Android Developers
Published in

Android Developers

Illustration by Virginia Poltrack

Build Better Workplace Safety Apps

ProtectWell for UnitedHealth Group employee attestation screening user flow

User Onboarding

Let’s start with the basics. No matter what your return to work experience entails, empathy and safety must be a part of your design and implementation. Recognize that, for many employees, the return to the workplace will seem different, unfamiliar, perhaps even uncomfortable. For example: depending on your solution, you may need to have your app running in the foreground as a persistent notification. This could look scary to some users who do not understand why you want this new app running all the time. In your onboarding UX flows, you should disclose all permissions required individually, before asking the user to accept; including the user actions that can be taken, including:

PwC uses clear messaging to inform employees about Automatic Contact Tracing
PwC allows admins to create geofences in a web UI that establishes tracing parameters
  • Bluetooth. This can be used to keep track of devices that have come near or in contact with each other. Bluetooth requires the location permission.
  • Notifications (FCM), to wake up the device and let the users know of any pertinent information.
  • Persistent foreground notifications are useful for demonstrating that a service is being kept alive and letting the user know what is happening.
ProtectWell notifications
  • Application scope: If your application will be handling sensitive workflows like contact tracing or proof of vaccination, you should make it clear to users the scope of how long you will require access to sensitive information like health data or employee interactions.

Handling notifications for your app

Notifications have their pitfalls and it is recommended that you tread lightly without inundating the user. Here is some user feedback and lessons learned around daily reminder notifications:

ProtectWell for UnitedHealth Group designs for reminders

Enabling tracing workflows for your app

While Exposure Notifications are a valuable framework to help employees understand their risk of exposure, sometimes you need more granular tracing data. This is particularly true in facilities or areas where social distancing may be more difficult. Based on publicly available information, we’ve seen this accomplished through three separate approaches:

  1. Measurement of employee interactions with Bluetooth beaconing infrastructure using fixed and badge-based beacons. This allows a company to survey employee movement and density across a corporate building or campus, as well as potentially record where infected individuals have been.
  2. Commercial deployment of person-to-person based tracing technologies. These technologies are designed to survey employee interactions through measurement of Bluetooth and Wi-Fi signals.
  3. Internally developed person-to-person based tracing technologies. This approach is based on open source frameworks, such as Herald, BlueTrace, or PACT.
PwC provides clear guidance to users on what to do if a permission check fails

Sensitive Data Protection

If you’re building an app that persists or accesses sensitive health information requiring user interaction, you may want to look at our Biometrics APIs to ensure that the user on the device is the user you are expecting. Sometimes you will need to verify that the user on a device is who you’re expecting. If your app requires personally identifiable information (PII), such as health data for your users, then we would recommend checking out our Biometrics APIs for ensuring user presence.

Example Code to encrypt data using Jetpack Security

Battery life considerations

Because enterprise tracing apps cannot persist in the background, developers will have to take on several optimization considerations. Power management and battery optimization best practices need to be well understood, such as power management restrictions that are in place to improve battery life of devices. In some cases, battery optimizations need to be turned off or tweaked in order to handle frequent checks with background services. Developers should also understand and test how their application will function if placed in doze and leverage frameworks like foreground services and WorkManager to keep the app functioning as long as required by your use case. Applications can also be woken up remotely if a connection is lost due to power management using High Priority messages. Foreground Services have additional restrictions in Android 12, please be aware of them to ensure that your service will start running as expected.


For enterprises publishing within their own organization, you should expect to publish apps to respond to COVID-19 using managed Google Play wherever possible. This will ensure that general consumers do not confuse apps from your organization with others designed to help combat the pandemic. Doing so will allow you to also easily remove these applications from employees’ devices in the event they are no longer required.



Articles on modern tools and resources to help you build experiences that people love, faster and easier, across every Android device.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jon Markoff

Staff Developer Advocate, Android Security & Enterprise, Google Twitter: @jonmarkoff