Pierluigi Paganini April 13, 2020

Google and Apple recently announced a joint project for the development of a Coronavirus ‘contact tracing’ tool for mobile devices.

A contact tracing app is a tool that could be used to contain new diseases, like Coronavirus, by tracking down and quarantining everyone that gets infected and localize any person that has been in contact with him/her.

Contact tracing technologies played an essential role in the containment of the pandemic in several countries, including South Korea, Singapore, Israel, and other nations.

Google and Apple have joined forces to develop a contract-tracing tool to face COVID19 pandemic, the IT giants are expected to release an API that could allow government agencies can integrate into their applications.

The companies plan to design a built-in system-level platform that uses Bluetooth low energy (BLE) beacons to implement an “opt in system” contact tracing technology.

“In this spirit of collaboration, Google and Apple are announcing a joint effort to enable the use of Bluetooth technology to help governments and health agencies reduce the spread of the virus, with user privacy and security central to the design.” reads a joint communication sent by the two companies. “As part of this partnership Google and Apple are releasing draft technical documentation:

• Contact Tracing – Bluetooth Specification
• Contact Tracing – Cryptography Specification
• Contact Tracing – Framework API

“All of us at Apple and Google believe there has never been a more important moment to work together to solve one of the world’s most pressing problems. Through close cooperation and collaboration with developers, governments, and public health providers, we hope to harness the power of technology to help countries around the world slow the spread of COVID‑19 and accelerate the return of everyday life.”

What makes this project different from other real-time location systems is that it doesn’t leverage tracking user locations or other data that could be used to identify a specific mobile user.

According to the designers, it uses BLE beacons to determine if an infected individual has been around other people.

This is the way the contact tracing technology from Apple/Google might work:

1. When an individual came in close contact with another one for a certain period of time (i.e. 10 minutes), their mobile devices will exchange anonymous identifier beacons. The identifiers rotate every 15 minutes and have no personally identifiable information.
2. When an individual gets infected and he is positively diagnosed for Coronavirus, he can enter the test result into an app from a public health authority that has integrated the Google/Apple API.
3. At this time, the infected person has to give the consent to upload the last 14 days of his broadcast beacons to the system.
4. Any other person who has been in close contact with the infected individual will be alerted. This is possible by analyzing a beacon on the device that matches the broadcast beacons of everyone who has tested positive for Coronavirus.
5. The app then provides instructions to the people that receive the alert.

Of course, contact tracing apps could have a severe impact on the privacy and security of the users, US President Donald Trump announce its government would take “a very strong look” at the announce contact-tracing partnership.

“It’s very interesting, but a lot of people worry about it in terms of a person’s freedom,” Trump told reporters at a White House briefing Friday afternoon. “We’re going to take a look at that, a very strong look at it.”

Apple chief executive Tim Cook remarked that the project aims at protecting the user privacy:

Privacy advocates and organizations that fight for defending human freedoms are concerned for the implication of contact tracing technologies and remarked that they could be effective only if people trust them.

“No contact tracing app can be fully effective until there is widespread, free, and quick testing and equitable access to healthcare. These systems also can’t be effective if people don’t trust them,” said Jennifer Granick of the American Civil Liberties Union in a statement.

“People will only trust these systems if they protect privacy, remain voluntary, and store data on an individual’s device, not a centralized repository,”

Rhe European Union announced it would adopt a “pan-European approach” to using mobile apps to track coronavirus outbreak, it aims at implementing a common scheme for using anonymous, aggregated data to trace individuals who come into contact with infected people.

This is my interview with TRT broadcast on the use of contact tracing technology:

Pierluigi Paganini

(SecurityAffairs – Apple, Goole, contact tracing)

[adrotate banner=”5″]

[adrotate banner=”13″]