Frequently asked questions

Additional information and answers to some of the most common questions about NearForm’s COVID-19 contact tracing solutions. For customers seeking to deploy their own COVID-19 application.

Who is this FAQ for?

The information contained in this FAQ is for Public Health Authorities (PHAs) that wish to explore the possibility of deploying their own COVID-19 contact tracing/exposure notification mobile applications. While the FAQ contains information which will be useful and interesting for individual users and potential users of COVID-19 applications, apps for each PHA will likely be implemented at least slightly differently depending on requirements. For specific user-related information about application functionality and privacy practices, users should consult the public information provided by the PHA.

What does an exposure notification app do?

The goal of an exposure notification app is to help members of the public protect themselves, their loved ones and others by slowing the spread of COVID-19. It continuously and anonymously records the presence of other app users. If a user tests positive for COVID-19 and consents to anonymously share that information, other users can then be notified that they may have been exposed and be told what to do next. This is all anonymous and the identity of users is never shared by the app. The app helps to break the transmission chain of the virus, limiting its spread, thereby protecting citizens and their loved ones.

How do exposure notification apps work?

When people are near each other, the app on their phones exchanges regularly-changing, anonymous Bluetooth IDs. If a person tests positive for COVID-19 and has the app, the relevant Public Health Authority (PHA) enables them to upload their own anonymous IDs from inside the app. The app on all other users’ phones regularly downloads the IDs of people with positive diagnoses and checks if they have seen that ID in recent days. If they have, and the exposure meets certain criteria, the app notifies those users that they have been exposed and lets them know what to do next e.g. self-isolate and get a test.

Please select one of the topics below for further information.

How does the Apple/Google system work?

Apple and Google initially released the Exposure Notification Service (ENS) for iPhone and Android in June 2020. The Service provides the underlying Bluetooth scanning, anonymous ID storage and distance estimation functions. Public Health Authorities contract companies like NearForm to build custom apps that use the Service. Neither the Service nor the apps are able to do any location tracking of users. Everything is done in an anonymous fashion to protect privacy.

Is the NearForm solution approved by Apple and Google for their API use?

The apps are approved on a jurisdiction by jurisdiction basis. Public Health Authorities (PHAs) must apply for this approval to Google and Apple. NearForm cannot apply on their behalf, but can assist with and facilitate the process.

Can the app implement CDC, Mayo Clinic or Johns Hopkins questions/answers for symptom checking/monitoring?

Yes.

Can the app collect demographic information like Sex, Age, Race, Sexual Orientation etc. if provided by the user?

Yes, if required, and as long as it complies with the data protection regulations in the jurisdiction.

Can NearForm include symptom monitoring/tracking?

Yes, NearForm can include the ability for users to record symptoms in the application and to share that information with PHAs (subject to relevant data protection laws) to help PHAs monitor potential outbreaks.

What is EN Express?

  • Apple and Google announced EN Express in September 2020. This is a facility to provide core Exposure Notification functionality to users without the need for a custom application. NearForm applauds Google and Apple for helping to address a subset of jurisdictions who have been unable, for whatever reason, to build a custom app.
  • NearForm’s apps can provide fully-customized screens, text, national and regional statistics, symptom recording/journalling and recommendations if someone is not feeling well, in addition to any other State-specific requirements and integrations. This is not possible with EN Express.
  • NearForm expects that some States may start with EN Express and will then engage with us to build something more customized to their particular needs. NearForm can also bring all of its knowledge of and expertise in working on the world’s most successful ENS App, COVID Green, to every engagement.

Does the app collect location data?

The app does not collect any Location Data or enable location for any purposes. However apps in some countries (e.g. Ireland) allow people to optionally input their region and town in order to carry out statistical analysis of infections/exposures. See note from Google regarding the enabling of Location Services on Android.

Does this app compromise members of the public’s privacy?

