Apple and Google have detailed the latest privacy protections for their ambitious COVID-19 tracking collaboration via a series of technical documents on their cryptography, API and Bluetooth specifications.
Namely, Bluetooth metadata — sometimes containing small details that can re-identify a device — will be encrypted. Keys that identify a smartphone will also be randomly generated every day, and the system will not measure any one person’s contact with another for more than 30 minutes. The system will use AES (Advanced Encryption Standard) for data encryption.
Convincing the public of the project’s privacy is crucial as this form of contact tracing essentially requires the majority of a population to opt in to having their every person-to-person encounter logged via smartphone. When up and running, the system will notify opted-in Android and iOS users if they’ve been near someone with COVID-19 — if that other person has also opted into the Bluetooth tracking. Perhaps the need to win the public’s trust is also part of the thinking behind the companies’ new shift to calling their system “exposure notification” instead of “contact tracing.”
The rollout of this system will come in phases. Google and Apple are targeting a pre-release for public-health app developers as soon as next week. This wouldn’t mean the functionality is available to users yet. But it would mean that developers can start to test the seed version of the OS update supporting their new APIs. Apple and Google noted new functions in the API would allow developers to decide for themselves how physically close two phones would have to be to register an interaction, as well as for how long.
Public health authorities, such as the UK’s National Health Service, are ultimately going to create the apps that users will download and opt into, not Apple and Google. A full launch of the API is still slated for mid-May, which allows for broader testing and the ultimate launch of health authority apps. The next phase will add interfaces directly into Android and iOS to allow users to activate and disable beaconing on a system-wide level. This, the companies say, will take months.
These are all still the early stages of developing a mammoth infrastructure to help countries trace the spread of COVID-19, paving the way to a reopening of society.
Matt Brian contributed to this report.