Contact tracing app is safe but plans to rate users’ lifestyles for risk are ‘alarming’, says leading software testing group

28 Sep 2020 12:17 PM

A planned development to the NHS Contact Tracing app which will score users’ lifestyles for COVID-19 risk is ‘alarming’ and needs clarity, software testers have warned.

Adam Leon Smith, a Fellow of BCS, The Chartered Institute for IT said: “Comments from the developers about their plans to provide information to individuals about ‘how risky their life is’ based on Bluetooth contacts are alarming.

“These sorts of algorithmic scoring approaches are often inaccurate and can have unintended side effects.”

Before the launch of the app in England and Wales, Wolfgang Emmerich Chief Executive of Zuhlke Engineering said a “personalised risk score” was being worked on, based on how many Bluetooth hits a person receives from others. “That might actually help people get a feel for how risky a life they lead,” Emmerich said.

Smith, who chairs the Software Testing Group for BCS, the UK’s professional body for IT added: “Some data is being stored un-encrypted locally. This isn't of great concern as it appears to be just system configuration data, with the sensitive data being stored by Google and Apple.

“However, as the functionality is expanded to include things like personal risk scores, this needs to be encrypted, and I'm keen to see this isn't passed to the developer's servers to establish a centralised tracking system by the backdoor.

“There are security issues with using Bluetooth in this way, it remains possible for attackers to manipulate the behaviour of the system to given incorrect information to users, however this has been made more challenging through various means.”

He continued: “The developers, along with Google/Apple have done a pretty good job in that the application hangs together and has no immediately apparent high-risk flaws. I'm pleased to see the code in the public domain, so experts can study it and identify issues, as BCS recommended.

“The QR code functionality would have been a great way to provide exposure notification functionality for users of older phones. It is not clear why people need to have the latest iOS release in order to take pictures of QR codes.”

He added: “Given the significant personal effect of a false positive or negative, the developers should publish their test results, including the false positive and negative rates at different distances.

A sustained campaign to increase public confidence in IT, supported by open and ethical data governance, was key to achieving popular adoption of the app, BCS said.