Illustration by Virginia Poltrack

Build Better Workplace Safety Apps

With Avani Agarwal, Todd Burner, Paul Ruiz, and Sean Ginevan

In the early months of the COVID-19 pandemic, developers faced new requests for building applications and functionality to help enterprises manage safety within their workplace. As many jurisdictions begin to loosen restrictions on the types of workplaces that can remain open, we wanted to highlight challenges you may face as a developer and show you how to overcome them. Examples of tools for keeping workers safer with Android can include screening surveys, notifications, and contact tracing tools for the workplace.

ProtectWell for UnitedHealth Group employee attestation screening user flow

Developers face a new challenge of navigating a complex set of guidance on how to potentially keep an app running for long periods of time in a safe and privacy preserving environment. When adding COVID functionality to workplace apps it’s essential to preserve these elements of privacy and device interaction.

User Onboarding

Let’s start with the basics. No matter what your return to work experience entails, empathy and safety must be a part of your design and implementation. Recognize that, for many employees, the return to the workplace will seem different, unfamiliar, perhaps even uncomfortable. For example: depending on your solution, you may need to have your app running in the foreground as a persistent notification. This could look scary to some users who do not understand why you want this new app running all the time. In your onboarding UX flows, you should disclose all permissions required individually, before asking the user to accept; including the user actions that can be taken, including:

PwC uses clear messaging to inform employees about Automatic Contact Tracing

• Location. Your app may need to use location services in the background, for example, to run contact tracing functions or to set geofence to ensure that your app is only functional while at work.

PwC allows admins to create geofences in a web UI that establishes tracing parameters

• Bluetooth. This can be used to keep track of devices that have come near or in contact with each other. Bluetooth requires the location permission.
• Notifications (FCM), to wake up the device and let the users know of any pertinent information.
• Persistent foreground notifications are useful for demonstrating that a service is being kept alive and letting the user know what is happening.

ProtectWell notifications

• Application scope: If your application will be handling sensitive workflows like contact tracing or proof of vaccination, you should make it clear to users the scope of how long you will require access to sensitive information like health data or employee interactions.

In designing your return to work workflows, remember to apply Hick’s Law — the simple concept that the more choices that are presented to a user, the longer it will take them to reach a decision. This may seem like common sense, but the rush to quickly complete an app with as much functionality as possible can negate this rule.

Handling notifications for your app

Notifications have their pitfalls and it is recommended that you tread lightly without inundating the user. Here is some user feedback and lessons learned around daily reminder notifications:

“We built ProtectWell to be used daily to keep our users and everyone around them symptom and exposure free. Since ProtectWell is used mostly by organizations with employees and students, we received feedback that users did not like the daily reminders during weekends, holidays and vacations. We do say that ‘COVID doesn’t take the weekends’ off so we always encourage our users to check in everyday regardless if they are headed to work or school. However this was great feedback and helped us understand how our product was being used and what we needed to do to keep iterating on our designs.” — Ishraf Ahmad, Director of Product and Design | ProtectWell

It is important to limit the number of times a user receives alerts and keep the language clear and ensure any required actions super directed — even allowing for resolution with the notification itself. Giving users the choice for when and how to receive “daily reminders” creates more agency.

For tracing applications, providing indications when an app is running tracing functions also creates agency.

“Almost all of the users were concerned about how their data was being collected from their employers, and if it was kept private or shared externally. But they expressed willingness to participate in order to help safeguard the workplace. They wanted to clearly understand when the app ‘starts’ and ‘stops’,” said Lauren Mills, Associate Product Manager from PwC.

Notifications can help address this concern by providing more contextual information to an employee about when tracing is happening, especially when its functionality is bound by a geofence. In addition to bounding functionality based on location, developers might consider allowing users to automate when the app can run, for instance turning on at 8am and off by 6pm, in order to mitigate the number of notifications from the app.

Using the Firebase Cloud Messaging SDK is the fastest way to notify your employees of changes to work policies. First go to the Firebase Console and setup FCM, then simply import FCM into your build.gradle. From there you can notify users of your app directly through the Firebase console and from the server side component using one of the many client SDKs. If you want to automate messaging, or segment your users you can use additional FCM functionality.

