# Covid-19 tracker app



## Spinney (3 Apr 2020)

App to report symptoms, or lack thereof, daily.
https://covid.joinzoe.com/
The link was sent to me via a medical study I took part in a few years ago, linked to blood donation. So I think it's legit research that could help gather data that might help formulate an exit strategy.
For the privacy-aware...You have to input an email, and they want stuff like height/weight etc, and your postcode - but the first half of the postcode is enough. They ask for name and phone number, but these are optional.


----------



## sleuthey (3 Apr 2020)

We already have a thread for this app and topic raised 26 Mar

https://www.cyclechat.net/threads/corona-virus-monitoring-app.258803/


----------



## mjr (3 Apr 2020)

Spinney said:


> For the privacy-aware...You have to input an email, and they want stuff like height/weight etc, and your postcode - but the first half of the postcode is enough. They ask for name and phone number, but these are optional.


Now look at the permissions it wants. Then factory-reset your phone as the only way to be sure you got rid of it!


----------



## Ming the Merciless (3 Apr 2020)

It’s a hacker leave it well alone.


----------



## mjr (3 Apr 2020)

YukonBoy said:


> It’s a hacker leave it well alone.


We basically don't know whether it is or not. It's unverifiable so I'd treat it with caution. Mistakenly not installing a clean app is less harm than mistakenly installing a dirty one.

Or has there been news of a discovery?


----------



## Ming the Merciless (3 Apr 2020)

mjr said:


> We basically don't know whether it is or not. It's unverifiable so I'd treat it with caution. Mistakenly not installing a clean app is less harm than mistakenly installing a dirty one.
> 
> Or has there been news of a discovery?



There’s been news in the cyber security circles but I can’t find the link. Basically it’s doing stuff it shouldn’t be. So leave well alone.


----------



## Pat "5mph" (3 Apr 2020)

*Mod Note:*
Leaving this duplicate thread for the moment, for better exposure of the OP.
Cheers!


----------



## icowden (3 Apr 2020)

It's up to you. From what I can see it is a genuine app created by Kings College Hospital in collaboration with Guys and St Thomas. 
It's essentially a questionnaire. It does collect a lot of personal data (height, weight, postcode, health conditions) and if you are not feeling well captures your symptoms.

It does not ask for any permissions on your phone (Android) and you don't have to give your full phone number or postcode. What data you supply is up to you.
As to whether it is unverifiable, it has been reported as genuine by major news outlets, wired, and is listed on the website for Kings College Hospital:-

kcl.ac.uk/news/loss-of-smell-and-taste-a-key-symptom-for-covid-19-cases

Major problem with it is that you have to create a login and it can be difficult to recover your login if you forget your password. I suspect that the reach of the app is now far greater than they anticipated.


----------



## mjr (3 Apr 2020)

icowden said:


> It's up to you. From what I can see it is a genuine app created by Kings College Hospital in collaboration with Guys and St Thomas.


And ZOE Global Ltd which is "a nutritional science company [...] backed by investors and entrepreneurs who have built multi-billion dollar technology companies". Who are they?



> It does not ask for any permissions on your phone (Android) [...]


That's not what its app store listing says! Most of the more outrageous permissions demanded by previous versions (such as reconfiguring your phone and recording video) have gone in the current version, but it's still asking for permissions that it has no obvious reason to have.

And note that their privacy policy says that they'll pass your data to Amazon, Google, SurveyMonkey, Segment, Mixpanel, MailChimp, Mailgun, Intercom, Sentry and SwiftyBeaver for processing. They say they have a contract saying those companies shouldn't do anything naughty with it, but remember you're not a party to that contract so you get no compensation if they do! And they'll pass anonymised copies of the data to Harvard University, Stanford University, Massachusetts General Hospital, Tufts University, Berkeley University, Nottingham University, University of Trento and Lundt University - have you checked all of their privacy policies too?


> As to whether it is unverifiable, it has been reported as genuine by major news outlets, wired, and is listed on the website for Kings College Hospital:-
> 
> kcl.ac.uk/news/loss-of-smell-and-taste-a-key-symptom-for-covid-19-cases


I don't see the source code there or on any of the other pages, which means it is unverifiable. That app could have any sort of jack-in-the-box or easter eggs in it. Most news outlets can't tell the difference between a security risk and their elbows.


----------



## classic33 (3 Apr 2020)

mjr said:


> And ZOE Global Ltd which is "a nutritional science company [...] backed by investors and entrepreneurs who have built multi-billion dollar technology companies". Who are they?
> 
> 
> That's not what its app store listing says! Most of the more outrageous permissions demanded by previous versions (such as reconfiguring your phone and recording video) have gone in the current version, but it's still asking for permissions that it has no obvious reason to have.
> ...


You don't like it, don't use it.


----------



## mjr (3 Apr 2020)

classic33 said:


> You don't like it, don't use it.


I won't, and I'll keep warning people against the recommendations to surrender your privacy.


----------



## icowden (6 Apr 2020)

mjr said:


> That's not what its app store listing says! Most of the more outrageous permissions demanded by previous versions (such as reconfiguring your phone and recording video) have gone in the current version, but it's still asking for permissions that it has no obvious reason to have.



It's almost as if it has been developed in a hurry to help with a global virus pandemic.



> And note that their privacy policy says that they'll pass your data to Amazon, Google, SurveyMonkey, Segment, Mixpanel, MailChimp, Mailgun, Intercom, Sentry and SwiftyBeaver for processing. They say they have a contract saying those companies shouldn't do anything naughty with it, but remember you're not a party to that contract so you get no compensation if they do!



