Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

We are under a lot of pressure to deliver an App via the App Store to one of our prospects.

They are in a country outside the US, so we had considered just releasing to the App Store in that country. However that would entail additional delays, and therefore the current plan is to publish an initial release globally on the App Store.

This document assesses the latest App build (v0.9.6 ??) against suitability for this purpose, and highlights the key risks & quality issues that we have been able to identify. This draws on a combination of testing performed on the latest build,and previous project knowledge about the state of the App.

Expected Usage

The key uses we anticipate for the App are:

  1. Evaluation & testing by one prospect in a small country outside the US.

  2. Use in marketing demos with other prospects

  3. Download and use by people across the world who have heard of the project, and want to begin storing their location data on their phone, in case they are later diagnosed with COVID-19

  4. Other people who are interested in the project, which may include goverment researchers, other COVID-19 projects, Hackers, journalists etc. etc.

Note that usages 3 & 4 are usages that we are exposed to by the decision to release the app globally. If we limited release to a single small country, our exposure to these usages would be massively reduced.

Key issues and concerns

Security, Privacy & misinformation.

  • We know we have issues with Security & Privacy vs. where we want to get to - e.g. data stored unencrypted on users' phones. This is a concern given that the app may become widely used to store personal data in the US & elsewhere due to the profile of the project. Our Privacy-first messaging & non-profit status + MIT backing means that users will be inclined to trust us by default.

  • Risks therefore include…

  • Personal data breaches

  • Published analyses of security deficiencies by hackers/journalists

  • Reputational damage from both of the above.

  • Manipulation of naive users. Is there a risk that naive users could be manipulated into sharing their location data with organizations other than Healthcare Agencies? Can / should we do more to discourage / prevent this?

  • Exposure to fake sources of COVIS-19 data. Having provided an app that consumes a certain kind of data, but not provided the data itself (the HAs), do we encourage unscrupulous 3rd parties to fill that gap with fake data?

Upgrade

  • We have not tested upgrade from this release to a future release. Therefore we don’t know that this app is upgradeable-from without loss of data.

  • Upgrade which changes data format (e.g. encrypts data) may be particularly problematic in future .

Confidentiality

If the App is published to the global App store with support for just 2 languages, does this leak confidential information about the location of a key prospect?

General functional deficiencies

Previously known defects:

New defects found testing the latest app.

New function: Select Health Authority during setup

  • Note any issues identified.

Country-specific issues, risks & limitations

We have not tested the translation with a native speaker. Therefore we do not know whether there are issues with context, quality of translation, mi-spellings etc.

WHen changig language, you often get https://github.com/tripleblindmarket/covid-safe-paths/issues/609

Suitability for demos with prospects in other countries

Restrictions in available languages may be an issue.

Restrictions in function intended to make the release as robust as possible may cause problems

  • E.g. Google Data Import.

  • No labels