Security News > 2020 > April > UK snubs Apple-Google coronavirus app API, insists on British control of data, promises to protect privacy

The UK has decided to break with growing international consensus and insist its upcoming coronavirus contact-tracing app is run through centralised British servers - rather than follow the decentralized Apple-Google approach.

Within the details over how it would work, the memo revealed the NHS and UK government reckon the contact-tracing protocols built by Apple and Google protect user privacy under advisement only.

If someone is found to have COVID-19, they can authorise the release of their phone's IDs to a decentralized set of databases managed by healthcare providers, and if another user's phone recognizes those IDs in the databases - ie: they were close to them recently - they are alerted to the fact by apps that plug into the API. This particular approach is designed to ensure no one can use it to track individuals: Apple and Google reckon their cryptography-based protocol will make it difficult for governments and miscreants to monitor people - certainly Apple and Google will be none the wiser.

"You will always be able to delete the app and all associated data whenever you want. We will always comply with the law around the use of your data, including the Data Protection Act and will explain how we intend to use it."

"We will be totally open and transparent about your choices in the app and what they mean. If we make any changes to how the app works over time, we will explain in plain English why those changes were made and what they mean for you. Your privacy is crucial to the NHS, and so while these are unusual times, we are acutely aware of our obligations to you."

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/04/28/uk_coronavirus_google_apple_api/