The Broken COVIDSafe iOS application
Edit 15/5: COVIDSafe 1.2 has fixed its scanning behaviour, so the below only applied for 1.0 and 1.1. A great result!
There is a lot of misinformation going around about the COVIDSafe iOS application and how it may or may not function correctly when the app is not in the foreground. In particular, many news articles claim that iOS doesn’t allow background bluetooth activity. I hope to clarify some of that here, and to show how I think it could be better. I believe that it shouldn’t be necessary to ask iPhone users to keep their phone on, with the app in the foreground.
There are two roles a device using bluetooth can employ, central and peripheral. In the peripheral role, the device sends advertisements for something which is scanning to pick up and connect to it. In the central role, a device scans for peripherals, and connects to them. The COVIDSafe application implements both of these roles, using a specific service UUID, which is an identifier specifying the service that the device supports.
On iOS, the behaviour of both of these roles changes when the application is in the background. It’s clear in Apple’s documentation:
- In the central role, your application can scan, but must specify an explicit service UUID. See Apple’s documentation. The timing of scanning is less predictable.
- In the peripheral role, the advertisement’s service UUID goes into an ‘overflow’ area, and are “discoverable only by an iOS device explicitly scanning for them.” This is why there are videos out there showing scanners not picking up the application in the background.
So does the COVIDSafe application work in the background? Not properly. It runs a timer to start and stop scanning, which is not how an app scanning should behave. The problem appears to be that it stops scanning, and never starts again when the application is not in the foreground. It’s still advertising, so an active application will exchange an encounter, but if everyone with an iPhone doesn’t open the app, there won’t be any encounters logged.
Here’s a video that shows that it could work much better when in the background. I have written a very simple example application that plays both central and peripheral role, using the same service UUID that COVIDSafe uses. This application is running on the device on the right. I have also injected code into the COVIDSafe app which displays a notification whenever a device (which uses the same service UUID) is discovered. That’s running on the device on the left:
When the device is locked, scans appear to become less common. I left my app running in the background for a long time, and it would only receive scan results between 5–20 minutes. When the device is in use, it’s much more common. A simple way to trigger it seemed to be on raising the device to turn the screen on. It’s not perfect, and I can’t answer whether or not it’s good enough for contact tracing. It’s a lot better than the COVIDSafe application, which explicitly tells the system to stop scanning.
I’d love to be shown that the behaviour of the COVIDSafe application is intentional for a good reason, or that I’m wrong in some way. But as it is now, I don’t believe that is the case.
