In a rare turn of events, Google and Apple have teamed up with local governments to help slow the ongoing spread of COVID-19. How would you like an app that could notify you if someone you had been in proximity to had tested positive for COVID-19? As useful as this collaboration could be to staunching the pandemic, many people are in uproar about it, and have begun to spread misinformation.
As such, we felt it was necessary to discuss these developments to try and clear up a few misconceptions that have arisen, particularly on social media.
This has become a predictable chain of events: some popular application or platform is updated, misunderstandings and misinformation abound, and uproar pops up on social media. For instance, look back to the response to Facebook’s Android application requesting access to a smartphone’s camera. Instead of simply accepting this as a necessity for Facebook’s new photo capabilities, theories and outrage popped up on social media.
Of course, we aren’t saying that changes in technology are always good by any stretch, especially if a user’s privacy is involved. We just want to make sure that the misinformation out there doesn’t cloud your judgement. You can’t trust giant tech companies to act in your best interests (as if their data collection practices hadn’t already made that abundantly clear), so you should always have some degree of skepticism.
In this case, however, we’ve noticed an unnecessarily extreme response to the application framework that Apple and Google developed to assist contact tracing processes.
There’s a simple answer to this: they did not. Neither Apple or Google have added an application to their mobile devices without your knowledge or consent.
What Google and Apple have done is develop an application framework, which makes it easier for app developers to create COVID-19 tracking applications. This news, however, resulted in posts like this one appearing on Facebook:
“**VERY IMPORTANT ALERT!***
A COVID-19 sensor has been secretly installed into every phone. Apparently, when everyone was having “phone disruption” over the weekend, they were adding COVID-19 Tracker [SIC] to our phones!
If you have an Android phone, go under settings, then look for google settings and you will find it installed there.
If you are using an iPhone, go under settings, privacy, then health. It is there but not yet functional.
The App can notify you if you’ve been near someone who has been reported having COVID-19.”
Here’s the thing: almost all the information shared here is very misleading.
The update that this post is referring to was just a new setting that enables the COVID-19 Exposure Notification system. The user still needs to install an application and activate the Exposure Notification system setting, confirming their participation with their chosen platform’s developer.
All this update does is give local governments and health industry members the starting point to build a COVID-19 application, while also providing users the choice to participate,
Without you actively installing a tracking application, your mobile device isn’t going to use your activity to help mark the spread of COVID-19. In fact, if we look at the alarmist Facebook post above, we can even see that a participating application needs to be installed and set up before you can receive notifications.
Google and Apple shared a joint public statement, stating, “What we’ve built is not an app—rather public agencies will incorporate the API into their own apps that people install.”
An API is an Application Programming Interface, the application’s foundation that we’ve been discussing. Because Apple and Google have teamed up on this project, application developers will have an easier time building COVID-19 tracking applications.
It also makes it easier for a user to opt out, which could be an issue. If too many people opt out of this kind of system, the data is no longer totally reliable. As a result, the system could be left ineffective.
First, any responsibility for official applications built will fall to state and local governments.
Second, Apple and Google have created a platform that is decentralized by nature, assisting in its security. Once a user opts in, their phone is assigned a random ID. This ID is then exchanged with other participating phones within Bluetooth range, all phones storing a roster of IDs that they have been in proximity to.
If someone were to be diagnosed with COVID-19, that information could be manually shared with the contact tracing application. With the user’s consent, any phone whose ID had been recorded on that phone would be notified of their potential exposure—without sharing the actual location, any identities, or any of that data, even with Google or Apple. These apps aren’t allowed to use your location or track it in the background, and the ID of the phone is randomly changed every 10 to 20 minutes.
This all adds up to complete anonymity, and renders opting out as simple as not downloading any official or unofficial tracking apps.
Here’s the thing: this system isn’t an application. Instead, it is an API, which means that uninstalling it is not a simple (or even a particularly safe) process. Technically, it can’t be uninstalled, as it is incorporated into the Android and iOS operating systems themselves and is updated via security update.
Some Internet digging might lead you to a walkthrough or two that explains how you could roll back the OS on your phone, but doing so also leaves you vulnerable to the other security threats that these updates protect you from. In short, doing so is a bad idea.
The added API is just a setting that is, by default, deactivated. Both Google and Apple have confirmed that simply not installing (or uninstalling) a COVID-19 exposure notification app is sufficient to opt out of participating.
And, once again:
DO NOT FOLLOW ANY INSTRUCTIONS ONLINE THAT WALK YOU THROUGH ROLLING BACK YOUR PHONE AND OPTING OUT OF SECURITY UPDATES.
If privacy is truly that important to you, why would you do anything that puts that privacy at even greater risk?
From our perspective as an IT professional, the COVID-19 Exposure Notification system seems to have been built with security and anonymity as the top priority. It would have to be, as it would also need to comply with healthcare regulations. Our clients should be very familiar with how strict these regulations are when data privacy enters the mix.
Either way, whether you use the COVID-19 Exposure Notification system is your choice. Just know that both Google and Apple have done their due diligence to ensure your security and privacy.
To learn more about the technologies we’ve described here, reach out to our team here at Ashby Communications, Inc.. Call 916-960-0700 today.