COVID-19 Tracker in Our Phones - All You Need To Know
“If you have an Android phone, go under Settings, then click on google, settings and it’s there. If you have an iPhone, go to settings, privacy, then health, It’s there but not yet functional. Please check. I checked and it is true.”
Have you been getting this message too?
Well, it is believed that when everyone was having ‘phone disruptions’ earlier the previous week, COVID-19 Trackers were being added to our phones!
Is it another breach of our privacy? What exactly is this app?
Well, to get started with- This is not any kind of hacking into our privacy! Yet, there is now an entry at the top of the Google settings on my Android smartphone, for example, that states:
"COVID-19 exposure notifications."
It’s not an app, but a framework within the operating system that will allow such an app to function once it becomes available and if you decide to install it.
It follows this statement from Google and Apple from May 2020:
“One of the most effective techniques that public health officials have used during outbreaks is called contact tracing. Through this approach, public health officials contact, test, treat and advise people who may have been exposed to an affected person. One new element of contact tracing is-
Exposure Notifications: using privacy-preserving digital technology to tell someone they may have been exposed to the virus. Exposure Notification has the specific goal of rapid notification, which is especially important to slowing the spread of the disease with a virus that can be spread asymptomatically.”
“Starting today, our Exposure Notifications technology is available to public health agencies on both iOS and Android. What we’ve built is not an app—rather public health agencies will incorporate the API into their own apps that people install. Our technology is designed to make these apps work better. Each user gets to decide whether or not to opt-in to Exposure Notifications; the system does not collect or use location from the device; and if a person is diagnosed with COVID-19, it is up to them whether or not to report that in the public health app. User adoption is key to success and we believe that these strong privacy protections are also the best way to encourage use of these apps.”
In a bold and ambitious collaboration, Apple and Google were developing this smartphone platform that tries to track the spread of the novel coronavirus at scale and at the same time preserve the privacy of iOS and Android users who opt in to it.
The cross-platform system will use the proximity capabilities built into Bluetooth Low Energy transmissions to track the physical contacts of participating phone users. If a user later tests positive for COVID-19, the disease caused by the coronavirus, she can choose to enter the result into a health department-approved app. The app will then contact all other participating phone users who have recently come within six or so feet.
A recently published study by a group of Oxford researchers suggested that the novel coronavirus is too infectious for contact tracing to work well using traditional methods. The researchers proposed using smartphones, since they’re nearly ubiquitous, don’t rely on faulty memories of people who have been infected, and can track a nearly unlimited number of contacts of other participating users.
But while mobile-based contact tracing may be more effective, it also poses a serious threat to individual privacy, since it opens the door to central databases that track the movements and social interactions of potentially millions, and possibly billions, of people. The platform Apple and Google are developing uses an innovative cryptographic scheme that aims to allow the contact tracing to work at scale without posing a risk to the privacy of those who opt in to the system.
Privacy advocates with at least one notable exception mostly gave the system a qualified approval, saying that while the scheme removed some of the most immediate threats, it may still be open to abuse.
“To their credit, Apple and Google have announced an approach that appears to mitigate the worst privacy and centralization risks, but there is still room for improvement,” Jennifer Granick, surveillance and cybersecurity counsel for the American Civil Liberties Union, wrote in a statement. “We will remain vigilant moving forward to make sure any contact tracing app remains voluntary and decentralized, and used only for public health purposes and only for the duration of this pandemic.”
How Does It Work?
Unlike traditional contact tracing, the phone platform doesn’t collect names, locations, or other identifying information. Instead, when two or more users opting into the system come into physical contact, their phones use BLE to swap anonymous identifier beacons. The identifiers—which in technical jargon are known as rolling proximity identifiers—change roughly every 15 minutes to prevent wireless tracking of a device.
As the users move about and come into proximity with others, their phones continue to exchange these anonymous identifiers. Periodically, the users’ devices will also download broadcast beacon identifiers of anyone who has tested positive for COVID-19 and has been in the same local region.
In the event someone reports to the system that she has tested positive, her phone will contact a central server and upload 14 days of her identifiers. Non-infected users download daily tracing keys, and because of the way each rolling proximity identifier is generated, end-user phones can recreate them indexed by time from just the daily tracing key for each day.
The following two slides help illustrate at a high level how the system works:
Apple and Google are providing other assurances, including:
- Explicit user consent required
- Doesn’t collect personally identifiable information or user location data
- List of people you’ve been in contact with never leaves your phone
- People who test positive are not identified to other users, Google, or Apple
- Will only be used for contact tracing by public health authorities for COVID-19 pandemic management
- Doesn’t matter if you have an Android phone or an iPhone- works across both.
It is crucial to understanding the privacy risks of the system Apple and Google. Probably, if the situation were normal, the discussion around the privacy issues would have persisted like it did innumerable time before this. However, given the present global health crisis, it is harder to make the decision about priority to control the infection or to focus on privacy matters!
