Apple and Google partnered to provide APIs to health authorities for contact tracing to prevent transmission of COVID-19. However, both companies have blocked an update of the NHS Covid-19 app in the UK due to a breach of privacy rules. BBC reports that the app will ask the users to log in to their location check-ins via scanning poster barcodes and if they test positive, their location data will be shared with others.
This feature to share users’ precise location has been strictly banned by both tech companies due to users’ privacy and safety concerns. In addition, the app is being updated at a time when UK is about to ease down lockdown restrictions after a nationwide COVID-19 vaccination drive.
UK’s National Health Service app breaches Apple and Google privacy terms
Users of the NHS COVID-19 app had been scanning QR codes on entering restaurants, shops, and other places to list down their visited locations but that data was never shared with others. And now, the update was seeking to use location-based APIs, collect devices’ information to identify users’ precise location, and share with others by asking users’ who test positive of the virus if they would opt-in to share the data of their visited places to alert others. The report states that:
Under the terms that all health authorities signed up to in order to use Apple and Google’s privacy-centric contact-tracing tech, they had to agree not to collect any location data via the software.
The tech firms’ Exposure Notifications System FAQ states that apps involved must “not share location data from the user’s device with the public health authority, Apple, or Google”.
It is said that if such an update is allowed in England, that would set a wrong precedent for others countries and they “sought changes of their own.”
As a result, Apple and Google refused to make the update available for download from their app stores last week, and have instead kept the old version live.
NHS has not shared a statement on this yet.