Until we have a vaccine, the only way to control Covid-19 is to remove opportunities for the infected to pass the virus on to those who are susceptible. The most effective way to do that is lockdown: to stop pretty much everyone having any contact with pretty much everyone else. That works, but at almost immeasurable cost. We need, as quickly as we can, to find a more targeted solution. Once the number of infected people falls below a certain level, it becomes feasible to locate as many of them as possible and find out who they might have given the virus to. Those contacts can then be traced and isolated before they, in turn, infect anyone else. This is the ‘track and trace’ strategy that the government hopes to put into place as a way out of lockdown. The health secretary, Matt Hancock, has talked about recruiting 18,000 volunteers to help with the task. He has also commissioned NHSX, ‘a new unit driving forward the digital transformation of health and social care’, to develop a contact tracing app.

Australia has just launched an app, based on one already in use in Singapore. Other European countries are working on solutions, some in a collaborative effort known as DP-3T. Google and Apple are tweaking their phones’ operating systems to make it easier to develop such apps. The UK’s solution is, apparently, being created with a range of partners. The most prominent developer is Pivotal Labs, a company based in San Francisco.

The details of the different approaches vary but the basic model is the same. A centralised server generates random identifiers and issues them to copies of the app running on people’s phones. Your phone uses an encryption algorithm to generate new identifiers, and broadcasts them over Bluetooth while picking up broadcasts from other phones. If you are infected and pass the virus on to someone you meet, your phone will probably also have passed on an identifier to their phone. If you develop symptoms, you can use the app to let the server know. The server will broadcast your issued identifier to everyone else’s app, and they will be able to use a private key to work out whether any of the identifiers they recently recorded was generated from yours. The app will then have to perform a calculation, based on the duration of the contact between the phones and the strength of Bluetooth signal, to determine whether or not the user needs to be alerted to the risk of infection.

The hope is that almost all of us will download the app, that we will be diligent about using it if we develop symptoms, that the detection of identifiers will be reliable, that the subsequent risk calculation will be more or less accurate, and that we will, by and large, self-isolate if the app tells us to. Crucially, the strategy also requires easy access to tests so people can be rapidly alerted if a contact who had symptoms turns out not to have had the disease.

Most criticism has focused on whether the app adequately protects users’ privacy. Early suggestions of the way it might work have created an impression that users would have to surrender to the government the kind of detailed information about their movements and activities that they currently hand over, not entirely willingly, to Google or Facebook. That isn’t the case. Apple and Google have sketched out a more decentralised system: rather than the server broadcasting updates about who has been infected, individual app users would do it peer-to-peer. The advantage of a centralised model is that it allows a filter to stop irresponsible use – by children hoping to close down their schools, for example.

It isn’t clear how the UK’s system will work. The government has said that it wants to be able to use the app to reconstruct the ‘proximity graph’ of possibly infectious contacts, to understand the epidemic better. This must mean that if someone has the app on their phone, and it recognises that they’ve been in contact with someone who has since notified the server of symptoms, then this fact is then uploaded to the server. The government will also, it has said, ask users to volunteer additional information to help research into the virus. It will, presumably, want to co-ordinate this activity with the traditional contract tracing that will still be required, and that will be hard to achieve if app users can’t be identified.

For it to work, very large numbers of people will have to download the app. Early indications from Singapore were not terribly encouraging, but initial uptake has been rapid in Australia. It’s also unclear how accurate the risk calculation will be. Many engineers are sceptical that proximity can be judged accurately enough from the strength of a Bluetooth signal, but it isn’t even clear that we know what kind of duration of contact over what kind of distance should be treated as a possible transmission event. If the app generates too many false alarms, people will quickly lose faith in the system.

I want to believe that it will work, because I want all this to be over, but I suspect that impatience may be its undoing. When we are all finally released from lockdown, it will be very tempting to discount any but the most authoritative warnings. There is also, I suspect, a huge difference between being told by a public health official that you should self-isolate as a precaution for the public good, and receiving a notification to the same effect from an app on your phone.