Apple and Google have tightened the privacy measures in the contact tracking system they are offering to health authorities and have anticipated their launch.
The tech giants are now planning to release a software block to developers on Tuesday, allowing them to build compatible apps. Two weeks ago, the companies said it would take until mid-May.
Apple’s version will require an updated version of its mobile operating system.
However, some countries would prefer businesses to be less prescriptive.
France and Germany have confirmed that they are pursuing their own projects and are pressing Apple to allow them to have greater access to iPhone capabilities without having to take the initiative.
In a previously published blog, NHSX, the NHS digital wing, confirmed that it “was working with Apple and Google” on its UK contact tracking app, but stopped committing to companies.
Contact tracking apps are based on the principle that people’s smartphones can be used to log in when two people are close enough for a long enough time that there is a high risk of contagion if one of them has coronavirus.
If one of the phone owners is subsequently diagnosed as having the virus, warnings may be sent to others who may have been infected, advising them to test or self-isolate.
By combining the use of these apps with other measures – including manual traceability of human contacts and frequent hand washing – the hope is that the spread of the disease can be slowed down or suppressed.
The Apple and Google system is based on the use of Bluetooth Low Energy (LE) beacons. In fact, the two laptops “shake hands” wirelessly with each other, and in doing so they exchange a series of randomly generated numbers that can be used to record games without revealing user names, the location or other identifying information.
Representatives from the team in charge said they listened to the feedback received from health authorities, governments and data protection officers and made changes both to increase security and to simplify the creation of apps using the API (programming interface of the application) are providing.
These changes include:
- providing information about the Bluetooth power levels of different devices, to help developers better estimate the distance between two laptops
- allowing developers to decide for themselves how close the phones should be and how long to activate a handshake
- preventing phones from recording any meeting longer than 30 minutes
- encrypt data on the transmit power of the phones, to prevent anyone from using the logs retrospectively to reveal which models were involved
- moving on to a different encryption algorithm – AES – to reduce the toll on battery life
Apple will require users to install a new version of iOS 13 to use the API. This means that any phone older than the iPhone 6S – which was released in September 2015 – will be incompatible.
Any Android device running version 6 of the Google operating system, launched in October 2015 or later, will work without needing an update.
The Apple and Google system has been described as “decentralized” since contact matching occurs on users’ devices, preventing authorities from seeing who received an alert unless a user decides to reveal the fact, for example to request a diagnostic test.
But some countries are pursuing “centralized” projects. This would provide them with more information on the number of alerts sent and potentially on the ability to identify users again, which means they would not be truly anonymous.
However, these countries face a problem with the iPhone versions of their software. Apple places restrictions on the use of Bluetooth by third-party apps, which is only declining if the authorities adopt its scheme.
“Bluetooth is severely restricted on iOS when the app is in the background,” explained Quentin Zervaas, a developer who is developing a Google-Apple-compliant app.
“It can be used to transmit or receive data occasionally while it is in the background, but there is no guarantee as to how often this would occur and the app would compete with any other app on the phone that tries to use Bluetooth.
“Therefore, for the traceability of contacts it is not possible to constantly send or receive the necessary data necessary to effectively track each device with which it comes into contact.
“[This] that’s why I think all contact tracking apps should use the system-level tools that Apple and Google are implementing. “
Apple and Google have refused to discuss the implications of countries that choose to go it alone.