With the ongoing COVID-19 pandemic affecting everyone worldwide, Apple and Google have teamed up to develop a COVID-19 contact tracing platform which uses Bluetooth technology. The COVID-19 Exposure Notification API went live yesterday and it is available for public health authorities worldwide.
If you’re wondering what is this all about, how can it help to contain the spread of the coronavirus and most importantly, how will it affect your privacy, here’s everything you need to know.
Exposure Notification supports current contact tracing efforts
Various governments and local authorities have implemented its own contact tracing efforts. Apple and Google’s solution isn’t meant to replace them but to supplement existing contact tracing efforts which are still important.
The challenge faced by public health authorities is that existing methods are hard to scale and it is very resource-intensive. For example, if someone is confirmed positive, they would need a team to manually contact people that are in close proximity and this is a time-consuming process.
Another challenge is incomplete data. A person might recall the person that he/she has come directly in contact with and if the person goes to a restaurant or a shop, there could be records of other customers at a given time.
However, what’s missing are the other unidentified persons that the person might be in contact with especially at public spaces or on public transport. Not everyone would recall where they have been in the past 14 days and they certainly can’t identify strangers.
With this Bluetooth-based solution, Apple and Google hope to close the gap and to help health authorities to automate the process of notifying those that are at risk.
Privacy Protection
Privacy is the main focus for both Apple and Google as it is believed to be an important factor in order to get more people to participate. The Exposure Notification API does not track GPS or location data, and it only uses Bluetooth.
Using Bluetooth LE, it will record all detected Bluetooth keys from other devices that have the contact tracing app installed and this is saved for 14 days. Participating apps are prohibited to seek permission to access location services.
Based on the feedback they received, they have ensured that the keys generated by each device are randomised each day. In addition, all metadata associated with Bluetooth is also encrypted which makes it even more difficult to identify someone based on the transmitting power from a particular phone model.
The data collected is only used for exposure notifications by official public health authorities. Once it is no longer needed, Google and Apple will disable it on a regional basis.
Battery life and interoperability
The common concerns with existing contact tracing apps are stability and battery consumption. This is due to technical challenges faced by developers which Apple and Google are addressing with its API.
With dozens of contact tracing apps available, it will be hard to conduct contact tracing across the different state or country borders. Apple and Google’s solution ensures broad adoption as it supports interoperability across different devices and different apps as long as it uses the same API. This means a device with a contact tracing app from Singapore will be able to interact with other devices with Malaysia’s contact tracing app installed if both are using the same API.
Users are in full control including reporting positive diagnosis
On top of keeping your data private, the solution gives users full control when it comes to contact tracing. It is designed to ensure users explicitly enable exposure notifications and they can choose to turn it off or on anytime they want.
Depending on the contact tracking app, the API also offers the option to report themselves as positive. The users will have full control to submit their COVID-19 positive diagnosis and to submit all keys associated to their devices with the public health authority. The matching for exposure notification only takes place on the device and it is under the user’s control.
Close collaboration with Public Health Authorities
Both Apple and Google have worked closely with health authorities to improve the API. Based on feedback received, respective authorities are able to define what constitutes an exposure event and it also allows them to set their own parameters to determine the risk factor for positive cases.
The API also allows the flexibility for contact tracing apps to request for more additional voluntary information from its users which will help them to contact expose users.
Restricted to one app per country
To ensure high user adoption and to avoid fragmentation, the API will be restricted to one app per country. If there’s a need to have a regional and state-based approach, it will be supported as well.
At the moment, there are several COVID-19 related apps in Malaysia such as MyTrace and Gerak Malaysia. It is reported that MyTrace has applied for the API and they are expecting to get it in the next few days.
As of yesterday, 22 countries from 5 continents have requested and received access to the Exposure Notification API.
Supported iOS and Android devices
For Apple users, the Exposure Notification feature is already rolled out on iOS 13.5 which is supported on iPhone 6s or iPhone SE and above. Users will need to ensure that their iPhone is updated to the latest version.
The Android platform is quite fragmented with various OEMs and not every device is able to run on the latest Android 10. The good news is that the API will be supported even on older phones with Android 6.0 Marshmallow. The Exposure Notification feature will be pushed via Google Play Store which increases its adoption rate. So even if a phone no longer receives OS or security patches, you could still enable contact tracing that utilises the API.