Skip to main content

Apple and Google pledge to shut down coronavirus tracker when pandemic ends

Apple and Google pledge to shut down coronavirus tracker when pandemic ends


The companies released more details on their ambitious public health project

Share this story

Illustration by Grayson Blackmon and Alex Castro / The Verge

On Friday, Apple and Google revised their ambitious automatic contact-tracing proposal, just two weeks after the system was first announced. An Apple representative said the changes were the result of feedback both companies had received about the specifications and how they might be improved. The companies also released a “Frequently Asked Questions” page, which rehashes much of the information already made public.

On a call accompanying the announcement, representatives from each company pledged for the first time to disable the service after the outbreak had been sufficiently contained. Such a decision would have to be made on a region-by-region basis, and it’s unclear how public health authorities would reach such a determination. However, the engineers stated definitively that the APIs were not intended to be maintained indefinitely.

The key schedule for the new encryption specification, which now includes Bluetooth metadata
The key schedule for the new encryption specification, which now includes Bluetooth metadata

Some of the changes seem designed to address privacy concerns that came up after the initial release. Under the new encryption specification, daily tracing keys will now be randomly generated rather than mathematically derived from a user’s private key. Crucially, the daily tracing key is shared with the central database if a user decides to report their positive diagnosis. Some encryption experts worried that under the old encryption protocol certain attacks might be able to link those keys with a particular user. Connecting a person to a diagnosis should be more difficult with the randomly generated keys. As part of the change, the daily key is now referred to as the “temporary tracing key,” and the long-term tracing key included in the original specification is no longer present.

The new encryption specification also establishes specific protections around the metadata associated with the system’s Bluetooth transmissions. Along with the random codes, devices will also broadcast their base power level (used in calculating proximity) and which version of the tool they are running. This information could potentially be used to fingerprint specific users, so the engineers laid out a new system for encrypting them such that they cannot be decoded in transit.

The companies are also changing the language they use to describe the project. The protocols were initially announced as a contact-tracing system, it is now referred to as an “exposure notification” system. While the proposed apps and protocols could stand in for some functions of traditional contact tracing, they can’t do the more sophisticated work of interviewing subjects and identifying clusters of infection, which can then inform future public health efforts. The companies say the name change reflects that the new system should be “in service of broader contact tracing efforts by public health authorities.”

None of Friday’s changes address the question of how health authorities will verify positive diagnoses to prevent trolls or other false positives, and it seems likely that question will be addressed by specific app developers. Given the wide variations in health systems internationally, engineers said they felt it was best for local authorities to develop their own verification system to align with their system for distribution tests.

One of the biggest lingering questions around the project is whether it will be adopted by public health agencies, and the companies gave no further details on specific partnerships. However, they said they had discussed the project with dozens of stakeholders, including public health agencies.

The first phase of the program will be distributed through a whitelisted API, and the new documents give some more detail about the specific limits on who will be allowed access. “Apps will receive approval based on a specific set of criteria designed to ensure they are only administered in conjunction with public health authorities, meet our privacy requirements, and protect user data,” the new documents state. It’s unclear whether those criteria would allow for Android-based apps distributed outside of the Google Play store, but Google has historically raised data privacy concerns around such apps.

Today’s Storystream

Feed refreshed Sep 24 Striking out

External Link
Emma RothSep 24
California Governor Gavin Newsom vetoes the state’s “BitLicense” law.

The bill, called the Digital Financial Assets Law, would establish a regulatory framework for companies that transact with cryptocurrency in the state, similar to New York’s BitLicense system. In a statement, Newsom says it’s “premature to lock a licensing structure” and that implementing such a program is a “costly undertaking:”

A more flexible approach is needed to ensure regulatory oversight can keep up with rapidly evolving technology and use cases, and is tailored with the proper tools to address trends and mitigate consumer harm.

Andrew WebsterSep 24
Look at this Thing.

At its Tudum event today, Netflix showed off a new clip from the Tim Burton series Wednesday, which focused on a very important character: the sentient hand known as Thing. The full series starts streaming on November 23rd.

The Verge
Andrew WebsterSep 24
Get ready for some Netflix news.

At 1PM ET today Netflix is streaming its second annual Tudum event, where you can expect to hear news about and see trailers from its biggest franchises, including The Witcher and Bridgerton. I’ll be covering the event live alongside my colleague Charles Pulliam-Moore, and you can also watch along at the link below. There will be lots of expected names during the stream, but I have my fingers crossed for a new season of Hemlock Grove.

Andrew WebsterSep 24
Looking for something to do this weekend?

Why not hang out on the couch playing video games and watching TV. It’s a good time for it, with intriguing recent releases like Return to Monkey Island, Session: Skate Sim, and the Star Wars spinoff Andor. Or you could check out some of the new anime on Netflix, including Thermae Romae Novae (pictured below), which is my personal favorite time-traveling story about bathing.

A screenshot from the Netflix anime Thermae Romae Novae.
Thermae Romae Novae.
Image: Netflix
Jay PetersSep 23
Twitch’s creators SVP is leaving the company.

Constance Knight, Twitch’s senior vice president of global creators, is leaving for a new opportunity, according to Bloomberg’s Cecilia D’Anastasio. Knight shared her departure with staff on the same day Twitch announced impending cuts to how much its biggest streamers will earn from subscriptions.

Tom WarrenSep 23
Has the Windows 11 2022 Update made your gaming PC stutter?

Nvidia GPU owners have been complaining of stuttering and poor frame rates with the latest Windows 11 update, but thankfully there’s a fix. Nvidia has identified an issue with its GeForce Experience overlay and the Windows 11 2022 Update (22H2). A fix is available in beta from Nvidia’s website.

External Link
If you’re using crash detection on the iPhone 14, invest in a really good phone mount.

Motorcycle owner Douglas Sonders has a cautionary tale in Jalopnik today about the iPhone 14’s new crash detection feature. He was riding his LiveWire One motorcycle down the West Side Highway at about 60 mph when he hit a bump, causing his iPhone 14 Pro Max to fly off its handlebar mount. Soon after, his girlfriend and parents received text messages that he had been in a horrible accident, causing several hours of panic. The phone even called the police, all because it fell off the handlebars. All thanks to crash detection.

Riding a motorcycle is very dangerous, and the last thing anyone needs is to think their loved one was in a horrible crash when they weren’t. This is obviously an edge case, but it makes me wonder what other sort of false positives we see as more phones adopt this technology.

External Link
Ford is running out of its own Blue Oval badges.

Running out of semiconductors is one thing, but running out of your own iconic nameplates is just downright brutal. The Wall Street Journal reports badge and nameplate shortages are impacting the automaker's popular F-series pickup lineup, delaying deliveries and causing general chaos.

Some executives are even proposing a 3D printing workaround, but they didn’t feel like the substitutes would clear the bar. All in all, it's been a dreadful summer of supply chain setbacks for Ford, leading the company to reorganize its org chart to bring some sort of relief.