Apple and Google’s APIs for the COVID-19 contact-tracing solution, which the companies are set to release next month, will only be available for public health authorities to use, the companies clarified, per TechCrunch.
Last week, the two companies, in an unprecedented move, had joined forces to develop a contact-tracing system based on Bluetooth technology to track the spread of the coronavirus. The companies will initially develop APIs to ensure interoperability between contact-tracing apps developed by public health authorities, like Indian government’s Aarogya Setu, and subsequently will embed contact-tracing capability in both iOS and Android. The system will be entirely opt-in, the companies have claimed.
How secure will the system be? Apple reportedly said that the data collected by the system will not be processed centrally, and will be “relayed” through servers run by the health organisations across the world. The two companies are relying on this decentralisation to make it difficult for governments to conduct surveillance, but also reportedly admitted that that no system is completely secure, since nothing is “unhackable”.
A whitepaper for the project says that a unique key generated by each device will never leave the device, and a subset of that key, which will change periodically will be sent to servers only when a person tests positive for the virus and chooses to update the system with the same.
How will the system prevent false positives? When Apple and Google announced their contact-tracing tool plans, it was not clear how the system would prevent people from filing false COVID19-positive results. The companies clarified that they’re working with different public health authorities to confirm diagnoses, and do the validation. Apple and Google said they want users to trust the system, and that includes users knowing that the system is reliable.
Which devices will get the update? Apple further said that all iPads and iPhone running on iOS 13 will receive the update. Google said that it will offer updates via Google Play Services to Android devices running Android 6.0 or newer. This is important because not all Android phones receive software updates for a long time, and unlike Apple, Google doesn’t control the software ecosystem as closely.
Even more significantly, Google intends to publish a framework for Android phones (read Huawei) that are currently not supported by Google Play Services, according to The Verge. This framework can be replicated by such companies to develop a system similar to Apple’s and Google’s. Google said it will offer code audits to companies that want to adopt a similar system.