Building a secure, compliant mobile app for digital pandemic response

Icon of a triangle with an exclimation mark in the middle


Build products to support containing the pandemic while preserving the privacy of individuals

Icon of a location marker with five dashes coming out from the top


Contact Tracing apps with the ability to adapt to communities around the world including roll outs in MN, HI, LA, Guam, Puerto Rico, etc.

PathCheck application screenshots

Four screenshots on a light purple background; the dashboard, a welcome screen, a positive test self-report scree, and exposures screen

Quote from the PathCheck project

In the middle of the pandemic when I found myself CTO of an organization that had to deliver, I turned to thoughtbot, the software development company I trusted and helped me sell my last company.

Sam Zimmerman,
CTO of PathCheck

About PathCheck

PathCheck is an organization founded out of MIT, that coordinates and empowers a global community of organizations, researchers, health officials, and volunteers.

The team is a mix of full-time and part-time leaders, product strategists, designers and engineers with a variety of backgrounds from all over the world. The common unifier being a passion for using technology to change the world, and in this case to help empower users with the option to opt into a secure, pandemic response solution.

Like thoughtbot, the PathCheck team are big fans of building the right, high quality product the first time and also look to share learnings along the way. PathCheck maintains a robust open-source library to support others in the space and provide consulting to support adoption.

The focus of the PathCheck organization is building open source software, standards, and public health programs that help contain the pandemic, restart the economy, and protect individual freedom and privacy. thoughtbot was brought onboard to embed directly with their product team to strategically design, develop and ship contact tracing applications.

The Challenge

thoughtbot and PathCheck had a few challenges to work through from the start, the first being that time was of the essence. The team had to hit their stride quickly to maximize overall velocity without compromising quality.

Since the PathCheck team consisted of team members and volunteers across a variety of timezones, skill sets and bandwidth, it made for a very unique project. thoughtbot’s Development Lead, John Schoeman shared “Month 2 of the pandemic we’d wake up in the morning and have GM Guam asking what they can work on, midday we’re talking to the leadership of Brazil, then meeting in the afternoon with AWS about how we can actually do this. It was not your typical open source project."

For the app itself, the decision was made to use ReactNative to bring consistent iOS and Android versions to life. thoughtbot also identified a design and localization strategy that would support a variety of constituents, across the US and world. Given the sensitivity around data and privacy in mobile apps, the design had to build trust and confidence quickly.

Last but not least, a large technical feat was the successful integration with the Google Apple Exposure Notification (GAEN) framework. GAEN is a protocol developed by Apple and Google in just eight weeks and supports integration with 99% of mobile operating systems. The protocol has strict guidelines to preserve privacy of the end user. Implementing GAEN correctly across device types and operating systems, while reacting to API changes was paramount to get right.

Prototype screenshots

Four screenshots of the Pathcheck prototype: a dashboard screen, a screen showing symptoms history, a screen with exposure scanning that is off, another screen documenting symptoms

The Solution

thoughtbot designers and engineers embedded with the team and established a system for communication and prioritizing work. From there, they outlined the overall product strategy. With success criteria defined and the implementation plan in place, execution commenced.

thoughtbot completed user research to inform a design that could scale to serve a variety of communities, and their native languages. A landing page, onboarding flow and privacy overview screen were implemented to help familiarize a user with the app, share an explanation of how the app works and most importantly, how their privacy is maintained.

Behind the scenes, thoughtbot implemented the GAEN framework which allowed the applications to use Bluetooth to anonymously and securely identify when two individual’s devices have been near each other, and potential Covid-19 exposures have occurred.

PathCheck Illustrations

Two illustrations side by side. In the first, two female presenting people putting their hands up for a high-five 6ft away wearing masks. In the second, a orange male-presenting person is framed by a phone with a speech bubble and a female-presenting person sitting at a laptop

The Outcome

Celebrating the first of many launches

The first app launch was in Q3 2020, and since then, teams in seven U.S. states and countries are implementing PathCheck technology to create exposure notification mobile apps for their communities, including Hawaii, Guam, Puerto Rico, and Cyprus. Most recently the day after our release in Minnesota, the mobile app was #3 in Utilities and #42 overall in the app store!

The future of these applications will continue to evolve to better serve end users and their health officials. As product enthusiasts, thoughtbot has a passion for exploring how new technologies can better solve problems and look forward to continuing our work with PathCheck to support containing the pandemic. The teams are hopeful this work serves as a foundation to address a wide range of other needs after the pandemic is contained. thoughtbot hosted a fireside chat to talk through all of the lessons learned if you are interested in learning more about our experience.

Quote from the PathCheck project

I really appreciate the practical, fast, quick iteration, product-focused thinking that thoughtbot has delivered and I think they are the right decision for any product problem.

Sam Zimmerman,
CTO of PathCheck

What does success look like for your project?