Google and Apple continue to advance in the development of a solution that will help in this traceability of contacts and thus detect possible contagions quickly without invading the privacy of users.
This commitment to privacy has been reinforced in the latest development review. Those responsible for the project have highlighted new privacy protections in addition to facilitating the development of future applications that take advantage of this system.
More Privacy Protection
Google and Apple have highlighted some noticeable changes in the way the system works. To begin with, they indicated, the keys that are generated for the operation of the system are not derived from the previous ones —something that could make us investigate its origin—, but now they will be generated randomly “every 10-20 minutes”.
They have also removed the Tracing Key from the original specification: it persisted on the device and could compromise privacy.
A new Bluetooth metadata section has also been included, which will be encrypted and that will include, for example, data on the intensity of the transmission (measured in dB) to be able to establish whether the proximity with that person was greater or lesser.
Finally, a limited exposure time of a maximum value of 30 minutes has also been established to protect that privacy.
As explained in the frequently asked questions (FAQ), the system “will download at least once a day a list of beacons that have been verified to belong to people who have tested positive for COVID-19 by the health authorities.”
Google and Apple, They Continue to Insist At all Times
From there each device will compare the list of beacons that it registered by being in proximity with them with the list that is downloaded from the server, and if there is any coincidence, the user will be notified of it and will be informed of the steps to follow.
At Google and Apple, they continue to insist at all times on how crucial transparency is in this type of solution and the fact that the user will always have control over the system . You will be able to enable and disable these options and install or uninstall applications that use them at all times, and there is no data regarding your location that is sent to a centralized server.
The identity of the user is never shared with other users, nor with Google or Apple: applications and these systems can simply indicate whether that user has been with a user (without knowing who he is) that has been tested positive for a coronavirus test. And only if that user who has been infected decides to share that information with the system.
As explained by those responsible for Google or Apple, this system “is only used for exposure notices by public health authorities, and is not monetized.” Curiously, they warn, both Google and Apple can disable this system in certain regions “when it is no longer necessary”, although they do not specify in detail when the system is considered to be effectively no longer.