The government has started testing its NHS coronavirus app on the Isle of Wight – and if it works, they hope it will be one of the keys to lifting lockdown restrictions.

But there’s also a lot of confusion over what the app does, how it works – and how much personal information it stores about you.

And there are serious questions about whether the app will even work.

This week Parliament’s Human Rights Committee warned the government not to roll the app out nationwide until it had strict precautions in place to protect users.

But the government insists it’s been transparent about the app’s development and has made security a priority.

If the app’s going to work, at least 60% of the population need to download it and use it – but that’s only going to happen if people trust the government to run it properly.

Here’s everything you need to know about the NHS coronavirus app – in plain English.

How does it work?

The app basically turns your phone into a sonar.

It sends out and receives “pings” using bluetooth – the wireless system used to connect wireless headphones.

When one phone gets a ping from another phone, it makes a note of the other phone’s unique number.

It also records other factors, like how close you were and for how long.

There’s a button in the app which you can use to report that you’ve got coronavirus symptoms.

When you do that, your phone sends the records of all the other phones you’ve been close to up to their database.

Because you can transmit the disease before you notice the symptoms, the database sends a message to the phones of the people you’ve been close to recently, telling them to go into isolation.

What information does it store about me?

The app doesn’t know your name. Neither does the government’s database.

And until you start reporting symptoms, the only other piece of information it asks for is the first half of your postcode.

When you start reporting symptoms, it starts to build up a bit more information on those symptoms, all of which are stored on the government’s server alongside your anonymous number ID.

That doesn’t sound very scary, what are people worried about?

A number of things.

One concern is that the government is building up a map of the people you spend time with.

Let’s look at an example, it’s crude, but bear with me.

The database knows that Person 1 and Person 2 have been spending between 18 and 24 hours a day together, and spend the night in very close proximity to one another.

It’s a safe assumption they’re in a family or household unit – probably a couple.

Now, let’s say the data shows Person 2 spending a couple of hours a week in very close proximity to Person 3, perhaps while Person 1 is out and about or at work.

Someone looking at that database might start to wonder whether Person 2 and Person 3 are having an affair.

The database knows Persons 4, 5 6 and 7 are meeting up regularly for an hour, once a week. That could be a card game, or a trip to the pub – but it could also be an AA meeting or a meeting of a political group.

Point is, if anyone ever did find a way of linking a users identity to their anonymous number ID, they’d suddenly have an incredibly valuable map of everyone’s social interactions.

Good thing it’s anonymous then, eh?

Theoretically, yes.

But as Dr Michael Veale of University College London told the Parliamentary Human Rights Committee: “Effectively it is vulnerable to attack.

“For example, if somebody who controlled the server put a receiver at a passport booth and saw one of the numbers that that person emitted, they would know who that person was throughout time in their future movements over coming days and weeks.”

He also warned that in the future it would be possible for the government to update the app in the future to require registration – perhaps if the government wanted to use it to monitor a ‘traffic light’ style easing of lockdown rules – scoring someone’s risk and the risk of releasing them from lockdown.

Is there a safer way of making a contact tracing app?

Maybe.

The biggest vulnerability in the current app is that it sends your interactions to a central database – a computer owned by the government.

They didn’t have to do it that way – in fact, it would have been easier to do it another way.

Apple and Google, who make the software for most smartphones, teamed up to agree on a system that did the same job of sonar pinging other phones.

But while it talks to a central database to tell it you’ve got symptoms, it doesn’t tell the database who you’ve been in contact with.

Instead, it downloads the list of people who’ve reported symptoms and checks whether you’ve had contact with them on your phone instead.

The Apple and Google method has a number of other advantages.

More countries use that system, so when people arrive from overseas, our app would be able to talk to their app.

And Apple and Google’s system is baked right into your phone. They’re already collecting the IDs of other phones you’ve been near to – so they don’t need to wait for you to install the app to start building up the list.

There’s another potential problem, which I’ll come to later.

So why did the NHS app developers decide to do it this way?

Because they want more data.

Not necessarily in a bad way, but that’s the head and tail of it.

The developers say they wanted to collect the information on their database and tie it to a postcode area because it’ll help them do other things, like plan hospital capacity and track the geographical spread of the virus.

But the app’s terms of use totally allow them to change their mind and do whatever they want with that massive diagram of everyone you’ve spent time with recently.

How long do they keep my information for?

The information on your phone is kept for 28 days.

And if you delete the app, you delete the information with it – as long as you haven’t reported symptoms.

If you have reported symptoms, and your information has been added to the database, it gets kept for “no longer than required”.

But the terms of use say it can be “retained for research in the public interest” – by the NHS, the Department of Health or other agencies they share it with.

Now for the most important question – will it affect my battery life?

Maybe.

The developers say the app sends its pings using “Bluetooth Low Energy” – so it doesn’t drain your battery.

But there’s a problem. Because the developers have chosen not to use Apple and Google’s baked-in system, they have to follow the normal rules the same as any other app.

And both Apple and Google strictly clamp down on apps pinging other phones using bluetooth, unless the app is running on the screen at the time – and the phone is unlocked.

The developers say they’ve found a way around this.

They say that while the app can’t send pings in the background, it can receive them – and when it receives one, that can wake the phone up and start sending them again.

As the app is still being tested, we don’t yet know how well this would work – but we can’t see how it would work well without a huge number of people agreeing to use the app all the time.

Developers reckon they’ll need 60-80% of people who are out and about to be using the app for it to work. That seems like a lot to us.

What do the government say about all this?

You can read their frequently asked questions and explanation of how it works here

The Prime Minister’s official spokesman said: “We prioritised security and privacy throughout the app’s development with expert advice from the National Cyber Security Centre (NCSC).”

The NCSC is an arm of GCHQ, the government’s surveillance agency.

Sign up for the Mirror Politics newsletter

From the coronavirus to Brexit, this is an era of great change and uncertainty. Events in Parliament have rarely been so crucial – or confusing.

Our daily politics newsletter is there at 8.30am to guide you through these turbulent times.

Written by the Mirror’s Head of Politics Jason Beattie it includes sharply-written commentary, a concise overview of events in Westminster and a sprinkling of gossip. There’s then a 4.30pm bullet-point update with the day’s headlines.

Don’t miss a thing – sign up for the Mirror Politics newsletter by visiting www.mirror.co.uk/email.

He went on: “Users can delete the app and its data whenever they want and we will always comply with relevant laws, including the data protection act. We’ve also published the security and privacy designs so experts can ensure security remains as high as possible.”

This is not entirely accurate. While users can delete the app, and any data held on their phones, this does not delete any data held on the government’s server.

The spokesman added: “We have been very transparent about the app and some detailed information is being made available by the NCSC, setting out exactly how it will work. Experts have been able to study that.”

Read More

Coronavirus outbreak

The spokesman went on to indicate the option of switching to the Apple and Google model was still on the table.

He said: “We’ve set out our plans for a centralised model and that’s what we’re taking forward but we will keep all options under review to make sure that the app is as effective as possible.”