Apple and Google improve data protection of the new “COVID-19 tracker”

Apple and Google improve data protection of the new “COVID-19 tracker”

Apple and Google announced on April 10 a new technology that uses Bluetooth and allows you to track people who have had COVID-19 or any contact with infected people. This monitoring will be optional and has been designed to work with a platform more robust than an API (acronym in English for Application Programming Interface), capable of interconnecting signals from Android and iOS devices.

  • Apple and Google will use Bluetooth to track contaminated by COVID-19
  • Using smartphones to track COVID-19 raises privacy concerns

Now, companies are announcing more measures to protect users' privacy, precisely to avoid problems related to the exposure of consumer details – which is the main discussion regarding similar solutions at this time of the new coronavirus pandemic (SARS-CoV-2) .

In short, it works like this: the API helps iOS and Android devices to communicate with each other, sending Bluetooth radio signals, which are stored on phones, tablets and others with operating systems. When volunteers indicate that they are / were carriers of COVID-19, companies send alerts for chips that have been in close contact with positive cases in the last 14 days, with the information that this person has been exposed to possible contagion and recommendations what to do next.

Disclosure / Google

In Brazil we have similar initiatives, with a scan on the general displacement of the population, made from the crossing of data from operators – cities with more than 500 thousand inhabitants can join this collection of “heat map” of movement in times of free. containment. The Brazilian government, through the Ministry of Science and Technology, had been working on a federal solution, which ended up being blocked, precisely because of questions regarding privacy.

Adjustment in data protection

Apple and Google technology is still under construction and should start to be activated in May, with the promise of becoming much more than an API, but a complete platform, but that will only serve the pandemic of the new coronavirus and will then be closed . Therefore, already advancing the service to avoid problems, the giants are working on adjustments to better protect the data and clarify exactly how this tracking works.

Since the beginning of the project, the discussion has been public, with documents shared with researchers, partners and security critics. The first easily defined point is the fact that this utility is well highlighted and explained, with the activation done by the users, and not by default. To ensure more security, Apple and Google have pledged to use better encryption, to further scramble identifying information. Companies are also keeping an eye on their own data about the device, such as a phone model and signal strength – which could provide their most accurate location.

Terminology change and next steps

Apple and Google expect health officials to create applications from this API / platform and are willing to provide support for that. They claim that setting up their own app will be easy and intuitive and, if institutions and professionals want to, they will be able to opt for some ready-made examples, including the possibility of renaming them. One of the guidelines imposed by the giants is to change the terminology to "exposure notification", instead of "contact tracking" – which could better clarify its use and help dispel distrust on the part of users.

Google and Apple promise better data encryption (Playback / Pixabay)

These adjustments have already appealed to security experts such as Jennifer Stisa Granick, a cyber security and surveillance consultant for the American non-governmental organization American Civil Liberties Union. “The promise that Apple and Google will turn off the API is very welcome. We just want to make sure that this is something that can be verified and that there will be an independent review to ensure that the commitments made are fulfilled ”, he commented.

Now, companies must follow the development schedule until mid-May, when programmers from interested authorities should receive the APIs. Then, the utilities should be released next month, when we will see if people will actually adopt this. program.