Apple and Google Team Up For Coronavirus Tracing App, Sparking Privacy Concerns

The app will make it easier for individuals and public health officials to track the spread of COVID-19, but privacy rights groups are pushing for transparency.

• By Haley Samsel
• Apr 13, 2020

In an unprecedented collaboration, Apple and Google are coming together to develop a Bluetooth-based app that would allow individuals (and health officials) to track if they have come into contact with someone who has been diagnosed with COVID-19.

The practice of “contact tracing” is cited by public health officials as crucial in containing the spread of the highly contagious coronavirus so that people who have been in close proximity to an infected person can self-isolate and prevent others from becoming infected.

Now, the two tech companies are creating APIs for Android and iOS, Apple’s operating system, so that public health authorities can release official apps and access the data of people who consent to sharing their short-range Bluetooth communications, allowing the app to detect if they have been close to a person who reported having COVID-19.

“Through close cooperation and collaboration with developers, governments and public health providers, we hope to harness the power of technology to help countries around the world slow the spread of COVID-19 and accelerate the return of everyday life,” the two companies announced last week.

The idea is to release app designs that will operate with apps from public health authorities by mid-May. Users will have the ability to download the app during this period, and the tech giants will work in the meantime to build contact tracing functionality into their operating systems so that it is available to everyone with an Apple or Android device.

While the move has been largely celebrated as a potential way to limit spread of the coronavirus and address the logistical challenges of contact tracing, there have been critiques from tech experts and civil liberties advocates. Many are wondering about the difficulties of getting a majority of Americans to download an app on their own, in addition to concerns about the reliability of Bluetooth signals and the effectiveness of tech contact tracing.

“It does seem like a passive system that works to inform people in those situations about potential exposures could offer at least some level of protection,” Casey Newton, a reporter at The Verge, wrote in his newsletter The Interface. “The question is whether the system ultimately generates more signal than noise — whether Bluetooth finds more true positives than false ones.”

The Electronic Frontier Foundation, a digital privacy rights group, wrote that the apps developed by major tech companies to address the coronavirus crisis should provide and require safeguards for user privacy. Some of those guidelines include requiring consent for all data that is collected, minimizing the data that is collected to only what is necessary for the app to work, implementing stringent information security practices, and ending the app when it is not longer deemed necessary.

Transparency about how the government is using the data gathered from the app and how it will be stored will also go a long way in earning user trust, according to the EFF.

“COVID-19 is a worldwide crisis, one which threatens to kill millions and upend society, but history has shown that exceptions to civil liberties protections made in a time of crisis often persist much longer than the crisis itself,” an EFF blog post reads, adding: “Above all, even as we fight COVID-19, we must ensure that the word ‘crisis’ does not become a magic talisman that can be invoked to build new and ever more clever means of limiting people’s freedoms through surveillance.”

Jennifer Granick, the American Civil Liberties Union’s surveillance and cybersecurity counsel, said in a statement to TechCrunch that no contact tracing app will replace public health services like widespread testing, but Apple and Google have taken steps to address privacy concerns.

“To their credit, Apple and Google have announced an approach that appears to mitigate the worst privacy and centralization risks, but there is still room for improvement,” Granick said. “We will remain vigilant moving forward to make sure any contract tracing app remains voluntary and decentralized, and used only for public health purposes and only for the duration of this pandemic.”