ProtectWell for UnitedHealth Group designs for reminders

Enabling tracing workflows for your app

While Exposure Notifications are a valuable framework to help employees understand their risk of exposure, sometimes you need more granular tracing data. This is particularly true in facilities or areas where social distancing may be more difficult. Based on publicly available information, we’ve seen this accomplished through three separate approaches:

1. Measurement of employee interactions with Bluetooth beaconing infrastructure using fixed and badge-based beacons. This allows a company to survey employee movement and density across a corporate building or campus, as well as potentially record where infected individuals have been.
2. Commercial deployment of person-to-person based tracing technologies. These technologies are designed to survey employee interactions through measurement of Bluetooth and Wi-Fi signals.
3. Internally developed person-to-person based tracing technologies. This approach is based on open source frameworks, such as Herald, BlueTrace, or PACT.

If you need to take the approach of developing your own tools, the Nearby Connections API can be used to talk to other local devices in a peer-to-peer fashion. This could work as follows: each app would advertise itself as an endpoint, while simultaneously discovering other devices. This is important because all devices need to be accessible to each other. Paying attention to the connection lifecycle is important here to keep track of the amount of time devices are near each other. This could be used to kick off a warning to let users know they’ve been around each other too long or to let people in a conference room know if they’re at a safe capacity.

Remember that use of functions like Nearby require the use of background location and many users may not pick the right permissions. Lauren Mills from PwC pointed out that, in their experience, “Multiple users had confusion around requiring background location permissions and were hesitant to give the app permissions ‘all of the time’. Even with the copy on the location permissions screen, many chose the wrong option (allow while in use), only to be guided to correct it later from our status screen.”

In designing your application, you’ll want to check to understand if your users have granted the right permissions at runtime. If your app finds that a permission check fails, be sure to provide easy-to-understand guidance on how to resolve the issue.

PwC provides clear guidance to users on what to do if a permission check fails

Sensitive Data Protection

If you’re building an app that persists or accesses sensitive health information requiring user interaction, you may want to look at our Biometrics APIs to ensure that the user on the device is the user you are expecting. Sometimes you will need to verify that the user on a device is who you’re expecting. If your app requires personally identifiable information (PII), such as health data for your users, then we would recommend checking out our Biometrics APIs for ensuring user presence.

All data that is sensitive PII, as well as health information, should be encrypted using EncryptedSharedPreferences, which is part of the Jetpack Security suite.

Example Code to encrypt data using Jetpack Security

Battery life considerations

Because enterprise tracing apps cannot persist in the background, developers will have to take on several optimization considerations. Power management and battery optimization best practices need to be well understood, such as power management restrictions that are in place to improve battery life of devices. In some cases, battery optimizations need to be turned off or tweaked in order to handle frequent checks with background services. Developers should also understand and test how their application will function if placed in doze and leverage frameworks like foreground services and WorkManager to keep the app functioning as long as required by your use case. Applications can also be woken up remotely if a connection is lost due to power management using High Priority messages. Foreground Services have additional restrictions in Android 12, please be aware of them to ensure that your service will start running as expected.

Deployment

For enterprises publishing within their own organization, you should expect to publish apps to respond to COVID-19 using managed Google Play wherever possible. This will ensure that general consumers do not confuse apps from your organization with others designed to help combat the pandemic. Doing so will allow you to also easily remove these applications from employees’ devices in the event they are no longer required.

If your app requires publishing to the broader Google Play Store, you’ll need to ensure you are compliant with Google Play’s COVID-19 apps policies. Depending on your use cases, this may require coordination between your organization and relevant public health authorities to receive proof of authorization in order to publish to the Play Store.

Organizations should ensure that only authorized users within an enterprise can access your app.. One way to accomplish this is through the use of OpenID’s AppAuth enterprise authentication library, which provides examples and sample code to authenticate native apps with Chrome Custom Tabs.

There are many options to protect your workplace by guiding employees to be safer through the use of technology. Android has the ability to provide these tools, whether it be through the use of the Bluetooth stack, employee ID cards, and/or geofencing APIs. Happy Coding!