hrfee
/
cw1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add nhsx v apple/google api comparison 

might be useful for Australia, as they released an app using their own
tech so comparisons could be made to nhsx tech.
This commit is contained in:
Harvey Tindall 2021-10-13 16:23:52 +01:00
parent 1eb60e5815
commit 4aa94ef95b
Signed by: hrfee
GPG Key ID: BBC65952848FB1A2
2 changed files with 44 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
nhs-v-google-apple.md Normal file
View File

@ -0,0 +1,40 @@
# Original NHSx app vs Post-may Apple/Google API-based app
* NHSx app builds a database of significant contacts (<2 metres for at least 15 mins) who can be alerted if the user reports symptoms (presumably a positive test, too) (from [independent](https://www.independent.co.uk/news/uk/home-news/coronavirus-app-nhs-contact-tracing-cyber-attack-hack-a9500401.html))
* Users could be notified of false positive if this was found out later
* NHSx uses a centralised model (FIXME: Find decent source and explanation!)
* A centralised server figures out the matching process
* Phone has a unique key thats sent to other devices that come in contact
* If the user logs positive, device tells server their key is positive
* Other device asks NHS server if any device keys it's received are positive (**here, the server checks for matches**)
* If the key is found to have logged positive, the user is alerted
* The server knowing if your key has come into contact with someone could pose a risk of tracking by gov/hackers
* Could make tracking outbreaks on a national scale easier
* App connected to NHS account
* Battery-saving features on phones (especially iPhones) could pose a challenge to keeping the service running 24/7 on the device
* Even if not, Apple claimed NHSx solution would be less power-efficient
* Apple/Google uses a semi-decentralized model (good ass diagram [here](https://www.bbc.co.uk/news/technology-52263244))
* Uses BLE to reduce power usage
* No NHS account, name or details need to be given
* When two phones meet, a unique key is created and exhanged between them
* When one logs a positive, the user agrees to upload the key to a central database
* All other phones regularly download the central database, and then check (**matches are searched for on-device**) for any keys they have received from other devices
* If the key is in the db, the user is alerted, but the central server does not know about the match.
### Similar between the two
* Risk of high false-positives/Self-certification being used maliciously
* This was more of a concern when the apps were in development, as conveninent testing (LFD) was not easily available so self-cert was the most likely way to log "positive" on the app

6
timeline.md
View File

@ -1,10 +1,12 @@
# (Rough) Timeline of events related to the NHS Covid-19 App
* 12 April: Gov announces app is being tested at Downing St. Press conference ([article](https://www.theguardian.com/politics/2020/apr/12/uk-app-to-track-coronavirus-spread-to-be-launched)/[recording](https://www.youtube.com/watch?v=L4Kjbw8i8BQ))
* 22 April: App starts being tested on an RAF base in North Yorkshire ([link](https://www.bbc.co.uk/news/technology-52381103))
* 27 April: NHS rejects Apple/Google API ([link](https://www.bbc.co.uk/news/technology-52441428))
* 4 (5th?) May: Contact tracing app starts being tested on the Isle of Wight of both proprietary NHSX technology and Apple/Google API ([link](https://techcrunch.com/2020/05/05/nhs-covid-19-the-uks-coronavirus-contacts-tracing-app-explained/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAAsSPjPMG9k_WL4BhU1LS4wzZC0Lh1qv0-8dvOGL6fyPciViqmWzD_m2C9HZK_uAmppeNrLfxBQH0VRUPB9Hmaf_ua40wRE2urFQB_e3ONFgu7pJHr-D0xNNJOBWx5ZvZ2gFJgThdGKrt9t-zKo1N_3ezAkMxnxtMDhw0It-ujAd))
* NHSX tech only registered 75% of Android & 4% of Apple devices, Apple/Google got 99% of each ([link](https://www.digitalhealth.net/2020/06/government-abandons-contact-tracing-app-for-apple-and-googles-tech/))
* Apple/Google APIs are generally seen as more privacy-sensitive
* Apple/Google APIs are generally seen as more privacy-sensitive, and are interoperable with each other
* 21 May: Apple/Google release their APIs ([link](https://www.digitalhealth.net/2020/05/google-apple-contact-tracing-software-release/))
* Sometime in May: NHSX tech abandoned for Apple/Google APIs
* 13 Aug: Trial of new app in Isle of Wight + Volunteers elsewhere (and in Newham, apparently) ([link](https://www.digitalhealth.net/2020/08/covid-19-new-trial-nhs-contact-tracing-app/))
* Seems to be first time QR check-in was added