  • No, this app uses the Google/Apple Exposure Notification system (GAEN), based on a privacy-protecting decentralised approach
  • Most of the work is done on your phone, rather than on servers and no personally identifiable information leaves your phone in normal use.
  • All of the data is kept on the user’s phone except for the anonymous keys that they can choose to share if they receive a positive diagnosis.

What data do members of the public need to provide?

When setting up the app, users have the option to provide a contact phone number which is stored locally in the app, not uploaded. If the number has been provided, it is shared with the Public Health Authority if the person gets a close contact alert. This setting is opt-in: members of the public can decide at any time to add or remove their phone number. The number is only used by the Contact Tracing Center to call the person to give advice and to refer them for a test if appropriate. The app does not require a user’s phone number to send an exposure notification.

Is the App Open Source?

  • Yes, the apps are built on the COVID Green Open Source project, created by NearForm and donated to the Linux Foundation Public Health organisation by Ireland’s Health Service Executive.
  • An individual PHA’s App does not need to be Open Source itself, but it starts with the COVID Green solution.
  • However we strongly recommend that PHA’s do Open Source their code in order to build user trust.

Can opt-in anonymized in-app analytics be provided to the PHA?

Yes, as long as it complies with the data protection regulations in the jurisdiction.

Can the PHA push out news updates?

Yes, but the specification of how that is to be done must be clarified up-front.

Is the app interoperable with COVID apps of other States and countries?

Yes, it can interoperate on a case-by-case basis with apps of other States and countries, provided that the other app has also been built using the GAEN framework. The NearForm app also supports the APHL national server and will soon support the upcoming EU interoperability gateway service.

Can the app integrate with the contact tracing management system of the public health authority?

Yes, but the specification of how that is to be done must be clarified up-front.

Can the app integrate with disease surveillance and lab reporting systems?

Yes, but the specification of how that is to be done must be clarified up-front.

Does the app contain any advertising?

No.

Does the app have any tracking via systems like Google Analytics?

No.

How will the app affect users’ phones?

  • There is a minor drain on battery but no other noticeable impact. The battery usage is much less than e.g. using Bluetooth headphones
  • The stored keys take up a tiny amount of phone storage
  • Key upload/download is very low bandwidth. Google states that 14 days’ worth of daily keys for 100,000 COVID-positive people takes up 22.4 MB

What systems is it available on?

  • Available on iPhones with iOS 13.5+ (iPhone 6 Plus or newer)
  • And Android phones running Android 6.0 and higher
  • Covers 80% market share in United States and Europe of phones bought in the past 4 years.

How is the app implemented?

  • The mobile app is implemented in React Native for compatibility with both iOS and Android.
  • The back-end code is written in Node.js and uses the Fastify.js web framework created by members of the NearForm team.

Where is the back-end of the solution hosted?

Hosting is on Amazon AWS by default, in an appropriate region for the customer. Other hosting options are available for additional cost and with extended development time.

What AWS services does the app use?

The Apps use an extensive range of AWS services including, but not limited to: API Gateway, Lambda Functions, ECS Fargate, SNS/SQS, RDS Aurora Postgres, Cloudwatch, AWS Shield, CloudTrail, ECR, Route 53, ALB, KMS, Secrets Manager, WAF, Parameter Store, NAT Gateway, Compute Service

Does this app require a specific user uptake level to be effective?

  • The widely mis-quoted 60% figure from Oxford was based on suppressing the virus entirely if nothing else was done e.g. if no manual contact tracing was carried out.
  • The same Oxford team now reports that 15% is valuable.
  • The App is also highly effective among clusters of people who interact regularly e.g. friends, regardless of general percentage.
  • See MIT Technology Review and LFPH article for best explanation of this

Will this app have any” false positives” i.e. will it send out messages to people who haven’t been in direct contact?

