Apple and Google Partner for Privacy-Preserving COVID-19 Contact Tracing and Notification

Originally published at:

The two tech rivals are working together on a secure, opt-in, and privacy-focused method of letting people report a COVID-19 diagnosis that would be pushed to everyone who they passed near in the previous two weeks.

Great idea, with a few caveats though.

First, Bluetooth is not a good technology for determining distance between devices, it is highly inaccurate for that. Since it really matters if two people are within less than a meter or more than 5, the chance of false positives will be very high. It is not clear to me how this is going to be resolved.

Second, the OS updates would need to be available for older OS versions also to be most effective. Android is pretty bad at making that happen, Apple could, but usually does not allow that to happen.

FWIW, one marker of transmission is being within 1 meter of an infected person. However, if an infected person sneezes or coughs in an area, the virus can contaminate surfaces within that area for a period of time, and touching that surface and bringing your hand to your face is also a likely transmission vector, so just knowing that a collection of people were within the same area that an infected person was at a specific period of time before symptoms were noticed (or a test confirmed infection) will be a good start for contact trace testing.

I take that back - we do know that BT can be used for close contact. Apple already does this with Apple Watch unlock of a Mac. You have to be within a few feet for it to work.

Yes, there’s enough information that the system might require a couple of data points within five minutes with similar strong signals. We don’t yet have those details, because it’s preliminary. So they can weight it.

There’s definitely concern that they don’t want you to be notified by a next-door neighbor’s diagnosis unless you interacted with them directly. But while Bluetooth through a wall can work, it is a far weaker signal.

A deep and sober consideration of contact tracing apps:

If the apps are to by done by public health agencies, then the question becomes which ones? County level there are over 3100 in these United States while at state level there are 56. It seems to me that the US Public Health Service should be the responsible agency for design and release of these two apps.

Also the apps MUST be backward compatible at least versions so as to not force someone to spend several hundred dollars on new hardware just to use the apps.

The companies are working with national health authorities, but those authorities could choose to designate other entities. Apple and Google will be making model apps (as noted in the article) that authorities can basically put their own name on and use, too. So we’ll see how split up it gets.

It’s not an apps issue—it’s a technology one. Bluetooth LE support is required so that’s a hard limit. Neither company wanted to promise specific generations, but the way they were talking, it sounded like they were trying to sweep in at least several years worth of phones.

On Android, the company representative in the briefing I received said they would use Google Play services, which they said gave them a very wide scope. We’ll find out more in the coming weeks, but their goal is absolutely as many devices as possible.

Nobody is trying to sell more hardware.

So for those that are interested, Singapore actually rolled a version of this several weeks ago. Called TraceTogether, to this admittedly non-technical reader, it sounds like it’s using a very similar approach.
I wonder how the cross-pollination of these ideas will work in these completely uncharted times.

I wasn’t quite clear on whether there’s anything one can do right now to assist this effort. Are the APIs able to retrospectively acquire the contact tracing data, or would I have to install an app in advance of contracting the virus?
I’m in the UK and it appears the NHS (National Health Service) have not yet released an app -

Yes, although without the OS integration and privacy protections. The briefing I attended openly acknowledged they were looking at all the best efforts worldwide.

In phase 1, an app is required that works with the private APIs that Apple and Google are developing. You have to have the app involved to opt into testing, automatically produce and monitor Bluetooth IDs, receive key updates, and report yourself with a positive diagnosis. Apple and Google will release model apps that agencies could simply adopt, too, if they don’t have the time or resources to integrate into an existing app or develop one from scratch.

In phase 2, the operating systems will incorporate the opt-in, Bluetooth component, and receipt of diagnosis with a simple alert. No need for app to start gathering data. But you will need an app to report yourself with a positive diagnosis and to do anything with the data your phone has, such as provide it to a public-health agency.

The data is not being collected retrospectively. Once phase 1 apps are released, you have to opt-in to start data broadcasting and collecting.

Surface contamination is indeed a method of virus transmission, which is the reason washing your hands is so important. But Bluetooth can’t even detect if you’re in the same room. It could be a signal from someone walking by outside the room. Even someone driving by in a car. Bluetooth just cannot determine distance accurately enough.

Unlocking a Mac is a very specific use case. Like you said, you need to be very close, much closer than the distance advised to prevent contamination, with nothing between you and your Mac but air. The Bluetooth signal will be very strong then, which is probably what makes the unlock work.

I was replying to Doug Miller’s posts, but apparently replying does not automatically quote the message one replies to. Sorry about that. I guess I need to educate myself on how this forum works.

Taken in isolation as a single measurement, probably. Although a weak Bluetooth signal can indicate a sensed device is far away.

But as I note in the article, the design of this system will rely on multiple measurements over time. It’s possible that the Bluetooth scan will measure signal strength over a few seconds, too, and only record a proximity ID once.

The company representatives on the briefing call I was part of said that the system is specifically being designed to ensure close proximity and specifically called out that it would be resistant to someone driving by and through a wall or far away. With multiple measurements across a period of time, a smartphone can infer and model a lot of information.

When you’re doing very specific replies, select the text to reply to and click the Quote button that appears. You can do that multiple times, even with replying to bits from multiple posts, so you could have a single post that would reply to each of the points you make above.

1 Like

FWIW, I just tried a couple of experiments. My Mac unlocked when I was standing with my watch exactly 5 feet away. My Mac would not unlock when I was 7 feet away.

I still say this is good enough for contact tracing even if it is collecting all of the contacts that were within BT range for enough time and at a period of time when somebody was found to be possibly infected but asymptomatic. Think of all of the people in a grocery store for any 15 minute period between 10:00 and 10:45 when I was roaming the store 5 days ago after I’ve tested positive after first showing symptoms. It’s probably better to test too many possible close contacts than too few.

That’s part of the question, and I wonder if how the service will work with that. Say if one country wants to test anyone who was in the same restaurant as anyone who later tests positive and another only wants people within 10 feet for at least 15 minutes? I figure there’s some room for variability, but the system has to make a lot of determinations.

One of my unanswered questions is how much information is stored alongside the proximity IDs that other devices are broadcasting. Is it just the ID and a timestamp? The companies say location information isn’t required and in the briefing they said explicitly that the system doesn’t rely on location.

But there are other ways to combine Bluetooth and relative location determined by GPS and other systems without disclosing one’s absolute location on the planet—or that information could remain in-device and only be used by the system to confirm location matches, and then discarded.

1 Like

It was clear that you were replying to Doug as his statement did appear at the bottom of the email I received from you.