/ Technology

Opinion: COVID app privacy concerns are misplaced

The NHS COVID-19 app may not be perfect, but it does effectively protect your data. Are you using the app, or have you been put off?

Are you using the NHS COVID-19 app? Or have you been put off by the confused, confusing and worrying coverage about test and trace data being shared with the police?

If you’ve been put off, it’s not surprising. The twists and turns of the app are hard to keep track of.

A brief recap: the idea of an app to do contact tracing first popped up in the spring, and an immediate row blew up over how this could be done while protecting users’ privacy.

Google and Apple, whose operating systems power pretty much all smartphones, rushed out a framework that set parameters for how the app can and can’t work.

How your privacy is protected

The app we now have protects your privacy very effectively. That’s because all the data it generates is anonymised and stays on your phone unless you choose to share it.

Your phone generates a small anonymous chunk of data (‘a token’) once a day and a second one that changes every 15 minutes.

The app uses your phone’s Bluetooth low-energy chip to register when you’ve been close to someone using the app on their phone.

The phones exchange their current 15-minute tokens (they expire after two weeks) and these stay on the phones unless one of you tests positive for COVID-19 and uploads the test result to the NHS server.

At the same time as you upload the test result, all the current 15-minute tokens your phone has generated and collected from other phones will be uploaded.

The server then sends those tokens to everyone with the app and alerts those that match that they need to self-isolate.

Anonymous data

All of the data mentioned above is anonymous: not even the police have access to it. And even if they had, they wouldn’t be able to tell who you are.

I’m impressed by the work that’s gone into making it as private as possible.

I’ve installed the app and I’d urge you to do the same: it’s not perfect, but it is built with privacy in mind.

It’s one part of a jigsaw of measures that will, I hope, help us return to something approaching normal life.

Are you using the app? Do you still have concerns?


I downloaded the app to show willing. I am avoiding shops, pubs and other indoor venues but there is always the possibility of being close to others, for example if I had to visit a GP. It is right that we should be concerned about security and privacy but I wish we could silence those who deliberately spread false information.

One of them is on the way out.

I think taking precautions against COVID is better than worrying about whether downloading the app raises security issues. In this case I must assume those dealing with it have dealt with them but the public good, and mine, is of greater importance.

Whatever apps there are, and official rules, sensible people will continue to be very careful and take even more precautions than officially necessary. I am concerned that the 5 day relaxation at Christmas will lead to a rapid rise in infections that will put even more pressure on the NHS. I am more concerned to make sure I, and others, are around for Christmas 2021 than let out to spread the virus this time round. Let’s hope enough of the population feel the same way and aren’t undermined by the others.

Like wavechange, I am using the app. I also agree that it is right for us to be concerned about security and privacy but it would be great if we could silence those who deliberately or unkowingly spread false information.

Kevin says:
27 November 2020

So we only have to worry about the routine surveillance that occurs when you have a mobile phone

Since the government have now apparently spent £22B on our worldbeating test and trace system, perhaps they could have bought some dedicated bluetooth tokens which people could carry if they don’t have the latest smartphone or put it in airline mode when travelling

>>> So we only have to worry about the routine surveillance that occurs when you have a mobile phone <<<

Like what? You can go into any Vodafone shop and buy a so-called "burner phone" over the counter, pay in cash, no questions asked. Buy your top-ups in cash too. Chuck it in a bin and buy a new one every week, if it really worries you that much.

I did this when I needed a temporary phone, just to prove to myself how easy it is not to use any traceable form of payment, or have the phone linked to me in any direct way. And remember, with mobile WiFi, VPN and encrypted messaging like WhatsApp, it's not just voice calls you have full anonymous access to. I could be posting this Convo right now … .

It should worry us A WHOLE LOT MORE that criminals and terrorists would find the whole process so easy and anonymous. What part am I missing exactly?

I'm not naive enough to assume that GCHQ and other government organisations have no way of geo-locating, tracing and monitoring these phones once they have identified a suspect, but they are not going to waste their time on random surveillance of Joe Public. Unless individuals have something to hide or are living in a dictatorship, they really should be more worried about what clandestine activities others are up to, abusing the democratic checks and balances that prioritise our individual privacy rights over those of the state.

Kevin says:
27 November 2020

Well you may or may not be worried about GCHQ surveillance, but recent history demonstrates that the decision on who is a threat is quite elastic in the UK, and has included pacifist groups and trade union activists in the very recent past. Should these people need to ‘have something to hide’ from the government to justify invasion of their human rights?

But I am referring in particular to the FAANGS as was, but other smaller players whose business model is to monetise surveillance. Use of such data in recent elections and referendums was not subject to any other constraint than the profit motive. Big data, surveillance, and AI aren’t something we should just trust to work itself out.

Track and trace has cost £22B so far, they could have bought everyone in the UK an iPhone and had change left over; investment into cheap custom Bluetooth proximity tokens seems to me a useful option for those who can’t afford or don’t want a new Bluetooth LE phone.