Users of the state coronavirus app in England and Wales were alarmed to see their area’s risk level fluctuate out of nowhere on Friday in what turned out to be a technical glitch, the Guardian reports. As if anyone needed more stress this year.
The Department of Health and Social Care said on Saturday that the bug affected updates to the app’s postcode alert system and it has since been resolved.
“We are aware of an issue which impacted updates to postcode alerts for some app users this evening,” an agency spokesperson told the outlet. “This was identified and resolved within an hour and users’ phones will automatically update to show the correct local alert level for their area, along with new guidance.”
This is far from the app’s first glitch, though. In the few weeks since it went live throughout the UK, the National Health Service’s contact-tracing app has been an absolute shitshow. A bug at launch prevented users from uploading their covid-19 test results (which is crucial to actually tracking the spread of the virus), and several users have reported receiving notifications warning them of possible exposure only for the message to vanish when they try to check it.
On Friday, several users in England and Wales posted on Twitter that they’d received confusing notifications from the app that contradicted official government reports. Users living in Walsall and Wakefield said they got alerts that the risk level in their respective area had changed to medium, meaning only national restrictions regarding gathering sizes, business operating hours, and face masks are enforced. But according to government guidance found online, both areas are still classified as high risk, a distinction for regions with higher levels of infections that carries heavier restrictions, particularly regarding socializing (households aren’t allowed to hold gatherings of any size indoors, for example).
In London, where additional lockdown restrictions went into effect at midnight on Friday and the alert level rose from medium to high, users said the app’s alert level for the area remained unchanged. Weirder still, one user there said his app indicated he was in both a high and medium risk area simultaneously, the Guardian reports.
While the Department of Health and Social Care didn’t disclose how many users this bug affected, one expert told Sky News that as many as 4 million people may have received erroneous notifications. Jeremy Place, an information security specialist, said he was monitoring the app when the glitch occurred and that it was almost certainly “a fat finger error” related to a recent update to the app’s alert levels. (Previously, the app’s levels were low, medium, and high, but that has since changed to medium, high, and very high to match the government’s new tier system.)
Place said that a blank file was accidentally pushed out to users in lieu of an actual alert level update under this newly revised system.
“I was monitoring for changes to the app to see whether they were addressing any of the issues that had been raised about confusing risk level messages,” he told the outlet. “I noticed that the file was empty from 18.21 for about an hour.”
Any phone receiving that empty file likely reverted to the app’s old system, thus prompting an incorrect notification that the risk level had changed in a user’s area.
The UK’s road to developing a contact tracing app has been a convoluted mess, so it’s little wonder that the app itself would be just as rife with problems. After trying and failing to develop its own app for months, the British Department of Health and Social Care finally threw in the towel in June and announced it was pivoting to Google and Apple’s API after uncovering several “challenges” during the app’s test run.
Previously, UK officials refused to agree to the tech giants’ user privacy demands and had decided to build their own API from the ground up that, unlike Google and Apple’s, wouldn’t require storing information about users’ contacts locally on those users’ phones as a trade-off for expanding Bluetooth capabilities. However, not only did the solution they came up with not work worth a damn, it was probably illegal to boot. Due to the way the app was designed, it could potentially exchange identifying information with third parties without users’ knowledge or consent, a clear violation of Europe’s General Data Protection Regulation.
So I mean, I guess this is an improvement? Though not much of one, to be sure.