Apple, Google allay privacy fears around contact tracing app
San Francisco: Amid the growing debate over privacy and security around contact tracing technology, Apple and Google have announced new updates to allay such fears, saying the Bluetooth-driven exposure notification system to enable iOS and Android phones trace the spread of coronavirus is completely safe.
Cybersecurity researchers have questioned the contact tracing technology, saying tracing apps that allow attackers to access a user’s Bluetooth also allows them to fully read all Bluetooth communications.
Privacy concerns
Apple and Google representatives said that they are encrypting metadata associated with Bluetooth.
“By encrypting this data, we make it more difficult for someone to try and use it to identify a person (for example, by associating the transmit power with a particular model of phone),” the companies said in the updated document.
On April 10, Google and Apple announced a joint effort to enable the use of Bluetooth technology to help governments and health agencies reduce the spread of COVID-19 through contact tracing, with user privacy and security core to the design.
The tech giants said that the ‘Exposure Notification Bluetooth Specification’ does not use location for proximity detection. It strictly uses Bluetooth beaconing to detect proximity.
“A user’s Rolling Proximity Identifier changes on average every 15 minutes, and needs the ‘Temporary Exposure Key’ to be correlated to a contact. This reduces the risk of privacy loss from broadcasting them,” the document read.
Proximity identifiers obtained from other devices are processed exclusively on device and users decide whether to contribute to exposure notification.
“If diagnosed with COVID-19, users must provide their consent to share Diagnosis Keys with the server. Users have transparency into their participation in exposure notification,” the update added.
Technical changes
Among the technical changes proposed by Apple and Google to the system is that it can now share the strength and duration of a Bluetooth signal so that the apps can make a better judgment of who someone has been in contact with.
To provide even stronger privacy protections, Apple and Google made a slew of changes.
“We are updating the API so that keys will now be randomly generated rather than derived from a temporary tracing key”.
“When the app asks for exposure time, the time is recorded in five minute intervals, and we cap the maximum exposure time reported at 30 minutes,” the companies added.
Contact tracing is a technique used by public health authorities to measure and slow the spread of infectious diseases.
It requires gathering information from infected individuals about the people they’ve previously been in contact with. These people can then be notified by public health authorities to take appropriate safety measures, such as undertaking self-quarantine and getting tested.
This is how Apple-Google exposure notification works in the first phase.
Once enabled, users’ devices will regularly send out a beacon via Bluetooth that includes a privacy-preserving identifier — basically, a string of random numbers that aren’t tied to a user’s identity and change every 10-20 minutes for additional protection.
Other phones will be listening for these beacons and broadcasting theirs as well. When each phone receives another beacon, it will record and securely store that beacon on the device.
“At least once per day, the system will download a list of beacons that have been verified as belonging to people confirmed as positive for COVID-19 from the relevant public health authority,’ said the document.
Each device will check the list of beacons it has recorded against the list downloaded from the server. If there is a match between the beacons stored on the device and the positive diagnosis list, the user may be notified and advised on steps to take next.
In the second phase, available in the coming months, this capability will be introduced at the operating system level to help ensure broad adoption.
Both Apple and Google emphasized that this system does not collect location data from the device, and does not share the identities of other users to each other, Google or Apple.