Checking in to locations

[jagoosw]

I have several questions/issues about the location check in with QR codes.

1. I can't seem to find the exact wording from Apple/Google on their no location tracking condition for using the API but this would seem to violate it.
2. If the app works as intended the location checkin is redundant and just collects more unnecessary data on users.
3. If checkins are actually being factored into working out contacts (which I suspect is not actually the case) then, since it doesn't check you out and you don't (or at least shouldn't for the sake of privacy) be told where you had contact, then theres got to be a pretty high chance that you could be told you've had contact when in fact you left a host many many hours before.

I think that the checkin feature is highly problematic and seems to undermine the premise of the app and the privacy principles that the API was designed upon. The only semi logical explanation is that the app actually doesn't use the checkins for anything and they're there just to prompt people to get the app so they don't have to manually sign into places anymore.

Also, seconding the request for source code because without it there can be no trust in the privacy of the system.

[paulchambers]

(Nothing to do with the project just another member of the public.)

The Google/Apple terms are that you can't use location APIs alongside the EN APIs.

https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ExposureNotification-FAQv1.2.pdf

It complies with the letter of that and probably the spirit as the QR check-ins never leave your device so your location is not leaked via them.

The app has been approved by both Google and Apple so hopefully they are fine with it.

The DPIA and the architecture guidebook give a good look at their motivations and choices.

https://www.gov.uk/government/publications/nhs-covid-19-app-privacy-information/the-nhs-test-and-trace-app-early-adopter-trial-august-2020-data-protection-impact-assessment

https://github.com/nhsx/covid19-app-system-public/blob/master/doc/architecture/ag-architecture-guidebook.md

[DMBryant]

I suppose the QR codes are just a simple way for your app to record all the people at a location that are NOT using the app. If one of those people get a positive test result you will still be notified.

Obviously it doesn't take into account the size of the venue or your proximity to other people but what else can you do.

[nhs-covid19]

Thanks for your interest in the NHS Covid-19 project. The Apple EN API License Addendum is located at https://developer.apple.com/contact/request/download/Exposure_Notification_Addendum.pdf and does prohibit the use of GPS or other device capability to detect location. As @paulchambers mentions, the QR code information is controlled entirely by the device, and never leaves it. The determination of whether a device has been in a location of note is handled on-device, in much the same way as Exposure keys are handled and compared in the EN API. Details of the information downloaded regarding locations is available at https://github.com/nhsx/covid19-app-system-public/blob/master/doc/architecture/api-contracts/risky-venue-distribution.md Please see #2 regarding availability of the source code