USERS of the UK Government's coronavirus contact tracing app could be giving away intimate secrets, experts have warned.

Security researchers found a weakness in the app's registration process could be exploited by hackers and used to manipulate data or create logs of fake contact events.

And Professor Vanessa Teague and Dr Chris Culnane also found the storing of unencrypted data on a user's phone could potentially be used by law enforcement agencies to determine when two or more people met.

Their research found that generating new random ID codes for users once a day, rather than every 15 minutes like in other systems, makes it theoretically possible to determine intimate details about an app user's lifestyle, such as whether they "woke up and went to bed with the same person, or more revealingly, if they did not".

The National:

The issues have been flagged to the National Cyber Security Centre (NCSC), which is involved in the app's development, which says it is in the process of fixing them.

The researchers warned strong legal protections around data use are needed in order to better protect personal privacy on the app, which is currently being trialled on the Isle of Wight and could be rolled out further.

They say data associated with the app - which has been downloaded tens of thousands of times, potentially by people living in other places -  should be protected by legislation "from use by law enforcement, or any usage not directly related to Covid-19 prevention".

Harriet Harman, chair of the Joint Committee on Human Rights, has said new laws to protect the privacy of personal information gathered by the app are a "no brainer".

Harman, who has prepared a Bill on the issue which is ready for introduction, said assurances by Health Secretary Matt Hancock do not provide any protection after he wrote to her saying the Government believes legislation is unnecessary because there is already the Data Protection Act.

The National:

In a blog post, Dr Ian Levy, technical director of the NCSC, said: "The intent of being open before national launch was to show what the app will do, how it will do it, and to get some peer review from security and privacy researchers.

"Thank-you to everyone who's taken the time to look at the design and the beta code and provide us with useful feedback.

"Everything reported to the team will be properly triaged (although this is taking longer than normal)."

In a further statement, the NCSC said: "Responsible security researchers are an overwhelming force for good and their feedback was openly requested for the quickly developed beta app.

"It was always hoped that measures such as releasing the code and explaining decisions behind the app would generate meaningful discussion with the security and privacy community.

"We look forward to continuing to work with security and cryptography researchers to make the app the best it can be for the public."

On Sunday, Scottish Health Secretary Jeane Freeman said the app will only be introduced in Scotland if it is found to compliment existing work here.