Are the privacy concerns about Apple/Google’s COVID-19 tracing app warranted?

Share on facebook
Share on twitter
Share on linkedin
Share on email

Last week Friday Apple and Google announced an intriguing collaboration centred around the COVID-19 pandemic. The collaboration piqued our interest as it saw two tech rivals partner on a project together, but it also gained significant scrutiny due to the privacy and security questions it raised.

Before we touch on those elements, it’s important to outline what this collaborative project is. The project does not have an official name at this stage, but involves using smartphones as a means of COVID-19 tracing moving forward, in a bid to assist health authorities in better tracking the movements of those infected by the virus.

The project is also going to work in two phases, with the first kicking off at the beginning of May, and involving the distribution of APIs via Apple and Google’s native marketplaces.

This will be followed by the release on a Bluetooth-enabled tool to handle the tracing in the next few months.

A time and place

“A number of leading public health authorities, universities, and NGOs around the world have been doing important work to develop opt-in contact tracing technology. To further this cause, Apple and Google will be launching a comprehensive solution that includes application programming interfaces (APIs) and operating system-level technology to assist in enabling contact tracing,” said both parties in a joint blog post.

“Given the urgent need, the plan is to implement this solution in two steps while maintaining strong protections around user privacy,” the post added.

This brings us to the crux of the issue – security and privacy during a global pandemic.

Had this been any other time, such a plan would have come under greater scrutiny, and some issues have already been raised, with democratic senators in the US already sending several questions to Apple to find out more about the project.

Both firms also invited technology journalists living Stateside to join in on a conversation about the project, and answered the questions they had about the project too, and in particular how it will work, what kind of data will be collected, and how easily in can be stolen?

While we have not had time time to scrutinise the organisations ourselves, we have looked to the feedback that trusted technology sites have shared over the past couple of days.

Privacy still important

To that end, Apple and Google’s system is said to place individual privacy highly, and it does not work off of location data. Instead it is proximity-based, and specifically captures the data that records your smartphone’s proximity to another mobile device. As such it is not the same sort of data capturing that is used in an app like Google Maps for example.

Both organisations have also been careful to stress that the service is opt-in.

Added to this users will be notified if they have been in contact with someone who has tested positive for COVID-19, regardless if they have downloaded the necessary healthcare organisation’s app or not. There will also be tips and advice about what to do following the notification, as well as who to contact in order to self-isolate or seek testing and treatment.

While there is indeed a need for such a system now, and during a time of national disaster, a willingness to limit some privacy, it still remains to be seen what happens once the pandemic has ended.

A survey in the UK for example found that three in four respondents were open to downloading and installing an app with such functionality.

But what happens after that?

When to shut down

Apple and Google say they will prevent abuse of the system by relaying all data through recognised health authorities. That said, this process may differ depending on the region and the agency.

Speaking to how the system will be employed when the pandemic comes to an end, both parties have told The Verge’s Casey Newton its plans.

“Some readers have asked me whether the system might be put to other uses, such as targeted advertising, or whether non-governmental organizations might be given access to it. Today Apple and Google explicitly said no,” he writes.

“Privacy, transparency, and consent are of utmost importance in this effort, and we look forward to building this functionality in consultation with interested stakeholders. We will openly publish information about our work for others to analyze,” the aforementioned post adds.

As for the Bluetooth technology that Apple and Google’s tool will use, it is said to be Low Energy-based (BLE), much like the interface used to pair your smartphone to a device wirelessly.

Keep a close eye

As such it will be difficult for hackers to work back the information contained within and find a way to compromise users. This as users are not personally identified.

That may change once the health authority apps using the same technology start asking for more information from you, however, which would only happen if you tested positive for COVID-19 or were in contact with someone who did.

Either way it looks like the tool will not be gathering any incriminating data.

Are the concerns regarding privacy and security for Apple and Google’s tracing project warranted? At this stage no, but the question about tracking from other firms and operators still remains unanswered.

Regardless, with each new tracking or tracing project that is announced to fight the spread of COVID-19, they are in no less need of scrutiny.

[Image – Photo by Lianhao Qu on Unsplash]

Robin-Leigh Chetty

Robin-Leigh Chetty

When he's not reviewing the latest smartphones, Robin-Leigh is writing about everything tech-related from IoT and smart cities, to 5G and cloud computing. He's also a keen photographer and dabbles in console games.