On Friday, Apple and Google announced a system to track the spread of the new coronavirus, which allows users to share data via Bluetooth Low Energy (BLE) broadcasts and approved apps from healthcare organizations.
The new system, which is featured in a series of documents and white papers, would use short-range Bluetooth communications to establish a voluntary contact tracking network, keeping extensive data on phones that have been near each other. The official applications of public health authorities will have access to this data, and users who download it can report whether they have been diagnosed with COVID-19. The system will also alert people downloading them if they were in close contact with an infected person.
Apple and Google will introduce a pair of iOS and Android APIs in mid-May and will make sure that the apps from these health authorities can implement them. During this phase, users will still have to download an app to participate in contact tracking, which could limit adoption. But in the months after the API ends, companies will work on creating tracking functionality in the underlying operating system, as an option immediately available to everyone with an iOS or Android phone.
Contact tracing, which involves finding out who an infected person has been in contact with and trying to prevent them from infecting others, is one of the most promising solutions for containing COVID-19, but the use of digital surveillance technology to Doing so raises huge privacy concerns and questions about effectiveness. Earlier this week, the American Civil Liberties Union expressed concern about tracking users with phone data, arguing that any system would have to be limited in scope and avoid compromising user privacy.
Unlike other methods, such as using GPS data, this Bluetooth plan would not track people’s physical location. It would collect signals from nearby phones at 5-minute intervals and store the connections between them in a database. If a person tests positive for the new coronavirus, they could tell the app that they have been infected, and they could notify other people whose phones they ran a short distance in the past few days.
The system also takes a series of steps to prevent people from being identified, even after they have shared their data. While the app regularly sends information over Bluetooth, it transmits an anonymous key rather than a static identity, and those keys change every 15 minutes to preserve privacy. Even once a person shares that they have been infected, the app will only share keys from the specific period in which they were contagious.
Crucially, there is no centrally accessible master list of which phones match, contagious or not. This is because the phones themselves are performing the necessary cryptographic calculations to protect privacy. Central servers only maintain the shared key database, rather than the interactions between those keys.
The method still has potential weaknesses. In crowded areas, you could point people in adjacent rooms that don’t share space with the user, causing people to worry unnecessarily. It may also fail to capture the nuance of how long someone was exposed – working alongside an infected person all day, for example, will expose them to a much higher viral load than walking down the street. And it depends on people having short-term apps and long-term updated smartphones, which could mean that it is less effective in areas with less connectivity.
It is also a relatively new program, and Apple and Google are still talking to public health authorities and other stakeholders about how to run it. This system probably can’t replace outdated contact tracking methods, which involve interviewing infected people about where they’ve been and who they’ve spent time with, but it could offer a high-tech supplement using a device that billions of people already know.