Frequently asked questions

Additional information and answers to some of the most common questions about the NearForm solution to COVID-19 contact tracing apps.

Is any data shared with other parties?

No data identified or de-identified and collected from the app will be shared with other parties or anyone else.

Is the solution approved by Apple and Google for their API use?

The apps are approved on a jurisdiction by jurisdiction basis. Public Health Authorities (PHAs) must apply for this approval to Google and Apple. NearForm cannot apply on their behalf but can assist with and facilitate the process.

Does the app collect location data?

The app does not collect any location data or enable location for any purposes. Apps in some countries (e.g. Ireland) allow people to optionally input their region and town in order to carry out statistical analysis of infections and exposure. See the note from Google on misinformation regarding enabling Location Services on Android.

Can anyone assert that they have been infected and upload their diagnosis keys?

No. Only individuals who have had a positive COVID-19 test and received an authorisation code from a Contact Tracing Center (CTC) can upload their diagnosis keys.

Can the app implement CDC, Mayo Clinic or Johns Hopkins standard questions and answers for symptom checking and monitoring?


Can the app collect de-identified demographics including sex, gender, age group, race, ethnicity, sexual orientation, etc. from the responses of the symptom tracker functionality?

Yes, if compliant with the data protection regulations in the jurisdiction.

Does the app follow accessibility best practices?

Yes, the app has undergone extensive accessibility testing, including input from the National Council for the Blind Ireland.

Can the app be translated into different languages, such as Spanish, Chinese, etc.?

Yes, it is fully internationalised, and the Irish App is already available in two languages. Apps set to be released in September 2020 have five languages built in.

Can the solution securely store positive diagnosis Bluetooth keys as required by the relevant PHA, Apple and Google?

Yes. This can be confirmed by reviewing the source code of COVID Green, which was open sourced.

Does the app work seamlessly on iOS and Android?

Yes, it is implemented in React Native for compatibility with both operating systems.

Can opt-in in-app analytics be provided to the PHA?

Yes, if compliant with the data protection regulations in the jurisdiction.

Can the PHA push out news updates?

Yes, but the specification of how that is to be done must be clarified up front.

Is the app interoperable with mobile apps that other states may procure?

Yes, it can interoperate on a case-by-case basis with other states. It will also support the APHL national server.

Can the app integrate with the contact tracing management system of the PHA?

Yes, but the specification of how that is to be done must be clarified up front.

Can the app integrate with disease surveillance and lab reporting systems?

Yes, but the specification of how that is to be done must be clarified up front.

Can NearForm provide ongoing support until such time as the mobile app is no longer needed by the PHA?

Yes, it is part of our standard offering.

Does the app contain any advertising?


Does the app have any tracking via systems like Google Analytics?


How much bandwidth is used by downloading the keys?

Google states that 14 days’ worth of daily keys for 100,000 COVID-positive people is 22.4 MB.

What do the various SLA Priorities mean?

  • Priority 1 (P1), Critical – Application is severely compromised and not functioning, impacting an extensive number/all end users.
  • Priority 2 (P2), High – A key element(s) of the application is not operational, resulting in a loss of service to an extensive number/all end users or material loss of performance impacting on an extensive number/all end users.
  • Priority 3 (P3), Medium – The application is not functioning as expected and is impacting the optimal performance of the system or a cosmetic defect.
  • Priority 4 (P4), Low – Request for information. Minor error in documentation. Suggestions for improvement unrelated to an error.

What are typical response times offered by NearForm?

These are examples only:

  • Priority 1 – Response = 1 hour; Target resolution = 4 hours
  • Priority 2 – Response = 2 hours; Target resolution = 8 hours
  • Priority 3 – Response = 1 day; Target resolution = next planned release
  • Priority 4 – Response = 5 days; Target resolution = considered for inclusion in next planned release
  • Priority 1 and Priority 2 issues will be handled on a 24 x 7 x 365 basis

Does NearForm provide Level 1 support?

Not usually. Each client will provide Level 1 support to application users, which will include help desk and general user support to log, respond, prioritise, escalate and track reported issues, including routing existing solutions to the end users. Any issue which cannot be resolved via Level 1 support may be passed to NearForm as a Level 2+ issue.

Where is the backend of the solution hosted?

Hosting is on Amazon AWS by default, in an appropriate region for the customer. Other hosting options are available for additional cost and with extended development time.

What AWS services does the app use?

The following services are currently used (this list may change per customer):

  • API Gateway
  • Lambda Functions
  • ECS Fargate
  • RDS Aurora Postgres
  • Cloudwatch
  • AWS Shield
  • CloudTrail
  • ECR
  • Route 53
  • ALB
  • KMS
  • Secrets Manager
  • WAF
  • Parameter Store
  • NAT Gateway
  • Compute Service

What mobile OS versions are supported?

The app runs on iPhones that support iOS 13.5 or later and Android phones running Android 6.0 and higher.