Coronavirus: How the NHS app differs from other countries – and why that has led to privacy concerns

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

The UK's coronavirus app differs from those of other countries in key ways – and those decisions have led to a host of privacy concerns.

The app is now in testing on the Isle of Wight, and senior government figures have urged people to download it to do what they can to stop the spread of the disease and help bring an end to lockdowns and other measures.

But critics continue to question the design of the app, which departs from many other countries' approach. Those decisions could compromise the privacy and security of its users, they warn, as well as undermining the reliability of the data.

The chief decision that has come in for criticism is the UK's decision to opt for a "centralised" approach, meaning that phones send data to the NHS, where it is analysed and used by its servers. Many other countries have opted for the opposite approach, where data is not collected on one central server but rather on specific people's phones.

Though the data is anonymised – and only includes limited information, such as the first half of a user's postcode – the fact that it is fed into a centralised server has led to fear that the data could be less secure than hoped.

Privacy campaigners argue that the centralised approach means that the government could access that data for intrusive analysis in the future. It has also been suggested by groups such as Amnesty International that the decision could open the door to further surveillance, with citizens finding it harder to opt out.

Security experts have also warned that the data being secured in one central server makes it more liable to attack. If a person broke into the server, they may be able to take the data, or manipulate it to create anomalous and false reports.

Many other countries have instead opted for a decentralised approach, which is also backed by Apple and Google, and remains the most popular way of storing the data. With that kind of approach, the intimate data collected by the app would be stored on the phone, and the analysis would be conducted on individual devices, meaning that their owners would be more in control of what is done with the information.

Some other countries including France and Norway have opted for a centralised approach. Proponents argue that it is better because health officials can analyse it for a better understanding of the disease and its spread.

The other key difference in the UK's app is that it relies on self-reporting, rather than testing. In practise, that means that you will tell the app if you find yourself with symptoms – potentially leading to false reports, and false alerts on other people's phones.

Potentially misleading alerts caused by people mistaking their symptoms for covid-19 is not the only danger of that decision. It also means that people could intentionally send in false reports without any obvious way of checking them, which could in turn lead to falsehoods in the app's data.