Home/Covid-19/4 lessons learned from building government contact tracing apps
As the working world was interrupted, sidelined and reimagined in the first half of 2020, operations at NearForm continued relatively unchanged. That was until a call came in that kicked off what has been nearly three months of developing, changing, testing and releasing Covid-19 contact tracing apps for governments and health authorities around the world.
A few apps later, we’ve learned some things that will benefit any organisation or authority looking to develop, release or improve a contact tracing app. We’re not done yet, but now we’re working from a well-tested place of understanding both the technology and the challenges and concerns around its application. Here’s a quick overview of some key lessons.
The centralised model is limited
When it comes to tracing Covid-19 contacts through technology, you can take either a centralised or a decentralised approach. In the simplest terms, a centralised app stores contact event data on a server that is hosted by a government or state, while the decentralised model keeps that data stored on individual phones. That means each user’s phone functions as a separate, secure, encrypted data record, which stays in your pocket until you give consent to share it.
When the need for contact tracing apps arose, the centralised model was favoured because it more closely aligns with how manual contact tracing works. Every country based their apps on the use of centralised data — as we did with early iterations.
However, while various countries pushed to release those early apps, our collaborators quickly determined that the centralised model simply wouldn’t work for governments and health authorities. Regardless of how the apps themselves are built or how restricted their use of the data is, privacy concerns remain that could stop people from using the app.
Coming to this realisation early alongside the authorities we were working with allowed us to plough all our time, effort and knowledge into creating an effective solution based on a decentralised model.
These apps push smartphone technology to its limits
The reality is that all these smartphones were never designed to facilitate contact tracing. Bluetooth technology was not created to enable this kind of communication between devices. Yet, it’s what we have.
In the course of designing, building and testing contact tracing apps with our collaborative partners, we have come to understand these technological limitations very well. And we’ve worked tirelessly to devise solutions and workarounds.
For example, early on we came up against a wall when trying to ensure the Bluetooth signals would work even if the phone was inactive in someone’s pocket, so we reached out to Apple to see how we could work together to find a way around the restrictions.
Other problems surfaced with letting Apple and Android devices communicate seamlessly with each other — which became part of the motivation for Apple and Google to come together to devise a protocol that allows the efficient use of Bluetooth for proximity detection.
So the technology may not be perfect, but it is effective and available. It lets countries build contact tracing apps that uphold the strictest of privacy protections while helping to control and monitor the spread of Covid-19. These collaborations have pushed the limits of what’s possible now and helped define what will be needed in the future.
Privacy is paramount
Some aspects of the centralised model could be seen as favourable. For example, such apps could provide public health officials and epidemiologists with a view of everybody an infected person had been in contact with, where and when. They would then have a far better idea of who was infecting whom, how many people were being exposed and who any super-spreaders were. That data could be graphed and mapped to see plumes and spreads, all thanks to the app.
However, that would require identifying individuals (even if not using their real names) and collecting their data in a central source. And that would mean having specific information about an individual that could, with work, be used to profile and identify them.
And that is unacceptable in modern society. From the first mention of contact tracing apps, much has been said about possible privacy issues, irrespective of how the technology would function. More than the legalities of how and what data would be managed, the prospect raised a major barrier to getting public buy-in for and adoption of any app.
Recently we’ve seen privacy concerns escalate over the centralised apps rolled out in other countries. In mid-June, Norway deleted its contact tracing app because of privacy issues. The United Kingdom has announced that it will switch to the Apple-Google API to build its new app after working on development of a centralised version.
Luckily, when we and our collaborators identified these issues early on, everyone involved agreed that they could not be resolved and that another solution had to be found. The team were already in touch with Apple when they and Google announced their joint API effort, so we were able to be one of the first to use that technology.
We saved a lot of time by quickly refocusing on an effective and realistic solution. What’s more, it validated what we already knew: privacy wins over all other concerns or wants.
Collaboration is the key
Throughout our contact tracing app projects, we have collaborated closely with government officials, public health authorities, safety and police authorities, behavioural researchers, data protection officials, Apple, Google and more.
The technical side of designing and building an app, where we excel, is just one aspect of everything that must come together to create an effective, secure, successful contact tracing app. Rapid development of a tech solution is one thing, but rapid development for a government that’s fighting a global pandemic brings up a wholly unique set of challenges. And collaboration is the only way to address them.
For example, the behavioural analysis reports required to inform government and their tech partners of specific needs and challenges for a public app would usually take at least a year. For these contact tracing projects, such analysis has been done in weeks.
From the start of our work with contact tracing apps, we’ve been honest about problems and positive about finding solutions — and we’ve been lucky to be working with governments and health authorities who are committed to the same. That kind of collaboration and focus has let us all go above and beyond to find solutions that work.
We’re not done yet
NearFormers and our partners and clients know that we are the right call for projects requiring deep technical knowledge and experience with successful, accelerated delivery. Building contact tracing apps has challenged us in new ways, and we’ve learned a lot. Most of all, we’ve learned that we’re not done yet.
The world is only just opening up, and we’ve yet to see or understand the lasting implications of Covid-19 on the way people interact, work and travel. One thing that is clear is that contact tracing apps will be part of our next normal, whether for the short or long-term.
It is too early in this journey to see or analyse any actionable results from the apps we’ve collaborated on. However, while they may not be 100% perfect, for now, they are the world’s leading solution and a massive step in the right direction.