Former Apple Engineer: Here’s Why I Trust Apple’s COVID-19 Notification Proposal

Originally published at:

David Shayer, who has worked as a software engineer at Apple and other companies, explains Apple’s internal approach to privacy and contrasts it with other companies, all with an eye toward showing why we should trust the current draft of the COVID-19 exposure notification proposal from Apple and Google.


5 posts were split to a new topic: COVID-19 contact tracing apps

Dave. Well written and a helpful contribution to the public discussion. Non technical readers I’ve shared it with say they understand the issues as presented which is not their usual experience with writing by engineers. Well done. Thanks.


Thanks very much! I do my best to write clearly, but Adam Engst’s editing is very helpful.

I hope you’re staying safe. I’m looking forward to another nerd dinner someday!

1 Like

I wonder how much Is based upon Apple’s work on iBeacons and subsequent more privacy focused application such as the the U1 chip and “ AirTags”? I suspect this is part of both Apple’s evolving technologies and its socially responsible attempt to prevent abuses—unintentional or otherwise. The experience of Google’s co-opting of and the devolution by commercialization of iBeacons has made Apple very cautious I suspect. I see Apple’s privacy DNA in this as well as its power management, accuracy and other sweating of details first before releasing it. This is what good OS engineering is about. Sadly, Apple gets lumped in with its antithesis (Google, Facebook, et al) because it is being seen doing this process so publicly and sharing this with Google/android in order to maximize its possibilities

Apple now has an info page on the API, including a detailed FAQ.

Hopefully it is now available for use in the various apps that health authorities have issued or are developng. The CovideSafe app in Australia urgently needs this as it is almost useless on iPhones since, currently, it needs to be running in the foreground, with the phone awake.

The latest article seems to indicate that people will need to upgrade to iOS13.5 in order for the API to work.

Not surprising I suppose

Just went to update my iPad and there is no mention of the Exposure Notification API in the blurb. Maybe it just applies to the iPhone.

Yes. That has been mentioned in all the articles to date, but in addition you must download and install an application that uses the API in order to even enable it, then opt-in to use it. I haven’t heard of an such app being available from public health officials yet.


Looks promising

That article is a bit off base. First it’s not a Contact Tracing capability (which raises privacy flags) it’s now referred to as an Exposure Notification capability to make it clear that it’s designed to let the user know about the contact. Secondly, it’s not an app, only the API’s which will allow an app to work with an iPhone. It will be up to all those 22 countries and however many states to develop the apps and submit them to Apple for testing and distribution. We’ll all have to wait and see what Apple will allow those apps to do and how willing the public is to use them.

I would hope that anybody who knows they are infected and has an iPhone would want to use it as a courtesy to others, just like wearing a mask. And others would want to know if they have been in close proximity for an extended time to a person reporting themselves as infected. How this relates to health authorities desire to conduct Contact Tracing is still TBD in my mind.

1 Like

As long as our federal government response remains entirely inadequate and our local governments still can’t figure out how to test the vastly larger amounts of people we’d need in order to be able to return to work and play, I wonder how much good such apps can actually provide.

And honestly, it’s starting to feel like an attempt at passing a burden that should be carriered by multiple players onto just one. I really don’t feel the urge to open myself up to security risk just because our government can’t be bothered to deal with this pandemic in a scientifically sound manner. I read how countries like Germany have responded to this pandemic, I see here how POTUS instructs his authorities to deal with it (or rather how not to), and then I see my 74 year old neighbor invite her senior circle over for a backyard luncheon once a week while younger and healthy people remain locked up at home recking havoc on what remains of the economy. And now an app is going to save us?

I’ll probably end up running it just because I want to be able to say I did everything I could (like staying home, wearing masks when I go buy groceries once a week, etc.), but do I believe under these circumstances much good will come from that app use? I’m skeptical to say the least.

Not much to debate about here. I still haven’t seen any actual security risk with this, but until there is an app there won’t be.

I’m afraid this all comes too late to make any difference with the current situation. Although there is a lot of interest, I don’t see it coming close to solving or even helping with requirement to do Contact Tracing. Even if we had working apps that respected our privacy, it would still be up to each individual to report themselves as infected and those who were notified of their close encounter would need to let local health authorities know that they got an alert about an anonymous infected person. That doesn’t sound all that useful, to me. At best it may play a part in a fall outbreak.

There is a detailed description of the API here:

1 Like

Knowing that this disease spreads exponentially, and especially spreads when people are asymptomatic, if this notification gets even one exposed person to get tested and then self-isolated if positive, that could prevent spread from that one person to a thousand people in six weeks (which may even prevent a death or two or three). It won’t solve the problem, but it has a lot of potential to help keep the R0 number lower, which is what we want. As we are opening the economy more and stopping isolation, this may be the perfect time for this to start, so potential COVID-19 hotspots can be isolated very quickly going forward. Even if we don’t catch them all this way, even one can make a huge difference in a relatively short period of time.

(“A thousand people in six weeks” comes from the fact that the disease was doubling every four days at the outset. Of course we are all doing more mitigating now, from isolation to mask-wearing, so perhaps the spread to a thousand would take longer now. But the idea remains.)


The US is nearing 100,000 Covid 19 deaths, which should be exceeded in a day or two. Many experts feel this number is likely to inaccurate and should be higher, and many of the states and localities that recently loosened restrictions are already showing significant upticks in new cases. New Zealand, Australia, and other governments that moved quickly to develop and promote their own contact tracing apps, and to quickly implement strict social distancing guidelines, managed to contain the virus a lot more sooner than the US. My kudos to Apple and Google for stepping up where the US government, and those of many other countries, have not.

I’m going to download the app as soon as NY State releases it. I think we need to do everything we can to slow and stop this pandemic. Even if contact tracing in the US does just a little to help accomplish this and saves a few lives, I think it will be well worth it.

As I indicated above, the Australian government’s COVID-safe app is almost useless on iPhones. Furthermore the health authorities have only recently started using the (limited) data. The “success” in NZ and Australia is mostly down to community compliance with the lock down, manual tracing by hard-working health staff and luck!