No it doesn't say anything of the sort. It says that they use third party processors in that list to process data and have confidentiality arrangements in place with them. This follows standard NHS record keeping guidance.



> And they'll pass anonymised copies of the data to Harvard University, Stanford University, Massachusetts General Hospital, Tufts University, Berkeley University, Nottingham University, University of Trento and Lundt University - have you checked all of their privacy policies too?



Nope. But I will evince a complete lack of surprise that a rich fully anonymised medical dataset used to help with the COVID-19 pandemic is being shared with various university hospitals in order to make best use of the data, again following NHS record keeping guidance.



> I don't see the source code there or on any of the other pages, which means it is unverifiable.



How are you even posting to this website? Have you seen the full source code for all of the software on the machine you are using? The app was very clearly designed as part of the Twins programme by Kings College Hospital in partnership with the BioMedical Research at Guys and St Thomas and in partnership with ZOE Global who are the tech company that built the app, what with hospitals tending to have more doctors than IT people. It is therefore very unlikely to contain malware, jack in the boxes, spinning tops, twin peaks, portals to other dimensions etc. If you don't want to use it don't, but it hasn't been created by a global cartel who will find out how you are feeling today in order to take over your body.

There are a few questions around it, but these tend to be on the outer edges of ethical concerns rather than the app being about to eat your phone:

https://www.techworld.com/security/privacy-concerns-raised-by-covid-19-symptom-checking-app-3785292/[/QUOTE][/QUOTE]


----------



## mjr (6 Apr 2020)

icowden said:


> It's almost as if it has been developed in a hurry to help with a global virus pandemic.


Oh well that excuses all the mistakes and imperfections of course(!) I'm sure their solution to the pandemic will be absolutely robust despite being in a hurry(!)



icowden said:


> [...] How are you even posting to this website? Have you seen the full source code for all of the software on the machine you are using?


Yes, I have access to the full source code - and being a developer, I can change and rebuild large parts of it (although I don't do that very often because it takes a long time) while the other parts in languages I don't speak have been reviewed and signed by actual real people that I trust.



> in partnership with ZOE Global who are the tech company that built the app, what with hospitals tending to have more doctors than IT people. It is therefore very unlikely to contain malware, jack in the boxes, spinning tops, twin peaks, portals to other dimensions etc.


What's the "therefore" there? Do you think it's very unlikely because they're a tech company? Oh that's great reasoning because no tech company has ever done dodgy stuff 

Malware and jack-in-the-box are real terms. Putting them next to terms you made up makes you look ridiculous.



> If you don't want to use it don't, but it hasn't been created by a global cartel who will find out how you are feeling today in order to take over your body.


Of course, I am far more concerned that it will take over my phone than my body. My body does not yet have an IP address.



> There are a few questions around it, but these tend to be on the outer edges of ethical concerns rather than the app being about to eat your phone:
> https://www.techworld.com/security/privacy-concerns-raised-by-covid-19-symptom-checking-app-3785292/


Journalists are only just scratching the surface timidly, probably because their publications need to sell shoot to readers, whereas asking the more serious questions gets the above sort of hostile response from those who don't practise safe computing.


----------



## Yellow Fang (6 Jun 2020)

Is it possible to download the British app yet? I tried to download it on my phone, found a couple of international covid trackers but not the NHS tracker. When I tried looking for it on the internet, I found some code on github, but it was only a beta version anyway. How complicated is this app? Why isn't it ready already? Don't we have any good coders in this country?


----------



## classic33 (6 Jun 2020)

Links to the download available here
https://www.nhsx.nhs.uk/blogs/code-behind-nhs-covid-19-app/


----------



## newfhouse (6 Jun 2020)

classic33 said:


> Links to the download available here
> https://www.nhsx.nhs.uk/blogs/code-behind-nhs-covid-19-app/


There have been no meaningful commits to github for over a month. You still can’t download a working app, even if you want to.


----------



## mjr (7 Jun 2020)

classic33 said:


> Links to the download available here
> https://www.nhsx.nhs.uk/blogs/code-behind-nhs-covid-19-app/


That looks like the NHSX tracer app, not the ZOE tracker one discussed in this thread.


----------



## Yellow Fang (18 Jun 2020)

Sounds like the NHS tracker has been abandoned because they can't get it to work. We're going to gp with the Apple/Android app instead. Incredible. How complex can this app be? Don't we have any top notch software contractors in this country? I read somewhere it was iPhones they couldn't get the software to work with. Absolutely no surprise there.


----------



## mjr (19 Jun 2020)

Yellow Fang said:


> Sounds like the NHS tracker has been abandoned because they can't get it to work. We're going to gp with the Apple/Android app instead. Incredible. How complex can this app be? Don't we have any top notch software contractors in this country? I read somewhere it was iPhones they couldn't get the software to work with. Absolutely no surprise there.


The symptom tracker discussed in this thread is still live, sadly. The contact tracker has indeed been switched, as we're discussing in https://www.cyclechat.net/posts/6039632/


----------



## Drago (19 Jun 2020)

classic33 said:


> You don't like it, don't use it.


I certainly won't be buying a smartphone!


----------



## classic33 (19 Jun 2020)

Drago said:


> I certainly won't be buying a smartphone!


That'd be one way of not using it.


----------

