It may sound unsettling or even downright creepy for the device that’s generally with you 24/7 to make it possible for authorities to trace your exposure to a potentially fatal illness that’s currently consuming the world. That’s why Apple and Google have been bending over backward to provide privacy assurances about the platform-compatible programming interfaces they’re putting into iOS and Android. On Monday, they offered new details, as well as images of the push notifications users might receive should they have come into contact with someone who later tests positive for COVID-19.
Among the assurances provided is that apps that use the application programming interfaces can only be developed by or for public health authorities and that the limited amount of information they can collect may be used solely for tracing COVID-19 infections. Apps will be barred from seeking location permissions and must collect the least amount of data possible to trace the physical contacts of other opt-in app users who later find out they’re infected. None of the data collected may be used for any commercial purposes.
Besides the assurances, the companies gave a sneak peak of the permissions users must provide and the look of push exposure notifications to be delivered to a user’s phone. Here are the images:
Effective but risky (and costly)
Health experts have said that contact tracing—or the process of tracing all the people an infected person has come into physical contact with over the previous 14 days—is one of the most effective ways to contain exposure to the novel coronavirus. Once identified, people exposed can be monitored or go into quarantine for the next two weeks.
To date, US and worldwide infections have reached 1.2 million and 3.6 million, respectively, with 68,000 and 1.2 million deaths. The Trump administration recently projected deaths in this country would range from 100,000 to 200,000.
While contact tracing is one of the best hopes for keeping the numbers as low as possible, it’s extremely time and work intensive, since it traditionally requires large numbers of health workers to perform interviews. The practice is also prone to error and uncertainty because the people being interviewed have faulty memories and can only report contacts with others who are known to the infected person.
Phone apps could provide a much more efficient and accurate means of tracing that was never available during previous pandemics. But it comes with potentially dystopian side effects unless developers—of apps and in particular of the interfaces that the apps call—aren’t designed with care. Apple and Google intend the details provided on Monday to ensure developers with both companies are carefully using those considerations to fully inform the platform they’re building.
In all, the details provided during a conference call with reporters on Monday included the following, although some of them repeated assurances offered last month, when the APIs were first announced.
- Apps must be created by or for a government public health authority and can only be used for COVID-19 response efforts.
- Apps must require full user consent before they can use the exposure notification API.
- Apps must require users to consent before sharing a positive test result, and the “Diagnosis Keys” associated with their devices, with the public health authority.
- Apps should collect only the minimum amount of data necessary and can only use that data for COVID-19 response efforts. All other uses of user data, including targeting advertising, is not permitted.
- Apps are prohibited from seeking permission to access Location Services.
- Use of the API will be restricted to one app per country to promote high user adoption and avoid fragmentation. If a country has opted for a regional or state approach, the companies are prepared to support those authorities.
Caution and criticism
Privacy advocates have received the initiative with mixed results, with some experts saying they are cautiously optimistic and others saying the project is doomed to exposing sensitive infections, locations, contacts, and other sensitive information, possibly at an unprecedented scale. The companies have already built the interfaces into beta versions of their mobile operating systems and plan to make them available in general releases later this month.
The newly provided images suggest that the push messages will reveal the date or dates the contact took place. They also illustrate the permissions users must provide to opt in to the system. It’s still too early to determine if the health benefits of contact-tracing apps in always-on, always-have devices will outweigh the privacy risks. Apple and Google say they won’t and are trying to provide evidence for that claim.