<a href="https://github.com/nhsx/COVID-19-app-Android-BETA/blob/master/app/src/main/java/uk/nhs/nhsx/sonar/android/app/ble/Scanner.kt" rel="nofollow">https://github.com/nhsx/COVID-19-app-Android-BETA/blob/maste...</a> appears to be looking for Apple devices to wake them back up.
Can someone clearly explain the actual privacy risks of the centralised model (that UK Govt is pursuing) over the decentralised model?<p>My understanding is that in reporting our unique identifiers (and location data?) to the govt servers, this data could be de-anonymised and misused. But what data is actually being reported and how could it be misused?
Having perused their Github, I noted the database for x-rays and scans.<p><TinFoilHat>This is being run in 'partnership' with a relative non-entity, who in turn have links to a private American medical company.<p>Not sure I'm happy with private NHS medical records being slurped up in this way - unless consent is expressly given - which, based on their website that 'anonymizes' uploaded imagery, I guess we'll never know for sure.</TinFoilHat><p>Good to see the code for both the iOS and Android clients being posted, as this should prove if these clients can ultimately be trusted.
I think I would feel much better about this if it was accompanied by a legally binding declaration that the only entity that will ever have access to these data will be NHS, explicitly excluding any other government intelligence agency.<p>This is not a stab against the people who developed it, in fact I know some of the people involved in the development of the application and they have the highest ethical standards.<p>The problem is that in the post-Snowden era, no matter the good intentions behind such projects it is naive to not ask for as many safeguards as we possibly can.
ACCESS_FINE_LOCATION is an immediate red flag. Yikes.. that's gonna be a no from me.<p><a href="https://github.com/nhsx/COVID-19-app-Android-BETA/blob/43a167f8dba422fd9001b64f9c4fd82275abb1c8/app/src/main/AndroidManifest.xml" rel="nofollow">https://github.com/nhsx/COVID-19-app-Android-BETA/blob/43a16...</a>
It looks like they are using beacons that are the same for 1 day. I think the google/apple version uses beacons that last until the bluetooth MAC address changes which I think is 15 minutes on iOS. So you can setup bluetooth devices around the city to track people's movements who are using this app.