NHS Covid-19 app sent false alerts to users about their region’s risk level
Users of the state coronavirus app in England and Wales were alarmed to see their region’s risk level fluctuate from nowhere on Friday in what turned out to be a technical glitch, the Guardian reports. As if someone needed more stress this year.
The Department of Health and Social Affairs said on Saturday that the bug affected updates to the app’s postcode alert system and had since been resolved.
“We are aware of an issue that impacted postcode alert updates for some app users tonight,” a spokesperson for the agency said at the point of sale. “This issue was identified and resolved in less than an hour and users’ phones will automatically update to display the appropriate local alert level for their area, with further instructions.”
It’s far from the app’s first problem, however. In the few weeks after it went live across the UK, the National Health Service’s contact tracing application was an absolute shitshow. A bug at launch prevented users from downloading their covid-19 test results (which is crucial for tracking the spread of the virus), and several users reported receiving notifications warning them of a possible exposure only so that the message disappears when they try to verify that.
Several users in England and Wales posted to Twitter on Friday that they had received confusing notifications from the app that contradicted official government reports. Users living in Walsall and Wakefield reported that they had received alerts indicating that the level of risk in their respective area had risen to medium, i.e. only national restrictions regarding picking sizes, office hours and face masks are applied. But according to government guidelines found online, both areas are still classified as high risk, a distinction for regions with higher infection levels that have more onerous restrictions, especially when it comes to socializing (the households are not allowed to organize gatherings of any size indoors, for example.).
In London, where additional lock restrictions went into effect at midnight on Friday and the alert level was changed from medium to high, users said the app alert level for the area remained unchanged. Stranger still, one user said his app showed he was in a high and medium risk area simultaneously, the Guardian reports.
Although the Department of Health and Social Affairs has not disclosed the number of users affected by this bug, an expert said Sky News that as many as 4 million people may have received false notifications. Jeremy Place, an information security specialist, said he was monitoring the app when the problem occurred and it was almost certainly a “big finger error” linked to a recent update of app alert levels. (Previously the app levels were low, medium, and high, but since then they’ve grown to medium, high, and super high to match the new level system.)
Place said a blank file was accidentally sent to users instead of an actual alert level update as part of this recently revised system.
“I was monitoring changes to the app to see if they addressed any of the issues that had been raised about the confused risk level messages,” he told the outlet. “I noticed that the file was empty starting at 6:21 pm for about an hour.”
Any phone that received this empty file probably reverted to the old application system, causing an incorrect notification that the risk level had changed in a user’s area.
The UK’s road to developing a contact tracing app has been a complicated mess, so it’s no wonder that the app itself is also plagued by problems. After months of trying and failing to develop its own app, the UK Department of Health and Welfare finally threw in the towel in June and announced that it was switching to Google and Apple’s API after discovering several “challenges” while testing the app.
Previously, UK officials refused to accept privacy requests from users of tech giants and had decided to create their own API from scratch which, unlike Google and Apple, would not require storing user contact information locally on those users’ phones as a compromise to expand Bluetooth capabilities. However, not only did the solution they found not work, it was probably illegal to start. Due to tThe way the app was designed, it could potentially exchange identifying information with third parties without users’ knowledge or consent, which is a clear violation of the European General Data Protection Regulation.
So i mean i guess is it an improvement? Although not much, of course.