COVID-19: THE NEW APP AND SOLVING THE CHANCELLOR'S FUNDING PROBLEM

Update 1/10/20:  Additional detail here that 'softens' the criticism a little but does not change the conclusions.

AS ORIGINALLY WRITTEN

By noon today, Monday 28th, 12.5 million people had downloaded the new NHS COVID-19 app to their phones.  The app has several functions, but it's main purpose is to send out alerts that the user of the phone has been in contact with someone who has tested positive.  The phone's user then needs to self-isolate.

Today also saw the start of the law that anyone who doesn't self-isolate when requested could be subject to a £1000 fine in the first instance, rising on subsequent occasions.

Let's assume that every user breaks an isolation alert once, and gets fined once and learns their lesson   That would be 12.5 billion pounds.  Kerching.

Real life isn't like that.  I jest.  But there are some real concerns about the app, and there's a better way to minimise the drain on the nation's finances.   

With the black cloud of a potential £1000 fine if you don't self-isolate when alerted by the app.  

Let me explain.


FALSE ALERTS

People are likely to break an isolation instruction if they do not believe they are infectious, such as would happen if they received a false alert telling them to self-isolate.

Some weeks ago, a friend I had met at an outdoor gig contacted me with the message that they might have caught COVID-19.  Disconcerting.  Should I self-isolate?  It didn't feel necessary, and indeed turned out to be a false alert.  I'm imagining receivng an alert through this app.  Just not fun.

I have been the IT Audit Manager at a Big4, and helped develop and test a multitude of bespoke systems over the years. Often at the bleeding edge, and far more sophisticated than this app.  That included Sony UK's main STN trading system and ecommerce apps.  I have seen some excellent systems, but also seen other systems that are not fit for purpose.  I can spot a dog's breakfast of a system a mile off.

Indeed it looks almost as if the NHS COVID-19 app has been designed specifically to create ghastly false alerts:

• You log into a venue, but can't log out.  If you go straight to another venue and log in there, fine.  But if you go from the venue to work or go home, the system believes you are still at the venue until midnight.  If that visit is for breakfast, say, you could overlap according to the system with anyone visiting the venue over the remainder of the day and evening.  As Paul Bernal, Associate Professor in Law at the University of East Anglia, says "This means there could potentially be a great many false alerts"

• The Bluetooth mechanism can see through walls and ceilings, such as between flats, terraced houses, semi-detached houses, rooms in university halls of residence, and hotels.  Which is where a majority of the people in this country live.  There is some form of proximity sensing in the app, according to strength of the signal.  But if you are sitting 'next to' someone the other side of the wall or ceiling, is that enough to avoid an alert if one of the people is tested positive? 

• The alert that is sent out does not tell you where or when the contact took place.  So you can't identify alerts that are clearly nonsense. Self-isolating when totally unnecessary. 
  

SECURITY CONCERNS

Actually the central system does not store your details, so nobody central can identify you and follow up whether you are self-isolating when requested.  That's an improvement on the privacy of the previous attempt at an app, but somewhat defeats the purpose.

How long is that going to last?  If Chancellor Sunak is to get his money, that 'flaw' will need to be fixed.


TALKING OF DESIGN AND TESTING FLAWS

The app allows you to record when you have had a positive test, so that your contacts can be alerted.  Unfortunately the app only allows the "pillar 2" tests carried out outside the NHS.  The "pillar 1" tests carried out within the NHS cannot yet be recorded.

All these issues implies:

• Poor design
• And/or inadequate alpha testing by the development team
• Plus inadequate beta testing with users.  Which is effectively what we are doing now.  

Though a beta test in Isle of Wight of this second iteration of the app was started in mid-August without fanfare.  For the first iteration of the app, a lot of Isle of Wight users deleted the app when they found it was more trouble than it was worth.  No news of how they found the second iteration.

I could go on.  But the flaws identified above are sufficient of themselves to show that this app is not fit for purpose.  Showstoppers of the wrong type.  As a software tester, I would pass it back with no question that it would be released.  Not something I would use in real life.

"You need to self-isolate"

Here's Paul Bernal, Associate Professor in Law at the University of East Anglia, talking about the app from these and other angles.  He echoes my analysis above, in saying "What’s more, though they’ve built it around checking in, for some reason they’ve not included a function to check out. That means you remain checked in at the venue until you check in somewhere else or midnight comes, whichever happens first. If you go for a coffee at 7am but spend the rest of the day working from home, the app considers you checked in at the café for the whole day. And so, if anything happens to trigger an alert at that café, you’ll be alerted even if it’s been 12 hours since you’d left. This means there could potentially be a great many false alerts – which brings us to the biggest problem of all..." Worth a read of his whole article.  I won't spoil his thunder as to what that problem is, but can confirm that I have mentioned it above.

LIVING WITHOUT THE APP

The app requires either:

• Operating system iOS 13.5 or higher for Apple iPhones (but not iPads)
• Android 6.0 or higher for an Android phone. 

Older smartphones are not compatible, and some people do not have a smartphone at all. 

Go to a venue without an app, then either:

• Use a smartphone to register contact details, and then order drinks/food, or
• The venue takes contact details and order at the table manually, much like they were doing before the app

I've done both since the app has been available, at venues geared up for the app, so you don't need the app to visit venues.

The app does a number of other things, but none of them are essential:

• Symptoms: check if you have coronavirus symptoms and see if you need to order a test.
• Test: helps you order a COVID-19 test if you need to, and record the result.
• Isolate: keep track of your self-isolation countdown and access relevant advice.
• Check the Infection Level in the local area, according to the first half 'outward' portion of the postcode optionally entered, e.g. SL3 

You can do those things outside the app, so you don't need the app.


DRAIN ON BATTERY

Many phone batteries die during the evening if it is not possible to recharge them.  That is how I ended up needing to check in and order manually.

I don't usually have Bluetooth switched on, so this would be necessary.  The app consumes at least an extra 5% of battery drain, we are told.  But I hear of experience suggesting that it is higher given Bluetooth has to be switched on.

I could switch Bluetooth on to just check in to venues, and then turn it off.  But that would mean losing the proximity functions.

Battery drain is another reason not to use the app.



IN CONCLUSION ABOUT THE APP

I had hoped the app would help the fight against COVID-19.  But it seems to be more trouble than it is worth, as a combination of functionality flaws and battery drain.

The app is not fit for its primary purpose, and I will not be downloading it.  For those who have already downloaded it, they should seriously consider deleting it.


SO HOW WILL CHANCELLOR SUNAK FILL THE FUNDING GAP?

We have seen that getting infections down to a very low level would substantially reduce the funding requirement.

Here's an idea for how to get there.