  • It is possible for a small number of “false positives” to happen, but these numbers will be tiny compared to the number of “real” exposure notifications. For example, it is possible that two people stuck in traffic within 2 metres of each other for 15 minutes would be deemed to be in “close contact” but we know that those people will not have transmitted the virus to each other. The situations where this may arise are rare and consist of only a small proportion of the total exposure notifications.
  • There is a minimum threshold for notification based on distance and time (the threshold can be determined by PHA).
  • To detect distance, the signal strength of Bluetooth between phones is measured.
  • Both Google and Apple are doing extensive testing on different devices to make the distance estimation as accurate as possible whilst not impinging on privacy.

How does this app protect against trolling?

  • People entering a positive diagnosis when they have not received one is not possible on apps developed by NearForm.
  • NearForm’s approach means that only individuals who have had a positive COVID-19 test and have received a unique one-time short-lived authorization code from a Contact Tracing Center (CTC), can upload their diagnosis keys.

Which jurisdictions are using the NearForm solution?

  • NearForm started by building the Republic of Ireland contact tracing app – still the most successful launch of an ENS app globally
  • NearForm has also recently launched in Northern Ireland, Scotland and Gibraltar
  • The US States of New York, New Jersey, Pennsylvania and Delaware are now live
  • Several other US States will go live soon too

How does this app deal with borders? Is it compatible with apps in other countries and apps run by different developers?

  • All of us are coming together to fight COVID-19. We live in a global world – interoperability is vital
  • NearForm created the world’s first pair of interoperable inter-jurisdictional apps between the Republic of Ireland and Northern Ireland
  • In the US, the Association of Public Health Laboratories (APHL) provides an interoperability server – ensuring that the exposure notification service works across state lines
  • In Europe, the EU is in the process of launching an interoperability server. NearForm is involved in testing this service and will be implementing it on completion. Until then, interoperability is done country-by-country.
  • Outside of the US and the EU, NearForm apps can be integrated with any other application developed using the Google/Apple ENS provided that the respective countries agree on the collaboration.

Does the App follow accessibility best practices?

Yes the app has had extensive accessibility testing including input from the National Council for the Blind Ireland and The Paciello Group.

How will this app help the elderly, since they are the most vulnerable but may not be using mobile devices? What about other social groups with restricted technology access?

  • This is an issue for States, PHAs, Apple and Google
  • One option is for states or mobile operators to provide free/subsidized devices to the elderly. Once the app is installed and activated, the only ongoing action necessary is to keep the phone on and charged
  • There are also initiatives underway to provide compatible contact tracing functionality using wearables, which may be appropriate for some people
  • It should be noted that smartphone penetration in the US amongst those aged 55+ is over 70% and in Germany for those over 70 is still 65%+

Shouldn’t kids have access to the app as they return to school and are at the greatest risk?

This is an issue for each jurisdiction and depends on the local laws. Northern Ireland has just announced that children will be legally allowed to install and use a dedicated app.

How many languages are available?

  • The Irish App launched with two languages and just launched Portuguese
  • Some of our US Apps will launch with five languages
  • We can support any number of languages including right to left such as Chinese and Hebrew
  • The goal is for all of NearForm’s apps to be available in all widely-used languages in their territories. Accessibility is essential to exposure notification apps

Who is NearForm?

  • NearForm is a global business with employees in over twenty countries.
  • It provides accelerated solution delivery to clients globally.
  • It consists of teams of industry experts who get projects up and running quickly and smoothly.
  • We have delivered over 150 major Enterprise Web and Mobile applications since our founding in 2011.

Can NearForm provide on-going support until such time as the App is not needed by the public health authority?

Yes, it is part of our standard offering.

What level of technical support does NearForm offer?

NearForm offers what’s known as “Level 2+” technical support to our customers. This means that the PHA (or their nominated provider) provides instruction and assistance directly to the individual users. NearForm then provides more advanced support to the PHA or their provider for problems that cannot easily be fixed or that require access to the software codebase.

Will NearForm keep the application up to date with new releases from Google and Apple?

Yes, if a customer has a technical support contact with NearForm, this includes the services required to update the app in tandem with new operating system updates from Google and Apple.