UK virus app contains privacy loopholes, advocacy group says

A UK National Health Service employee looks at new NHS app to trace contacts with people potentially infected with the coronavirus disease (Covid-19) being trialled on Isle of Wight, Britain. The app has faced questions from privacy experts who say its system gathers too much information about users. — Reuters

The UK’s contact-tracing mobile phone app includes code that could allow authorities access to a user’s detailed location data and to send information to Microsoft Corp and Alphabet Inc’s Google, according to an initial technical analysis carried out by Privacy International.

Like governments around the world, the UK is developing a voluntary mobile app that uses Bluetooth technology to trace possible infections of the coronavirus, alerting users when they may have been near someone infectious. Authorities say the tools will help track and contain any resurgent outbreaks of the virus once lockdown measures lift.

But the UK’s app, which rolled out for trial on the Isle of Wight on May 7, has faced questions from privacy experts who say its system gathers too much information about users.

The NHS says on its website "it will not be able to track an individual’s location”, but the app includes mandatory permission requests to collect both GPS and network-based location information, according to Christopher Weatherhead, a technology lead at Privacy International, which carried out analysis on both Android and iOS versions of the app.

The permissions are necessary for the Bluetooth technology to function, the privacy group said, adding that it didn’t believe the app was currently using location data. But the researchers expressed concern this could easily change with future software updates given the permission would have already be granted.

"This would mean additional, very accurate data about the users’ location could be collected without additional consent,” Weatherhead said in a report obtained by Bloomberg.

Representatives for the NHS, Google and Microsoft didn’t immediately respond to a request for comment.

The NHS granted Privacy International early access to the app, whose researchers used an internal version of an app-auditing platform called Exodus Privacy and other tools to carry out an initial analysis. It said it still plans to do more in-depth testing of the app.

The group’s findings show the app also includes code for Google Firebase Analytics and Microsoft Appcenter Analytics trackers, which collect data about the user. Based on an initial analysis, the app sends Microsoft data about a user’s interaction on the app, though not the actual content, Weatherhead said, adding the extent of the information sent to the companies is still unclear.

Privacy International also said its cursory testing suggests that only those with modern smartphones will be able to run the app, likely excluding those who can only afford cheaper devices. Researchers have said a majority of the population needs to download a contact-tracing app for authorities to successfully map the virus.

The UK’s app has been built for the NHS by VMware Pivotal Labs, a software development consultancy that’s part of VMware Inc. Several other organisations are actively helping the NHS to develop and test the app. – Bloomberg

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3

Did you find this article insightful?


50% readers found this article insightful

Next In Tech News

Ten years ago today, Groupon turned down Google’s US$6bil offer – here’s what’s happened since
Apple Pay targeted in Dutch antitrust probe into payment apps
Intern builds billion-dollar company inspired by mom’s comment
AI paintings of Chinese landscapes pass as human-made 55% of the time, research by Princeton student shows
Google scientist’s abrupt exit exposes rift in prominent AI unit
Dangerously viral: How Trump, supporters spread false claims
Chinese cities target facial recognition to curb abuse of personal data
MCMC: Stay alert and report fake accounts
‘Genshin Impact’ wins best game accolade from Apple and Google, extending China’s winning streak
Trump signs order on principles for US government AI use

Stories You'll Enjoy