Countries around the world are struggling to create contact tracking apps to help track the spread of COVID-19. But a beta app launched by the UK this week shows the enormous challenges they face and, crucially, the difficulty of designing an effective app without the help of the tech giants who make our phones.

The UK is one of the few countries that has chosen to create a contact tracking app that is incompatible with the contact tracking API that Google and Apple are currently developing. Rather than decentralize data across devices, the UK will bundle the information it collects into a single database operated by the National Health Service, or NHS.

UK says it can stop the spread of COVID-19 faster if it controls the data

The government argues that this will provide a better understanding of the spread of COVID-19 and allow the NHS to decide which users are most at risk. However, privacy advocates caution that it creates new avenues for state surveillance. It already appears that the UK government has undermined prior assurances that it will not share the data it collects outside of the NHS, suggesting that other organizations may use the information for public health research in the future. This is something that Apple and Google prohibit for any app that uses its API, and another reason why the UK has to build their app without the help of companies.

But in addition to privacy concerns, researchers have identified a major problem in the UK's efforts to create an app without Google and Apple – it just won't work as advertised.

The central theme is familiar to mobile security experts: app permissions. Contact tracking applications use Bluetooth to create a record of nearby devices that use the application and, by extension, the people users have contacted. When a user is diagnosed with COVID-19 or starts showing symptoms, it notifies their app which then rings those people's devices. Some apps, like the one developed by Singapore, constantly stream Bluetooth pings to find nearby devices. Others, like the one built by the UK, try to create active Bluetooth pairings or "handshakes,quot;.

The problem is that both Google and Apple restrict how apps can use Bluetooth on iOS and Android. They don't allow developers to constantly stream Bluetooth signals, as that type of background streaming has been exploited in the past for targeted advertising. How Register Reports, iOS apps can only send Bluetooth signals when the app is running in the foreground. If your iPhone is locked or you are not looking at the app then there is no signal. The latest versions of Android have similar restrictions, they only allow Bluetooth signals to be sent for a few minutes after an app has closed. Such restrictions will prevent devices from pinging each other in tight spaces, dramatically reducing the effectiveness of any contact tracking application.

%MINIFYHTML615671b846f28ee33b4c558d250b303312%

Google and Apple can rewrite these rules for their own contact tracking APIs because they control operating systems. But for countries trying to do it alone, such as the UK, the restrictions could be literally fatal. IPhone users with the app installed can interact with someone who is later diagnosed with COVID-19 and never know it, if their phone doesn't keep track of their interaction.

The UK government has hinted that it has created an unknown alternative solution to these problems, and there are certainly subtleties in how these protocols work that could work in your favor. For example, while iOS devices cannot constantly transmit Bluetooth signals, they can receive them from older Android devices. Doing so would essentially wake up the software and allow the application to exchange vital data.

It is possible to argue, then, that the UK app will work in urban settings where there is a mix of old and new iOS and Android devices in constant use. But experts say this is a far cry from a reliable mechanism needed to track the spread of a deadly disease, especially considering that the UK's iOS market share is more than 50 percent.

Google and Apple have worked at "lightning speed,quot; in their API

Speaking to The edge, digital rights expert Michael Veale, who is also part of an international consortium developing decentralized contact tracking protocols, says there really is no way to build a contract tracking system without the help of Apple and Google, whom praised for working on "lightning speed,quot; on the subject. "They have been moving much faster than we would expect," he said. "They have provided a unified way that works across borders (and) that many countries are using."

But it is impossible to predict exactly how the UK's problems will unfold. The beta contact tracking app will only launch this week as a small pilot on the Isle of Wight, an island with a population of 141,000 on the south coast of England. The UK government still has time to modify its functionality or switch to a decentralized system, just as Germany did last month. As the coronavirus has shown, although each country has to fight its own idiosyncratic battle with the virus, that does not stop them from learning from others.

“The alternative to working with (Google and Apple) is to create a system that doesn't work on iPhones, that leads to centralized databases that destroy trust, and that doesn't work across borders and therefore doesn't help. to open international travel, "says Veale." This is the British problem. "