Google and Apple developed a new API for iPhone and Android that would allow app developers to create contact tracing apps for the novel COVID-19.
The object of the Google app is for medical systems to be able to perform quick contact tracing and react accordingly.
It’ll all stay on their phones. Several governments in Europe have been working on their own contact tracing app as well, some starting similar initiatives before Apple and Google announced their joint effort.
But not all countries went for a privacy-friendly approach. The UK, France, and Germany all wanted Apple and Google to make certain exceptions that would allow these governments to run their own contact tracing app, and collect more user data.
Germany announced over the weekend that it’ll drop its requests and instead follow Google and Apple’s guidelines, just as the two tech giants announced new changes for the app that will improve user privacy.
The initiative is now referred to as “exposure notification” instead of “contact tracing,” a name that better describes the functionality of the app.
These apps will notify users of potential exposure, and it’ll be up to the user and authorities to perform the actual contact tracing efforts. Apple and Google built additional privacy protections in the app to make accidental or intentional identification of users impossible.
The keys will be generated randomly, making it impossible for someone to guess them. Bluetooth metadata will be encrypted, and exposure time will be rounded up to five minutes to make it impossible for someone to identify users.
The API will also register the Bluetooth system level to avoid false positives. Bluetooth system travels several tens of feet and can penetrate walls. The farther away you are from someone, the less likely you’d be to get infected, especially if you’re living in different apartments.
Without taking into account Bluetooth power levels, the app would still give you a warning. Germany on Sunday announced that it will no longer pursue its own contact tracing app. Instead, it’ll rely on the Apple-Google approach, Reuters reported.
“This app should be voluntary, meet data protection standards and guarantee a high level of IT security,” they said.
“The main epidemiological goal is to recognize and break chains of infection as soon as possible.” Germany joins other countries who’ve worked on similar, privacy-friendly, contact tracing apps.
Users would be able to share their phone numbers to pass relevant information about their condition. But this would be part of the app, not the system architecture, and the apps will not contain location data.
A contact tracing system where the app would collect more data, such as the UK and France propose, would require the app to be working in the foreground, so the Bluetooth connection stays active at all times, especially on iPhone.
This would not only kill battery life fast but would also present security issues. Stealing a phone whose display isn’t set to automatically lock would allow thieves to bypass some of the safety features set in place to reduce smartphone theft.
Privacy advocates will say that allowing governments to collect more data from the simple Bluetooth “handshake” that occurs between phones could help them create various surveillance initiatives beyond the need for tracking the spread of COVID-19.