Apple and Google make changes to their contact tracing solution to address privacy concerns
Apple and Google have now provided more details about their contact tracing efforts. The two giants are now calling their solution exposure notification, but the idea remains the same: using Bluetooth to slow down the spread of COVID-19.
Contact tracing is used by health authorities to identify people who may have come in contact with someone who has tested positive for a virus. The problem with a traditional system is that it solely relies on the memory of people, and thus it risks overlooking strangers that a person might have infected, such as a man in a grocery queue. When augmented with technology, contact tracing can become a more powerful tool. How it will work in simple terms is that devices will be able to remember other devices that were in close proximity. If the owner of any device tests positive for the virus, other users will be informed.
The two companies are going to boost the security of the solution further, so it cannot be traced back to any individual. This will be an opt-in system, and users will be able to turn it off whenever they want.
The changes made have been detailed. First off, the Bluetooth metadata will be encrypted. The temporary keys associated with a particular phone will now not be derived but randomly generated every day. Additionally, the Bluetooth beacons will be rotated every 10 to 20 minutes. These measures will make it nearly impossible for attackers to trace back a user. This will make the system more secure and protect the private information of users.
The exposure notification solution will also share the strength of Bluetooth signals and allow developers to set parameters so they can decide what constitutes an exposure event. The system will only reveal the approximate time of shared contact, starting from 5 minutes, and going up to a maximum of 30 minutes, with 5-minute increments. The upper limit will further help protect the privacy of individuals.
APIs will be available starting next month and from then on public health authorities will be able to develop apps. Although iOS and Android will, of course, support the tech, Apple and Google will not be making the apps. It could be months before the first app arrives, according to the two tech firms.
Exposure notification data will be processed on device
The two companies are going to boost the security of the solution further, so it cannot be traced back to any individual. This will be an opt-in system, and users will be able to turn it off whenever they want.
The changes made have been detailed. First off, the Bluetooth metadata will be encrypted. The temporary keys associated with a particular phone will now not be derived but randomly generated every day. Additionally, the Bluetooth beacons will be rotated every 10 to 20 minutes. These measures will make it nearly impossible for attackers to trace back a user. This will make the system more secure and protect the private information of users.
The exposure notification solution will also share the strength of Bluetooth signals and allow developers to set parameters so they can decide what constitutes an exposure event. The system will only reveal the approximate time of shared contact, starting from 5 minutes, and going up to a maximum of 30 minutes, with 5-minute increments. The upper limit will further help protect the privacy of individuals.
APIs will be available starting next month and from then on public health authorities will be able to develop apps. Although iOS and Android will, of course, support the tech, Apple and Google will not be making the apps. It could be months before the first app arrives, according to the two tech firms.
Things that are NOT allowed: