The part I still don't quite get is what happens after someone tests positive and how that is processed. At some point someone has to say 'the keys for people who associated with this phone need to be alerted' - and given the way this is set up, the 'infected' owner of the phone has to be involved. But who does what and what safeguards are there?
If you are using the app, and you come down with the virus, you get a passcode from your doctor, and at that point your phone uploads the random keycodes that your phone has generated over the last couple of weeks.
https://ncase.me/contact-tracing/ says that you can choose to hide the keycodes that you want to keep private. I don't know if that is the case with the NHS app.
If another user had been close to you, then every so often the app on my phone will check with the central database to see if any of the keycode from contacts from that user have been flagged as being from someone with the infection. A comment in a footnote of the cartoon at the WWW site says:
"the real DP-3T protocol (the thing implemented by Apple and Google) is even MORE secure! It uses a "cuckoo filter" so that phones only know the covid-19 messages they heard, without revealing ALL covid-19 messages."
At this point if you have been too close for too long to infected, will get a warning to self-isolate for 14 days. Other people in your house do not have to also self-isolate unless you get COVID symptoms. If you get COVID symptoms you can book a test using the app. If you don't get any symptoms then you can stop isolating after 14 days without a test.
I saw a comment on the NHS WWW site today, saying that self-isolation after a warning from the app is recommended, but voluntary, if you don't have symptoms.