Apple And Google Clarify COVID-19 Contact Tracing Pact Following Privacy Uproar

coronavirus iphone
Two weeks ago, Apple and Google announced a unique and very rare partnership in an effort to help track the spread of COVID-19 around the globe. The pair revealed a common API that would be used on both iOS and Android platforms, leveraging Bluetooth Low-Energy rather than GPS to track the spread of coronavirus infections.

Despite the use of Bluetooth beacons, completely optional participation in the program by users, the optional uploading of positive coronavirus test results, and strict controls put in place by both companies, there have been many that feel that the new Contract Tracing Bluetooth Specification is a privacy nightmare waiting to unfold.

To help cut through some of the FUD, and to further clarify some of the mechanisms going on behind the scenes, Apple and Google have posted a new FAQ [PDF] to address any lingering privacy concerns. One of the big things that the two tech giants announced is that the entire contact-tracing program will be shut down once the pandemic is over, on a region-by-region basis. This should alleviate some concerns from government leaders that the two companies are building a huge database on customers that they would use to pursue further ventures.

Other privacy controls include the revelation that keys use to trace potential contacts that may carry the coronavirus are generated randomly, rather than using a permanently-attached tracing key. This should in theory make it more difficult for hackers to identify how keys are generated using reverse engineering.

Of course, no location data is shared, and you will not be able to determine the identity of other users that are taking part in the [completely optional] program. And apps that use the API will have exposure times with 5-minute intervals, while the total maximum exposure time has been set to 30 minutes. This is another effort to make it harder to use metadata in an effort to track users of the service.

Other changes that Apple and Google have made include a switch to AES encryption, and the inclusion of Bluetooth signal strength information to more accurately measure the distances between people. In the end, both Google and Apple hope that these changes not only help to make the service better, but will also appease privacy critics.

"Exposure notification is only one element of the response to COVID-19 and is hoped to be a useful technology in the toolbox of public health authorities," Google and Apple write in their new FAQ. "As the response to the pandemic evolves technological solutions will need to continue to adapt as well so the efforts of public health authorities can be amplified."