from Hacker News

UK’s NHS Covid-19 App

by milen on 5/7/20, 5:44 PM with 23 comments

  • by wtracz on 5/7/20, 7:34 PM

    https://github.com/nhsx/COVID-19-app-Android-BETA/blob/maste... appears to be looking for Apple devices to wake them back up.

  • by splatzone on 5/7/20, 7:32 PM

    Can someone clearly explain the actual privacy risks of the centralised model (that UK Govt is pursuing) over the decentralised model?

    My understanding is that in reporting our unique identifiers (and location data?) to the govt servers, this data could be de-anonymised and misused. But what data is actually being reported and how could it be misused?

  • by bitlevel on 5/7/20, 8:47 PM

    Having perused their Github, I noted the database for x-rays and scans.

    <TinFoilHat>This is being run in 'partnership' with a relative non-entity, who in turn have links to a private American medical company.

    Not sure I'm happy with private NHS medical records being slurped up in this way - unless consent is expressly given - which, based on their website that 'anonymizes' uploaded imagery, I guess we'll never know for sure.</TinFoilHat>

    Good to see the code for both the iOS and Android clients being posted, as this should prove if these clients can ultimately be trusted.

  • by sakisv on 5/7/20, 8:02 PM

    I think I would feel much better about this if it was accompanied by a legally binding declaration that the only entity that will ever have access to these data will be NHS, explicitly excluding any other government intelligence agency.

    This is not a stab against the people who developed it, in fact I know some of the people involved in the development of the application and they have the highest ethical standards.

    The problem is that in the post-Snowden era, no matter the good intentions behind such projects it is naive to not ask for as many safeguards as we possibly can.

  • by abhisuri97 on 5/7/20, 8:08 PM

    Well...at least they’re open sourcing this which is better than letting some company develop the app entirely and keep the code under lock and key.

  • by cameronbrown on 5/7/20, 8:00 PM

    ACCESS_FINE_LOCATION is an immediate red flag. Yikes.. that's gonna be a no from me.

    https://github.com/nhsx/COVID-19-app-Android-BETA/blob/43a16...

  • by benmmurphy on 5/7/20, 9:15 PM

    It looks like they are using beacons that are the same for 1 day. I think the google/apple version uses beacons that last until the bluetooth MAC address changes which I think is 15 minutes on iOS. So you can setup bluetooth devices around the city to track people's movements who are using this app.

  • by Sephiroth87 on 5/7/20, 7:06 PM

    Firebase, seriously???