential ‘workaround’ for the NHSX app might be frequently nudging people to ‘relaunch the app’ in order to keep themselves secure. Wider rollouts and the source code (which NHSX says it will publish) are needed to determine exactly how well the tech will work in practice, but what happens if it runs into the same problems as the Australian app?
The UK’s smartphone market bucks global trends in that Apple holds a market share of close to 50 per cent, according to data from Statista. This means about 50 per cent of smartphones use iOS, and could potentially struggle to run the NHSX app in the background.
If Australia flips from a centralised to decentralised model, this makes it more likely that the UK will have to do the same. Germany recently shifted from a centralised to decentralised approach – an approach also chosen by Austria, Switzerland, Estonia and the Czech Republic. France, like the UK, is forging ahead with a centralised model despite its exhortations to Apple falling on deaf ears.
Speaking at the human rights committee on Monday, NHSX CEO Matthew Gould said that if privacy was the only consideration, then the team working on the app would likely have opted for a decentralised approach. However, the centralised approach can yield more data, which the group wants to use in areas such as NHS resource planning and epidemiological research. However, Gould said that this approach wasn’t set in stone. “We’re not […] irredeemably wedded to one approach. If we need to shift, then we will,” he said. With Australia’s latest pivot, this eventuality is looking ever more likely.