Apple and Google developed a new API for iPhone and Android that would allow app developers to create contact tracing apps for the novel coronavirus. The Apple-Google approach relies on Bluetooth connectivity between devices to determine the risk of exposure of an individual to a person who tested positive to COVID-19.
The object of such apps is for medical systems to be able to perform quick contact tracing and react accordingly. Patients can be isolated earlier and tested for COVID-19 with the help of such apps. But, crucially, participation is voluntary. It’s up to iPhone and Android users to opt-in. When they do, their privacy will be protected, and neither Apple nor Google will collect any data about users. It’ll all stay on their phones.
Several governments in Europe have been working on their own contact tracing app as well, some starting similar initiatives before Apple and Google announced their joint effort. But not all countries went for a privacy-friendly approach. The UK, France, and Germany all wanted Apple and Google to make certain exceptions that would allow these governments to run their own contact tracing app, and collect more user data. Germany announced over the weekend that it’ll drop its requests and instead follow Apple and Google’s guidelines, just as the two tech giants announced new changes for the app that will improve user privacy.
Apple and Google on Friday disclosed various changes to their coronavirus contact tracing initiative, addressing the concerns of privacy advocates.
The initiative is now referred to as “exposure notification” instead of “contact tracing,” a name that better describes the functionality of the app. These apps will notify users of potential exposure, and it’ll be up to the user and authorities to perform the actual contact tracing efforts.
Apple and Google built additional privacy protections in the app to make accidental or intentional identification of users impossible. The keys will be generated randomly, making it impossible for someone to guess them. Bluetooth metadata will be encrypted, and exposure time will be rounded up to five minutes to make it impossible for someone to identify users.
The API will also register the Bluetooth system level to avoid false positives. Bluetooth system travels several tens of feet and can penetrate walls. The farther away you are from someone, the less likely you’d be to get infected, especially if you’re living in different apartments. Without taking into account Bluetooth power levels, the app would still give you a warning.
Germany on Sunday announced that it will no longer pursue its own contact tracing app. Instead, it’ll rely on the Apple-Google approach, Reuters reported. Chancellery Minister Helge Braun and Health Minister Jens Spahn said in a joined statement that the country will go for the “decentralized” approach that Apple and Google are championing.