Very little is known publicly about the ‘new’ app, this: https://github.com/nhsx/COVID-19-app-Android-BETA having been abandoned, I believe.
Here are a couple of straws in the wind from Wired, usually solid tech commentators:
https://www.wired.co.uk/article/nhs-coronavirus-tracking-app
and very recently: https://www.wired.co.uk/article/nhs-covid-19-tracking-app-contact-tracing
Since so little is known, the list of questions is ‘long’:
- How was Newham ‘selected’ and is there a financial arrangement?
- Which company or organisation designed and wrote it?
- Is it open source, if so under what licence?
- If open source, what guarantee that the build is in step with published source?
- Is there a clear document with all the T&C’s outside the ‘app’?
- What permissions does the app actually request (rather than require): http://skptr.me/list_of_permissions.html?
- Does it de-install easily and *completely*?
- Does it deal with proximity via Bluetooth, or, if not, what?
- Is there a clear description of ‘possible infection’ algorithm?
- What data is transferred where and to whom (countries, organisations,systems)
- Can the ‘codes’ (you have 200?) be used to de-anonymise?
- Given the April Wired article, specifically is geolocation turned on and processed?
- Is there an active centralised system component as with the first app?
I’m sure that there are a few more, but that would be a good start.