Apple is the developer of iOS. Google is the company behind Android. The two operating systems power the vast majority of smartphones in use.
Apple and Google are jointly building software into iPhone and Android devices to help track the spread of coronavirus by telling users if they contacted an infected person and are potentially sick themselves. The new project is slated for release in May.
Apple and Google Bluetooth-based COVID-19 contact tracing platform will alert people if they’ve been exposed to the novel coronavirus. Contact tracing is a huge component in ending mass pandemic “stay-at-home” orders, and while phone tracking can’t replace traditional medical examination methods, it can just supplement them.
The Tech giants believe their approach – designed to keep users, whose participation would be voluntary, anonymous – addresses privacy concerns.
Privacy advocates fear that some intrusive tracking and tracing measures taken by governments will put us one step closer to a surveillance state while others argue that public health considerations outweigh privacy concerns.
“Privacy, transparency and consent are of utmost importance in this effort and we look forward to building this functionality in consultation with interested stakeholders,” Apple and Google said in a joint statement.
The companies stressed that consumers would need to opt-in to the contact-tracing technology, and would have to agree to enter their health status on their phones. They also said the identities of users who report positive test results wouldn’t be shared.
How Apple, Google will trace coronavirus cases?
Contact tracing is used to map the contacts of someone diagnosed with an infectious disease. Seattle health authorities deployed this method to find their coronavirus Patient Zero.
Since Apple and Google collectively service three billion mobile users, this has the potential of monitoring a third of the world’s population.
The new technology, outlined in white papers published by Apple and Google on Friday, relies on Bluetooth wireless radio technology to help phones communicate with one another, ultimately warning users about people they’ve come in contact with who are infected with the coronavirus.
Each phone would also generate a new identifier every 15 minutes to prevent anyone from tracking a specific device over time, the companies said in related documents.
Privacy-safe contact tracing using Bluetooth Low Energy
- Explicit user consent required
- Doesn’t collect personally identifiable information or user location data
- List of people you’ve been in contact with never leaves your phone
- People who test positive are not identified to other users, Google or Apple
- Will only be used for contact tracing by public health authorities for COVID-19 pandemic management
- Doesn’t matter if you have an Android phone or an iPhone – works across both
Apple and Google are launching the program in two phases
Starting with an application programming interface (API) in mid-May. This API will make sure iOS and Android apps can trace users regardless of which operating system they’re using. But it will be restricted to official apps released by public health authorities on the iOS App Store and Google Play Store.
During this first phase, you’ll need one of these apps to participate in the program. We don’t know who’s working with Apple and Google right now, or what the apps will look like. It seems likely they’ll be interoperable in some way — in other words, a phone with App A could swap a key with App B, as long as they’re both using the API.
We could hypothetically see a national government or lots of small local agencies launch their own apps, or governments could approve something built by an outside party like a university.
Google and Apple haven’t publicly nailed down many specifics, so we’ll be watching for those in the coming weeks.
The Second Phase Adds Opt-in Tracking To iOS And Android
Following the API, Google and Apple want to add contact tracing as a core iOS and Android feature. The method is a little vague for now, but the goal is that you’d opt in through something like your phone settings. This would turn on the digital key-swapping without requiring a third-party app. Then, if you’re exposed, your phone would signal this somehow and urge you to download an app for more information.
This raises a few questions. We don’t know much about that handoff process, for instance: do you get a vague pop-up notification, or something with more detail? We’re also not sure how Android’s fragmented ecosystem might complicate the release. Google could plausibly push a fast update through the Play Store instead of waiting for carriers to roll it out, but it would still be dealing with huge variations in hardware capability. We also don’t know if individual government apps might ask for more invasive permissions like location tracking — even if Google and Apple’s core system doesn’t use it.
If you’ve got a phone without Bluetooth LE, of course, none of these apps will work. But iOS has included support since the 2011 iPhone 4S, and the Android platform added support in 2012. So unless you’ve got a very old phone, you’re probably all right.
What Happens If You’re Infected?
If you test positive for COVID-19, the system is supposed to upload your last 14 days of anonymous “keys” to a server. Other people’s phones will automatically download the key lists, and if they have a matching key in their history, they’ll get an exposure notification.
The app will need to make sure people are really infected, though — otherwise, a troll could cause chaos by falsely claiming to have COVID-19. We don’t know exactly how this will work. COVID-19 tests are currently administered by professionals and logged with health authorities, so perhaps Apple and Google could piggyback on that process to validate the tests. But it’s a huge issue, and they’ll need a satisfactory answer.
Either way, sharing your keys is supposed to be voluntary. That seems to mean actually approving an upload, not just granting blanket consent when you install the app — but the exact process is another thing we’re waiting to see.
How Do You Submit That You’ve Been Infected?
The released documents are less detailed on this point. It’s assumed in the spec that only legitimate healthcare providers will be able to submit a diagnosis, to ensure only confirmed diagnoses generate alerts. (We don’t want trolls and hypochondriacs flooding the system.) It’s not entirely clear how that will happen, but it seems like a solvable problem, whether it’s managed through the app or some sort of additional authentication before an infection is centrally registered.
Neither Apple nor Google responded to questions about how much the U.S. or other governments were involved in their plans.