The NHSX app, its potential for power, and why apps alone will not save us.

This article will compare the development of contact tracing apps, along with the responses to Covid19 from South Korea and the UK, who each took a centralised approach to different extents. It will also briefly explore the
dichotomy presented when weighing up privacy with efficiency in response.

Firstly, let us look at how South Korea utilised their contact tracing app(s). Having already experienced a MERS outbreak from May 2015 to July 2015, with a total of 38 deaths[1], their response left them with the blueprints for testing kits and equipment. It also allowed for more certainty when
containing Covid19, with little room for hypothesis and external influence:
The experience prompted the country to overhaul its CDC (Center for Disease Control) and pass laws to prepare for the next epidemic. Central to the changes was the ability to cut through a bureaucratic months-long process to get test kits rapidly approved and working during an emergency. The Zika virus epidemic of 2016 served as a small-scale dry run of the new system. [2]

As well as this, their government held a mock disease response drill in December, after learning about the outbreak in Wuhan[3].
Contact tracing apps are only efficient when the adjacent testing occurs vastly and swiftly. South Korea ensured that they were aptly prepared to scale up the production of tests for Covid-19, a Coronavirus with a higher infection rate (R0) than MERS on average[4]. The R0 value is the number of people that one person can transmit the virus to. Given the higher infection rate, the speed at which measures are implemented and testing occurs is vital in ‘flattening the curve’. The general timeline of initial measures in South Korea is as follows[5]:

  • 20th Jan 2020: Patient 0 detected, Infectious Disease Alert raised from Level 1 -> 2. R0 calculated to be 30, so patient 31 is of importance.
  • 21st Jan 2020: Anyone travelling to Korea within 14 days of visiting Wuhan is questioned
  • 27th Jan 2020: Infectious Disease Alert raised from Level 2 -> 3
  • 28th Jan 2020: Full inspection of anyone entering from Wuhan within 14 days
  • 29th Jan 2020: ‘1399 call center’ available to public to handle increase in consultation calls 
  • 30th Jan 2020: Epidemic prevention budget of 20.8 billion KRW (~17mil USD) executed
  • 2nd Feb 2020: Travellers from China will be directed to a separate hall in Incheon Intl.
  • 4th Feb 2020: Approval granted to KoGene Biotech Co Ltd to produce test kits
  • 7th Feb 2020: Test kits (able to produce results within 6hrs), become
    available at 50 health facilities. Private healthcare providers and public health institutes serve as additional testing facilities. Daily test supply
    increased to 3000.
  • 12th Feb 2020: SeeGene Inc. received approval to produce test kits
  • 12th Feb 2020: Self-diagnosis mobile app released to allow users to log symptoms and access readily available information on follow-up actions (provided by Corona100m)
  • 16th Feb 2020: Daily test supply increased to 5000.
  • 23rd Feb 2020: Infectious Disease Alert raised from Level 3 -> 4 (highest)
  • 7th March 2020: Gov releases GPS-based app to monitor individuals

… and the list goes on, however these specific points were essential in the preliminary tracking of the spread, giving both the self-diagnosis and
quarantine apps a satisfactory initial data set. Also, having tracked and traced so quickly, there was no need for a lockdown[6]. Those infected were told to self-isolate, otherwise business as usual (with masks on, just in case). As well as this, the repetitive ‘test and trace’ pattern is evident and consistent (patient 0 detected, ‘1399’ call center set up, 3000 tests a day, self-diagnosis app, 5000 tests a day, quarantine app), and the amplitude of response scales proportionally to the increase in infections.
Regarding the efficiency of South Korea’s implementation of apps, the
splitting of “self-diagnosis” and “quarantine” functionalities (12th Feb, 7th March above) coincides with the data supplied to the SIR model (Susceptible, Infected, Recovered/ passed). Susceptible and recovered
values are handled by the self-diagnosis app, and the infected values
handled by the quarantine app. These values are likely to be accurate, as the manual process of testing is woven in intermittently throughout the
response, and the swiftness and clarity of protocol builds trust (leading to a large user-base). Trust is essential, as otherwise the use of a centralised
system raises too many concerns. It is fair to say South Korea has earned trust in this process, although how they use that information moving
forward is uncertain. 

Now, to compare with the UK’s response. 

The UK confirmed its first two Covid19 cases on the 31st of January, yet only began entering lockdown on the 20th of March[7]. This is due to the initial ‘herd immunity’ concept as a response, brought forward by Dominic Cummings, Sir Patrick Vallance, Professor Chris Whitty, and the rest of the Scientific Advisory Group for Emergencies (SAGE) cohort. The herd immunity concept was later dismissed, as researchers from Imperial College London simulated the response, and found there could have been an excess of 510,000 deaths[8]. Having wasted nearly two months since the first recorded cases, the virus had already spread through a sizable chunk of the
population, and was continuing to spread. This U-turn in policy is a key
example of something that breaks trust between the state and its citizens. 

