U.K. Concedes Trial Track-and-Trace App Has Security Flaws
(Bloomberg) -- The U.K. government’s cybersecurity center has confirmed that the test version of its coronavirus track-and-trace app contains flaws that could leave it vulnerable to attack, and pledged to fix them before the app is released more widely.
The app, vital to helping to get Britain out of lockdown, is currently being trialled on the Isle of Wight, off England’s South Coast. It was supposed to be live nationally from the middle of May, but is now said to be “weeks” away.
In a blogpost, Ian Levy, Technical Director at the National CyberSecurity Center, acknowledged that there were “some weaknesses” in the way people sign up for the app, and said this was the result of a “conscious decision” to get a trial version up and running quickly.
“The app is a work in progress, and future versions will have all these issues fixed,” Levy wrote.
However, the main criticism of the app, which Levy didn’t address, is that the U.K. has opted for a “centralized” model, where people who test positive for coronavirus upload all their recent contacts to a database, and those people are then contacted and warned. This allows the National Health Service to gather more information about how the virus is spreading, but it has privacy risks.
It also means moving away from the model preferred by Apple Inc. and Alphabet Inc.’s Google, and that could mean the app works less well on phones using the companies’ operating systems.
©2020 Bloomberg L.P.