On Friday, Apple and Google announced a system for tracking the spread of the new coronavirus, allowing users to share data through Bluetooth Low Energy (BLE) transmissions and approved apps from health organizations.
The new system, which is laid out in a series of documents and white papers, would use short-range Bluetooth communications to establish a voluntary contact-tracing network, keeping extensive data on phones that have been in close proximity with each other. Official apps from public health authorities will get access to this data, and users who download them can report if they’ve been diagnosed with COVID-19. The system will also alert people who download them to whether they were in close contact with an infected person.
Apple and Google will introduce a pair of iOS and Android APIs in mid-May and make sure these health authorities’ apps can implement them. During this phase, users will still have to download an app to participate in contact-tracing, which could limit adoption. But in the months after the API is complete, the companies will work on building tracing functionality into the underlying operating system, as an option immediately available to everyone with an iOS or Android phone.
Contact tracing — which involves figuring out who an infected person has been in contact with and trying to prevent them from infecting others — is one of the most promising solutions for containing COVID-19, but using digital surveillance technology to do it raises massive privacy concerns and questions about effectiveness. Earlier this week, the American Civil Liberties Union raised concerns about tracking users with phone data, arguing that any system would need to be limited in scope and avoid compromising user privacy.
Unlike some other methods — like, say, using GPS data — this Bluetooth plan wouldn’t track people’s physical location. It would basically pick up the signals of nearby phones at 5-minute intervals and store the connections between them in a database. If one person tests positive for the novel coronavirus, they could tell the app they’ve been infected, and it could notify other people whose phones passed within close range in the preceding days.
The system also takes a number of steps to prevent people from being identified, even after they’ve shared their data. While the app regularly sends information out over Bluetooth, it broadcasts an anonymous key rather than a static identity, and those keys cycle every 15 minutes to preserve privacy. Even once a person shares that they’ve been infected, the app will only share keys from the specific period in which they were contagious.
Crucially, there is no centrally accessible master list of which phones have matched, contagious or otherwise. That’s because the phones themselves are performing the cryptographic calculations required to protect privacy. The central servers only maintain the database of shared keys, rather than the interactions between those keys.
The method still has potential weaknesses. In crowded areas, it could flag people in adjacent rooms who aren’t actually sharing space with the user, making people worry unnecessarily. It may also not capture the nuance of how long someone was exposed — working next to an infected person all day, for example, will expose you to a much greater viral load than walking by them on the street. And it depends on people having apps in the short term and up-to-date smartphones in the long term, which could mean it’s less effective in areas with lower connectivity.
It’s also a relatively new program, and Apple and Google are still talking to public health authorities and other stakeholders about how to run it. This system probably can’t replace old-fashioned methods of contact tracing — which involve interviewing infected people about where they’ve been and who they’ve spent time with — but it could offer a high-tech supplement using a device that billions of people already own.