Like the mythical hydra, the COVID-19 coronavirus has so many aspects to it, from the symptoms you need to take note of to the social distancing and hand hygiene you need to practice. One of the trickiest factors to consider is the people you come in contact with, which will be critical in trying to stop the virus from spreading further. Apple and Google have teamed up to help make contact-tracing easier but they now have to also assure users, governments, and privacy advocates that their tool won’t be used to violate people’s privacy in the name of flattening the curve.
Contact-tracing is tricky because people don’t often take note of who they’ve come in contact with days prior to being diagnosed with COVID-19. Apple’s and Google’s upcoming tool will turn users’ smartphones as a sort of log of the other people you’ve encountered via their own phones. Naturally, this has raised red flags that the two companies are now trying to address.
The system doesn’t use any location data but instead uses Bluetooth to exchange randomized identifiers that change every 15 minutes. No personally identifiable information is collected or sent to servers and the two companies assure that only authorized bodies like governments and health agencies will have access to the API. Users also have to consent to upload that data but otherwise, all of that stays on their device.
It’s not a completely foolproof system, however, starting with the politics of disagreements between health authorities on who will have the right to access that data. There’s the even trickier case of both false positives and false negatives. Apple and Google also emphasize that no system is ever “unhackable” but they are taking the necessary precautions, like decentralizing the data, to make it harder to compromise users’ privacy through the tool.
The contract-tracing API will go live sometime next month and will cover a wide range of iPhones and Android phones. While it won’t need any additional app to use since it will be baked into the OS, uploading data will still be required downloading an authorized app for the user’s country or state.