The much-awaited Exposure Notifications System developed by Apple and Google have been released as part of the new iOS 13.5 software update for the iPhone. This comes at a time when the world is struggling to contain the Coronavirus, or COVID-19 pandemic. The release of this new application programming interface (API) is for public health agencies (PHAs) and the contact tracing apps they make and deploy. Apple and Google say 22 countries in five continents have requested and received access to the API, and more are expected to join in the coming weeks.
The new API will allow PHAs to define what constitutes an exposure event, the number of exposure events an individual has had, factor transmission risk of positive cases into their definition of an exposure event and data that users voluntarily choose to input into the app allows PHAs to contact exposed users. The same feature set is expected to be released for Android phones in the coming days, though Google will be relying heavily on smartphone makers to release this for their phones.
Remember, this is not an app in itself. This is an API that public health agencies around the world can integrate into their own apps. For instance, India’s Aarogya Setu, Austria’s Stopp Corona app, Czech’s eRouska, Iceland’s Rakning C-19, Israel’s HaMagen, Singapore’s Trace Together and Norway’s Smittestopp, Australia’s COVIDSafe, CovTracer from Cyprus, Italy’s Immuni and Poland’s ProteGO are all contact tracing app examples that can use the new API—whether they do it or not remains to be seen.
“Our technology is designed to make these apps work better. Each user gets to decide whether or not to opt-in to Exposure Notifications; the system does not collect or use location from the device; and if a person is diagnosed with COVID-19, it is up to them whether or not to report that in the public health app. User adoption is key to success and we believe that these strong privacy protections are also the best way to encourage use of these apps,” Apple and Google said.
Privacy remains a very important part of this new COVID contact tracing API. The device location details are not collected at any point. Random Bluetooth identifiers are used to indicate proximity and no identifiable information is shared or logged. Users decide whether they want to report a positive diagnosis and the user identities are not known to other users, Google or Apple. Matching for exposure notifications is only done on device, which means that data isn’t saved or processed on the cloud.
Apple and Google have time and again taken pains to emphasise on the point that the list of contacts never leaves your phone, list of people who you may have come in range with never leaves your phone and at no point is the data shared with Apple or Google, in case of a positive test. Only public health authorities will have access to that data—though we must note that Apple and Google will have no say in who these authorities then share the data with.
In the coming months, Apple and Google will also develop and enable a broader Bluetooth-based contact tracing platform by building this functionality into the underlying platforms—in this case, iOS for iPhones and Android OS for Android phones. “This is a more robust solution than an API and would allow more individuals to participate, if they choose to opt in, as well as enable interaction with a broader ecosystem of apps and government health authorities,” Google had earlier said.