England and Wales’ contact-tracing app, NHS COVID-19, faced a number of criticisms when it launched last month. Currently, it’s not interoperable with the Protect Scotland contact-tracing app, nor Northern Ireland’s StopCOVID NI. The Bluetooth Low Energy 4 technology required to run the app means it’s incompatible with older smartphone models, and a number of users have reported receiving false alerts.

Implementation issues aside, what is the technology behind the app and how important a role will it play in the UK’s ongoing struggle to bring the coronavirus pandemic under control? Only time will answer the second question, but Zühlke Engineering has been responsible for developing and refining the technical details of the UK’s contact tracing app.

The company worked with NHS X to develop the software, starting with the now-scrapped version from the initial Isle of Wight contact-tracing trial, and Zühlke UK CEO Wolfgang Emmerich says he’s proud of what they’ve achieved.

Medical Device Network caught up with Emmerich to learn more about the app’s development process, interoperability across the four nations and how to help users feel confident that their privacy is being protected.

Chloe Kent: How did Zühlke support the development of the NHS COVID-19 app?

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Medical Device Network.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Wolfgang Emmerich: Back in March, we were asked by NHS X to provide independent technical oversight of the development of the first app. We made sure that the app would work as well as it could, but ultimately there were restrictions in the iOS operating system that meant it wasn’t really possible to have that first app out in public as a medical device. It wasn’t really working reliably enough, particularly when the app was running in the background or the phone was asleep, then it wouldn’t pick up any contact-traces. So, we recommended to the Secretary of State that the programme do a pivot and develop a new app based on the then-emergent Google and Apple primitives, and we were then asked to actually undertake that development.

We stood up a team of about 70 consultants and engineers to build the second app toward the end of June and we released it at the end of September. We had about seven weeks or so to build the trial that went out in the Isle of Wight, another week and we added a few languages and put it out in Newham, and then we had two or three weeks to incorporate the feedback that we learned to then prepare for a national launch. There were other companies working on it too, of course. Accenture provided independent assurance of our app and ran the programme office. A New Zealand company called Rush provided the software that produced the venue-based contact-tracing QR codes that people now put up in their venues.

CK: How much of an impact do you think contact-tracing apps could have on the pandemic?

WE: [Alan Turing Institute defence and security programme director] Mark Briers and his team recently published a paper in the Lancet about this. What they did was really, systematically analyse the impact that the first app had on the Isle of Wight trial. They concluded that the app, together with more available testing and manual contact tracing, reduced the R-rate on the Isle of Wight from 1.3 to 0.5, effectively stopping the epidemic on the island.

We have reason to believe that our app that’s out now is more effective than the first app, as we found that the first app had missed a number of exposures, and therefore I think it will make a difference. But it might take some time.

CK: Currently, the UK has three contact tracing apps which aren’t all compatible across borders – what’s being done to help make them work together?

WE: All apps within the four nations are based on the same operating system primitives, so at a network level and a Bluetooth level they are already interoperable. The problem is that in order for us to notify an exposure that happened across the border we would need to know about all the positive test results in Scotland and in Northern Ireland, and that involves different public health authorities. Currently, the Northern Irish test results are actually made interoperable with the Scottish ones through an interoperability server that’s based in Ireland, so it involves crossing multiple GDPR jurisdictions. But technically, it’s actually very easy to make them interoperable.

What we’re doing right now is setting up a repository of all the known test results that services in Northern Ireland, Scotland, England and Wales can read from and write to, where the public health authorities and test labs can deposit their results so that the apps can then notify people of exposures. That process is ongoing and I can’t comment as to when it will be complete, but it won’t be long. But that’s the way it is, it’s basically a result of the direct consequence of devolved administrations.

CK: How is user privacy protected within the app?

WE: The key principle we have applied is privacy by design. What we mean by that is that no sensitive data ever leaves the phone. This is a marked difference to approaches other countries have taken, such as in France and Singapore, where the details about who you’ve been exposed to are stored and managed centrally on a government server – this is also the key difference between the first app and the second app. Instead, we only associate Bluetooth IDs with positive or negative test cases and then tell all the apps that are out there about the new positive cases so that they can then check, ‘is this somebody I’ve seen?’

We do have a little bit of management information, we ask people for their postcode district when they log in, but those postcode districts are so large that it’s not actually possible to individualise people and reverse-engineer who they might have been. We have a little bit of information as to where positive test results are by postcode district level and where exposure notifications occur, but we don’t know individually who has tested positive.

It is important that this assertion is independently verified, so what we’ve done and what we’re continuing to do is upload every release to a public NHS X source code repository, so that it can be independently scrutinised.

CK: What do you think can be done to help people feel confident that their privacy is safe using the app?

WE: We take this very, very seriously. We worked very closely with the Information Commissioner’s Office (ICO), and there is actually a very encouraging blog post from [UK information commissioner] Elizabeth Denham saying that her concerns about the app were all addressed. Now, it’s not very easy to please them.

One of the things that she and her office were concerned about was that if people were in an abusive relationship, the app basically keeps a diary of where you’ve been. If you go to ‘Manage my data’ in the ‘About this app’ section, you’ll see a diary of where you’ve checked in. While that data never leaves the phone, if you are in an abusive relationship it might be that your abuser has access to your phone and then sees where you’ve been. Following her advice, we built features so that people can control what data they keep in their diary and what data they delete, so if there is a person who doesn’t want to show that they’ve checked into a particular bar, for whatever reason, they can delete that information.

Sign up for our daily news round-up!

Give your business an edge with our leading industry insights.

Sign up