Both firms say 22 countries and a number of US states have requested to use the contact-tracing API for their own systems
Google and Apple have today officially released their respective Coronavirus contact-tracing APIs, which they believe will offer a robust means of tracking the virus, without raising privacy hackles.
Contact-tracing systems, both human and automated, are intended to help countries ease their pandemic lockdowns while keeping infections in check.
The release this week of the Google and Apple API had been expected, as both firms have been working on the coronavirus contact-tracing technology that is to be built into both Android and iOS devices, allowing apps to use it while consuming minimal power.
Both Apple and Google issued a joint statement about the release of the API, saying that contact tracing is one of the most effective techniques that public health officials have used during the Coronavirus outbreak.
“Through this approach, public health officials contact, test, treat and advise people who may have been exposed to an affected person,” they wrote. “One new element of contact tracing is Exposure Notifications: using privacy-preserving digital technology to tell someone they may have been exposed to the virus.”
“To help, Apple and Google co-operated to build Exposure Notifications technology that will enable apps created by public health agencies to work more accurately, reliably and effectively across both Android phones and iPhones,” they wrote.
“Over the last several weeks, our two companies have worked together, reaching out to public health officials, scientists, privacy groups and government leaders all over the world to get their input and guidance,” they added.
“Starting today, our Exposure Notifications technology is available to public health agencies on both iOS and Android,” they wrote. “What we’ve built is not an app – rather public health agencies will incorporate the API into their own apps that people install.”
Google and Apple said their technology is designed to make these apps work better.
Each user gets to decide whether or not to opt-in to Exposure Notifications; the system does not collect or use location from the device; and if a person is diagnosed with Covid-19, it is up to them whether or not to report that in the public health app.
“User adoption is key to success and we believe that these strong privacy protections are also the best way to encourage use of these apps,” they wrote. “Today, this technology is in the hands of public health agencies across the world who will take the lead and we will continue to support their efforts.”
How it works
Apps that are built using the Apple-Google framework will transmit a random Bluetooth identifier that changes every 10 to 20 minutes. It will also receive identifiers broadcast by such apps on other phones.
These identifiers get stored on the device (i.e. a person’s smartphone) and not on a centralised server controlled by the state.
At least once a day, the contact tracing app connects to the local health organisation’s server to collect a list of identifiers associated with individuals who have chosen to report a positive Covid-19 diagnosis.
If a user is advised there is a match, meaning that the user has been in the vicinity of someone with a positive diagnosis, the user will – if the settings allow – be notified and advised on what to do next.
Both Apple and Google have been at pains to stress the privacy focus of their approach. They insist no data will be shared with public health authority apps – with two exceptions.
The first exception is if the user chooses to report a positive diagnosis, their most recent contact identifiers will be added to the server list so other users linked to those identifiers can be notified.
The second exception is if the user receives a contact notification, the system will share the day contact was recorded, how long contact lasted, and the Bluetooth signal strength during that period.
The UK, Japan and France, have been amongst the most prominent countries that have rejectedthe model favoured by Google and Apple, preferring to use a “centralised” approach in which data is processed on state-controlled servers.
The “decentralised” model of Google and Apple carries out all data processing on the devices themselves, allowing for increased privacy, but the NHS for example has said that its centralised data would help it better track infection patterns.
But the NHS system is also looking into the possibility of switching to Google and Apple’s model.
Instead the NHSX developed its own app, but researchers have flagged a number of privacy issues after the NHS published its source code to GitHub.
These issues with the NHS app are currently being addressed and fixed, meaning the release of the UK app has been delayed somewhat.