The government knew Covid19 was in the UK on the 31st of January[7],
meaning they had ample time to watch how other nations were responding, and take notes. Instead, they tried to compete, and prove to the world that they could simultaneously preserve health and wealth, by keeping
businesses running entirely as usual until the 20th of March[7], with hopes of
executing their herd immunity scheme. It was on the 23rd of March that
people were told to stay at home, so by that point it was evident where the
priorities lay. If it was not already painfully obvious to citizens who had been
comparing the national response to the global response all along.

Contact tracing only works when combined with sufficient testing, as apps alone are unable to determine asymptomatic carriers. Given the stalled
response, the government had to catch up massively on their testing. On the 2nd of April, Matt Hancock (the Secretary of State for Health and Social Care) set a target of carrying out 100,000 tests a day by the end of the month[7]

He later announced the milestone had been exceeded, with 122,347 tests
being ‘sent out’ on the last day of April, but this included more than 40,000 faulty tests, and was followed by several days of not meeting the target of tests sent out at all[9]. Some people reported testing kits with missing items, an issue which is still being documented by citizens in June[10]. This is far from the level of testing needed to successfully begin integrating the data with that from apps, which is why the sudden announcement of the ‘NHSX’ app instantly raised a question.

Who was initially contracted to develop the NHSX app?

Companies are typically required to be contracted in tech developments. Given that NHSX is a publicly funded service, this process should be as open as possible. The UK government had not shared their contracts for NHSX or its app openly, resulting in OpenDemocracy leading an inquiry. This would have led to court
proceedings, had the government not released the documents hours prior to the hearing, revealing that the following companies had been contracted[11]:

  • Google
  • Microsoft
  • Faculty
  • Palantir

Google and Microsoft appear to make the most sense in this list, as they are established tech monopolies and generate a lot of profit for the West. Google’s involvement is mostly for using Android mechanisms and
development tools, as Google owns Android. Whereas Bill Gates has been speaking about the topic of pandemics for a few years now[12]. He has also
recently criticised how unregulated Google, Facebook, and Amazon are[13]. Yet, whether due to the putting aside of previous differences, or due to a lack of conviction in his previous concerns, he was willing to work with Google on the NHSX app.

Despite their apparent comraderie and impressive combined resources, there is still a more recent concern. Google has recently regressed in privacy standards, by placing UK data under the jurisdiction of the US, while the UK prepares to redefine its GDPR following Brexit[14]. We therefore will have to watch the way they treat the data collected, in correspondence with the shift in UK law.

Faculty is owned by Marc Warner, who works with and is the brother of Ben Warner. Dominic Cummings has shares in Faculty, and worked with Ben Warner on the Vote Leave/ Brexit campaign. No other firms were asked to bid for this role. Instead, a previous contract with Faculty was extended, as
opposed to there being an open-tender process for a new contract[15].

Palantir is an American intelligence company, previously involved in violent ‘counter-terrorist’ operations, and U.S Immigration and Customs Enforcement (ICE) operations[16]. In 2010, they developed a medical branch, which processed information relating to Medicare and Medicaid (health
services in America). So, they are somewhat relevant, but is the involvement of a company of this type, along with the three other
companies, really necessary for just one app?

South Korea has a population of 51,267,902[17] and the UK has a population of 67,875,584[18]. The UK is 2.4x bigger than South Korea with regards to land area[19], meaning that the UK has a much lower population density. This should suggest that keeping track of citizens in the UK is easier on average, as they are less grouped up. So, why is it that the Korean government can
depend mostly on a single company, Corona100m, while the UK scrambles around with four major tech companies?

Well, it would be remiss to ignore the fact that South Korea had extra
powers, which could be considered authoritarian. As well as mobile phone data, they monitored CCTV and credit-card records]20]. While it is naturally suspicious for centralised bodies to have access to all of this information, they made it apparently worthwhile by productively utilising the data they received, and responding quickly.

The UK however wanted to split the responsibility between several private companies. Each of which has their own surveillance and
monitoring powers, and when combined are less directly intrusive than the powers of South Korea, or China, yet are intrusive nonetheless. 

So, it is no surprise that the development of the NHSX app was re-evaluated. If the UK government is struggling to provide the same testing capability and response time as other nations, then it cannot expect its citizens to
voluntarily sign away all of their data. The public confusion surrounding data privacy has already heightened in recent years, so when applied to
healthcare instead of the usual advertising, it is an even more sensitive topic. They had no reason to trust the government with extra data for the purposes of healthcare, so they didn’t. Citizens would rightfully be thinking ‘What’s the point? What would that data actually get used for?’, and I
presume this primary distrust is what led to a change in the way that the NHSX app was developed.

The NHSX app is now entirely open-source, yet also centralised. Their Github repo can be found here: , and the centralised
nature of the system is explained here: 

The National Cyber Security Centre (NCSC) blog states that the app uses Android and iOS mechanisms, but there is no longer any evidence of
involvement from Palantir or Microsoft. 

