
UK’s NHS Covid-19 App - milen
https://github.com/nhsx/COVID-19-app-iOS-BETA
======
wtracz
[https://github.com/nhsx/COVID-19-app-Android-
BETA/blob/maste...](https://github.com/nhsx/COVID-19-app-Android-
BETA/blob/master/app/src/main/java/uk/nhs/nhsx/sonar/android/app/ble/Scanner.kt)
appears to be looking for Apple devices to wake them back up.

~~~
jeffrallen
No, that comment is referring to the fact that advertisements change their
format when an iOS device is sleeping, and thus devices listening need to
filter on a different UUID.

------
splatzone
Can someone clearly explain the actual privacy risks of the centralised model
(that UK Govt is pursuing) over the decentralised model?

My understanding is that in reporting our unique identifiers (and location
data?) to the govt servers, this data could be de-anonymised and misused. But
what data is actually being reported and how could it be misused?

~~~
cameronbrown
Imo the threat here isn't just the government - that's a concern, but if
you've been tested positive, the NHS already know you.

The bigger issue is potential leaks or poor access controls resulting in a
malicious third party gaining access. With the decentralised approach where
Apple/Google control access to their APIs, the threat surface is significantly
reduced (e.g. contact tracing apps cannot also use geolocation)

Disclosure: Also a Google employee.

~~~
rozab
And so the question remains:

>But what data is actually being reported and how could it be misused?

All advertisers already know who I live with, and if I'm obeying social
distancing I will only be coming into contact with strangers. Is this data
really more sensitive than the stuff we firehouse out every day?

------
bitlevel
Having perused their Github, I noted the database for x-rays and scans.

<TinFoilHat>This is being run in 'partnership' with a relative non-entity, who
in turn have links to a private American medical company.

Not sure I'm happy with private NHS medical records being slurped up in this
way - unless consent is expressly given - which, based on their website that
'anonymizes' uploaded imagery, I guess we'll never know for sure.</TinFoilHat>

Good to see the code for both the iOS and Android clients being posted, as
this should prove if these clients can ultimately be trusted.

------
sakisv
I think I would feel much better about this if it was accompanied by a legally
binding declaration that the only entity that will ever have access to these
data will be NHS, explicitly excluding any other government intelligence
agency.

This is not a stab against the people who developed it, in fact I know some of
the people involved in the development of the application and they have the
highest ethical standards.

The problem is that in the post-Snowden era, no matter the good intentions
behind such projects it is naive to not ask for as many safeguards as we
possibly can.

------
abhisuri97
Well...at least they’re open sourcing this which is better than letting some
company develop the app entirely and keep the code under lock and key.

------
cameronbrown
ACCESS_FINE_LOCATION is an immediate red flag. Yikes.. that's gonna be a no
from me.

[https://github.com/nhsx/COVID-19-app-Android-
BETA/blob/43a16...](https://github.com/nhsx/COVID-19-app-Android-
BETA/blob/43a167f8dba422fd9001b64f9c4fd82275abb1c8/app/src/main/AndroidManifest.xml)

~~~
danielmg
Did you read the notes in the link next to that item?

"In order to use Bluetooth features in your application, you must declare the
Bluetooth permission BLUETOOTH. You need this permission to perform any
Bluetooth communication, such as requesting a connection, accepting a
connection, and transferring data.

You must also declare the ACCESS_FINE_LOCATION permission, given that LE
beacons are often associated with location. Without this permission, scans
won't return any results."

~~~
cameronbrown
Sure, but the Google/Apple contact tracing APIs do not need this.

~~~
senectus1
do these exist yet?

My understanding is those are still in development and haven't yet been pushed
to the world.

~~~
cameronbrown
The API interfaces were published, but you're correct implementation is yet to
ship.

[https://blog.google/documents/55/Android_Contact_Tracing_API...](https://blog.google/documents/55/Android_Contact_Tracing_API.pdf)

------
benmmurphy
It looks like they are using beacons that are the same for 1 day. I think the
google/apple version uses beacons that last until the bluetooth MAC address
changes which I think is 15 minutes on iOS. So you can setup bluetooth devices
around the city to track people's movements who are using this app.

------
Sephiroth87
Firebase, seriously???

~~~
proactivesvcs
And Microsoft Appcenter Analytics: [https://reports.exodus-
privacy.eu.org/en/reports/uk.nhs.nhsx...](https://reports.exodus-
privacy.eu.org/en/reports/uk.nhs.nhsx.colocate/latest/)

~~~
erinaceousjones
Which they're using to track a couple of events, i.e. when the app fails to
register with the API: [https://github.com/nhsx/COVID-19-app-Android-
BETA/blob/maste...](https://github.com/nhsx/COVID-19-app-Android-
BETA/blob/master/app/src/main/java/uk/nhs/nhsx/sonar/android/app/analytics/AnalyticEvent.kt)

(Though that analytics platform itself does do device fingerprinting, inasmuch
as detecting phone model, OS version etc -- I assume no individually
identifying stuff like IMEIs, but who knows what a bad actor can do with
sufficient entropy?)

