UK 'racing' to improve contact tracing privacy without Apple and Google

The U.K. contact tracing app. Credit: NHS.

In April, the NHS rejected the Apple-Google Exposure Notification framework, which lets public health groups build apps that can track the spread of coronavirus by alerting users who may have come into contact with an infected individual.

Without the Apple-Google framework, the NHS's contact tracing app will only be able to function properly on iOS if it's actively running in the foreground and a device is unlocked. According to technical experts who spoke to The Guardian, that could severely hamper its effectiveness.

The NHS opted out of using the Apple-Google toolkit because of the way it wants to store user data. The tech giants' system mandates that user data is stored in a decentralized manner. The NHS, on the other hand, want to keep information in a central database.

There are growing concerns among U.K. officials that the public won't adopt it, due to privacy concerns raised by security experts. The Guardian notes that the NHS isn't ruling out stronger privacy safeguards, such as a sunset clause that would see the contact data deleted after the pandemic is over.

Robert Hannigan, a former director for the U.K. signals intelligence agency, the GCHQ, said the app may not be a threat to individuals, but agrees that the "exercise in surveillance" should be reviewed after the crisis.

Public health groups in other countries are facing a similar set of issues. In the U.S., for example, lawmakers and the president have expressed concerns about the system's privacy.

France is also moving ahead with a contact tracing app that won't rely on the Apple-Google API, and also recently shamed Apple for not sacrificing user privacy for coronavirus aid.