To conclude, while there are countless external factors which could have led to the demise of the NHSX app, by making it open-source, they aim to
provide transparency and build trust where other parties have failed to do so. The systems offered to us initially are not the be-all and end-all, and
providing unilateral access to information is the direction the UK should begin heading in, if it wishes to compete with the world.

Remember that technology can exist to provably benefit humanity, without a double-edged power of manipulation. The stance that ‘technology is evil’ is too literal, rather, technology catalyses evil. That same evil manifests itself in sources, features, processes, and ownership; all of which exist with or without the aid of technology.  These are the only things we can question, not technology as a whole, or the acceleration of access to information.

Thanks for reading!

Now for some utopia~ (poem by Richard Brautigan)


  1. World Health Organisation. (2015). ‘(MERS-CoV) – Republic of Korea’ [Online]. World Health Organisation. Available at: (Accessed: 19th June 2020)
  2. Kim, V. (2020) ‘South Korea’s rapid coronavirus testing, far ahead of the U.S., could be saving lives’ [Online]. LA Times. Available at: (Accessed: 19th June 2020)
  3. Shin, H. (2020) ‘South Korea’s emergency exercise in December facilitated coronavirus testing, containment’ [Online]. Reuters. Available at: (Accessed: 19th June 2020)
  4. Uras, U (2020) ‘Coronavirus: Comparing COVID-19, SARS and MERS’ [Online]. Al Jazeera. Available at: (Accessed: 19th June 2020)
  5. Cha, V.  and Kim, D. (2020) ‘A Timeline of South Korea’s Response to COVID-19’ [Online]. Center for Strategic & International Studies. Available at: (Accessed: 19th June 2020)
  6. Porterfield, C. (2020) ‘South Korea Sees Coronavirus Slowdown—Without A Lockdown, But With Nearly 250,000 Tests’ [Online]. Forbes. Available at: (Accessed: 19th June 2020)
  7. Multiple contributors. (last updated: as of date) ‘Timeline of the COVID-19 pandemic in the United Kingdom’ [Online]. Wikipedia. Available at: (Accessed: 19th June 2020)
  8. Landler, M. and Castle, S. (2020) ‘Behind the Virus Report That Jarred the U.S. and the U.K. to Action’ [Online]. New York Times. Available at: (Accessed: 19th June 2020)
  9. McGuinness, A. (2020) ‘Coronavirus: Government misses COVID-19 testing target for fourth day in a row’ [Online]. Sky News. Available at: (Accessed: 19th June 2020)
  10. @TheCurlyLucy. (2017).
    Hello @MattHancock
    Last night I received 3 test kits. All are missing essential items and all have been binned, as advised by helpful NHS helpline staff. Today I could reorder only 1. So does that count as 4 tests sent out? How many have been binned? And are you including them? [Twitter]. 11 June. Available at: (Accessed: 19th June 2020)
  11. Fitzgerald, M. and Crider, C. (2020) ‘Hours before openDemocracy was due to sue, government releases massive data-sharing contracts with Amazon, Microsoft, Google, Faculty and Palantir’ [Online]. OpenDemocracy. Available at: (Accessed: 19th June 2020)
  12. TED. (2015). ‘The next outbreak? We’re not ready | Bill Gates’ [YouTube video]. 3 April. Available at: (Accessed: 19th June 2020)
  13. Huddleston Jr, T. (2019) ‘Bill Gates: ‘Government needs to get involved’ to regulate big tech companies’ [Online]. CNBC. Available at: (Accessed: 19th June 2020)
  14. Menn, J. (2020). ‘Google users in UK to lose EU data protection – sources’ [Online]. Reuters. Available at: (Accessed: 19th June 2020)
  15. Evans, R. and Pegg, D. (2020). ‘Vote Leave AI firm wins seven government contracts in 18 months’ [Online]. The Guardian. Available at: (Accessed: 19th June 2020)
  16. Multiple contributors. (last updated: 1 June 2020). ‘Palantir Technologies #ICE Partnerships’ [Online]. Wikipedia. Available at: (Accessed: 19th June 2020)
  17. Population tracker. (2020) ‘South Korea Population’ [Online]. Worldometer. Available at: (Accessed: 14:35 19 June 2020)
  18. Population tracker. (2020) ‘U.K Population’ [Online]. Worldometer. Available at: (Accessed: 14:35 19 June 2020)
  19. Map tool. (2020) ‘United Kingdom is about 2.4 times bigger than South Korea’ [Online]. My Life Elsewhere. Available at: (Accessed: 19th June 2020)
  20. Kharpal, A. (2020) ‘Use of surveillance to fight coronavirus raises concerns about government power after pandemic ends’ [Online]. CNBC. Available at:
    (Accessed: 19th June 2020)

One thought on “The NHSX app, its potential for power, and why apps alone will not save us.”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s