There has been a major U-turn from the UK Government as the current COVID-19 tracing app has since shifted to a model based on technology provided by Apple and Google. The Apple-Google design has been promoted as being more privacy-focused, which is key to ensuring compliance to the public.
Cybersecurity expert Paul Farrington, EMEA CTO at Veracode had the following to say :
“It’s an undeniable truth that public trust is paramount when it comes to rolling out the COVID-19 tracing app. With concerns that only 49% of people felt comfortable downloading the government app previously, it is great to see the Government adapting its strategy to provide a more privacy-focused solution by deploying the Apple – Google ‘Exposure Notification API’ technology. The decentralised system from Apple and Google puts confidentiality and privacy at the centre of the design, whilst offering a partnership with public health authorities around the world.
In the centralised approach with the original contact tracing app, the three tenets of security weren’t explicitly guaranteed in the design: Confidentiality, Integrity and Availability. Users had concerns about their privacy. Now, the government has accepted the advice from external security researchers by switching to the completely open-source Apple-Google initiative. When embarking on software projects, teams should always ensure that security is a key selling point of the product or service. Privacy of data influences the trust of the individual and, in this case, that’s something that is vital in the successful management of a pandemic if you want to win the hearts and the minds of the nation.”