The Unbroken iOS COVIDSafe application
The source code for COVIDSafe version 1.2 has been posted, and it contains two very important updates:
- A fix for background scanning on iOS devices
- The security crash fix
Number 2. is uninteresting, but 1. deserves attention.
Even before COVIDSafe 1.0 was released, there was conflicting commentary on whether they had fixed the background iOS behaviour suffered by Singapore’s TraceTogether application. Apparently it was fixed, then maybe it wasn’t, then maybe it was slightly better?
Earlier in the month, before the source code was made available, I wrote up an analysis of the background behaviour of COVIDSafe, with a recommendation on how to improve the situation. We had the OpenTrace source code, but it was hard to tell if COVIDSafe had fixed anything as some politicians had suggested. I came to the conclusion that nothing had changed from OpenTrace, and that:
the application only needs to call scanForPeripherals once. I have an example project which continues to get peripheral discovery callbacks when it is in the background. The key to this, apart from not continuously starting and stopping scans is to set CBCentralManagerScanOptionAllowDuplicatesKey to true
This is extremely important, but as confident as I was, I wasn’t 100% certain that the start/stop scans were being done for a reason I wasn’t privvy to.
Well, now we have the source code of version 1.2, and we can see exactly what they have changed here:
First, there’s no more timer that starts and stops scans. Second, there is no mention of central.stopScan() anywhere at all in the new code! And then:
They scan with CBCentralManagerScanOptionAllowDuplicatesKey .
This is good progress for COVIDSafe, and it completely validates the conclusion that I came to in my initial analysis.
However, this very important change has been made rather silently, as it contradicts the very public statements DTA have made as to the background behaviour on iOS being a limitation imposed by Apple, and not an error in the way the application was using CoreBluetooth.
iOS still has some background limitations, particularly that I have observed when the device is locked and unused. It will scan, but intervals can vary greatly. I (and others) noticed that simply waking the screen is often enough to trigger a bluetooth central scan to be made. It’s not clear to me if the next version of iOS will improve things here for applications not using their contact tracing methodology.
But for now, it’s unquestionable that COVIDSafe will perform in a much better manner in the background, without Apple’s assistance.
