New Technology from Tech Giants can Notify Users of COVID-19 Exposure

Skinny blog graphic_COVID APP.png

In an April 2020 press release, Apple and Google announced a partnership to develop contact tracing technology to assist in managing the COVID-19 pandemic. Specifically, the technology is designed to help users know whether they had potentially been exposed to someone who later tested positive for the disease.

How, exactly, does the technology work? How much information is this tech actually gathering, and how will that data be protected and used? These are questions that every consumer should consider before downloading or opting in to any technology.

Get some answers about Apple and Google's COVID-19 technology below and decide for yourself whether you'll opt in.

Unprecedented Times, Unprecedented Partnership: Google, Apple and Coronavirus Tracing

The news is historical. Apple is the top tech company in the world based on market value and assets. Google is the reigning monarch of search, dominating the industry years after it innovated it.

For these two tech giants to come together to create something—and to share their resources and knowledge while doing so—is a huge deal. And it could make a big difference in the fight to continue flattening curves and helping people understand the risks in how they might be spreading the disease.

How Does the Technology Work to Help Slow Down the Spread of COVID-19?

The software uses Bluetooth technology to determine whether you've come into contact with someone who later tests positive for COVID-19. Basically, the software casts a net around your device, virtually nodding to other Bluetooth-enabled devices that also have the technology enabled.

The software collects those "connections" in a data bank. It knows that you've been in proximity to all these unnamed devices. If the owner of one of those devices tests positive for COVID-19 and enters that information into their version of the software, the technology can then notify every device that has come into contact with that one.

Since COVID-19 doesn't always cause symptoms in everyone, it's possible to go about your daily activities without realizing you're carrying the disease. That means you can potentially infect each person you come into contact with, and some of those people will experience symptoms—sometimes to a dangerous degree.

One of the goals of the Apple/Google effort is to help people know as early as possible if they might be a silent carrier of the disease. That way they can get tested even before they show symptoms and self-quarantine appropriately to reduce the spread of COVID-19.

Why Are People Concerned About This Technology?

As with any technical announcement, the Apple/Google partnership was met with some concern and even skepticism.

Some people worried that the technology was not a good replacement for traditional contact tracing. Contact tracing is an activity that occurs when public health care workers interview people who test positive for an infectious disease. They ask the person to recount where they have been and who they were in contact with, and then, they reach out to contact those people whenever possible. According to Apple and Google, the notification technology isn't meant to replace this proven infection-control activity. It's meant to support it and provide individuals with the tools they need to make decisions to protect others.

Second, many people are understandably worried about security and privacy. One concern is that whether or not you personally have COVID-19 could be released to other people, violating important health care confidentiality laws and rights. Another concern is that the systems track your whereabouts and could be used against you in some way. Apple and Google report that they have integrated critical security measures into the technology to mitigate some of these concerns.

How Are Google and Apple Committed to Security?

1. Not using GPS data.

One of the biggest ways Google and Apple are committing to security is by basing their technology on Bluetooth rather than GPS. The concept of automated contact tracing using apps and phones isn't new: Governments across the world have attempted to roll out their own version of this concept in recent months.

Previous attempts at COVID-19 exposure tracing apps have fallen flat for various reasons, including that they didn't function well on both Android and Apple devices. But they also caused great security concerns because they were based on GPS location. Basically, these technologies looked at where each person went and whether other people who later tested positive for COVID-19 were in the same location. GPS tracking poses numerous security and privacy concerns, which is why Google and Apple opted for Bluetooth.

2. Using a decentralized method.

Some governments and other entities have created Bluetooth-based technologies, but they tend to rely on centralized processes.

Both centralized and decentralized systems work similarly in the first stage of the process: When person A comes into contact with person B, both phones record the contact in the format of unique key codes that relate to each device. Then, if someone is infected with COVID-19, they report it within their app.

In a centralized system, the device of the infected person reports its key code plus the key codes of all devices it has come into contact with within a certain time period. The computer server housing all the data does an analysis to match contacts who might be at risk and sends alerts.

In a decentralized system, the device of the infected person only reports its key code. Each individual device downloads the database that lists which key codes are impacted. The device then performs the contact matching and sends alerts.

It might sound a bit technical, but here's the takeaway: In a centralized system, the organization's computer houses all of the data, including all the connection points between every device. That can create security issues because that's enough data to start connecting dots and telling stories about individual people's activities.

In contrast, in a decentralized system, the main server only keeps a list of key codes and whether or not each key code is associated with a positive COVID-19 test. Your copy of the technology, via the app on your phone, looks at whether you've come into contact with any COVID-19-positive key codes.

3. Taking a strong security stance on the use of their API.

It's important to note that Apple and Google are not launching an app. They're launching API technology that can support the apps of others, including the governments of nations, states, and cities.

But in doing so, the two tech giants have repeatedly stated that users abide by the security and privacy mandates—including not using GPS and opting for decentralization—or the API and technology will not work for them. The companies clashed publicly with some governments, which is why organizations made moves to try to develop their own technologies at first.

As of May 22, Google and Apple announced that the technology was ready to support public health apps and that 22 countries were already signed on to use it.

Making the Right Decision for Yourself

PrivacyGuard stresses educating yourself about security and privacy so that you can employ the safest technologies in your life in the most secure ways possible. So, it's important to always do the research when you download any type of app or software on your devices.

A Positive Technologies mobile application security report notes that around 43% of mobile apps have critical security flaws that can be exploited by hackers or malware. Does that mean you should never use apps? No. That's neither a necessary nor a practical solution.

Instead, take these actions before downloading and using any app:

  • Consider the publisher. Have you heard of the company or is it a recognized company or organization?

  • Is the app listed as verified in the marketplace you're purchasing from?

  • What do the reviews for the app say? Are people talking about the number of ads being spammy in nature or saying the quality of the app is questionable?

  • What information and data access does the app request? Apps that request a large number of permissions—such as your contacts, photos, and calendar—without an obvious reason may be suspect.

  • How does the app and the publisher say it will protect your privacy? In the case of apps powered by Google and Apple's API, for example, you know that the technology companies have publicly stated they're taking conscious actions to provide security and protect the privacy of users.

And once you download an app, make sure you double check settings and security options from time to time. While companies such as Apple, Google, and even PrivacyGuard make an effort to help you secure your information and privacy, only you can make decisions about how best to protect yourself.

blog postGuest User