Google and Apple’s COVID-19 contact tracing: what they are really doing.

Google and Apple have collaborated on an application programming interface (API) to help with COVID-19 contact tracing. More correctly, you’ve probably seen something like the picture to the right – a spreader of Fear, Uncertainty and Doubt (FUD). FUD is a long-standing strategy that has been used by the technology industry, salesmen, politicians, and all manner of folks for years. Sow a little FUD, and the world can be your knock-kneed oyster. If you need any proof – look at any statement Trump made trying to justify a wall with Mexico. But I digress…

Much FUD is pretty easy to recognize. Some of it can be well meaning, but most of it is insidious. “Wear clean underwear, you might be involved in an accident” is FUD – thanks, moms of the world, but I will have bigger issues than clean underwear if I’m incapacitated from an accident, and chances are no one would be able to tell anyway. “Apple and Google installed SOMETHING on my phone!” is an example of the pernicious variety.

Hey, you didn’t complain when Apple allowed you to (finally, 10 years late) make folders on your home screen. You didn’t complain when a feature you found useful was installed. This is no different – something someone, somewhere wants. It will not track your every movement, and participation is voluntary.

In fact, they weren’t adding “trackers” to your phone. They were adding the contact tracing API that they co-developed, and that takes a little bit of explanation. APIs are chunks of software code that other programs can hook into, in order to allow other programs to perform various functions. Connecting your Pinterest and Facebook accounts requires APIs; using Dropbox with your Google Docs needs APIs; using Microsoft Office and sharing data between Word and Excel requires APIs. You get the picture – they are the programming chunks that make software interoperable.

This API does two things in the broad scheme: 1) it lets iOS and Android devices talk to each other over Bluetooth without your explicit involvement, and 2) it allows various bodies (generally: governments) to program their contact tracing apps. I think these are laudable goals, and should be encouraged.

Let’s be clear about this: neither Google nor Apple have done anything nefarious or clandestine while doing this. They didn’t collude, they co-operated; they didn’t scheme, they helped create an open standard. The amazing thing is that it happened at all: Apple isn’t known for supporting or creating a standard that is “open”. The tinfoil hat wearing friends of yours who believe that 9/11 was an inside job, that the US Government and major corporations are run by lizard people, or are anti-vaxxers* (I won’t dignify them with links, but it’s there for you to Google Bing if you so choose) will tell you that this is just an excuse for the government to track you. They’re right, sort of – and it’s the type of tracking that you want.

Maybe it’s just the type of tracking that I want right now, because I’ve returned to the office; I actually want to know whether I’ve come into contact with someone that has tested positive for the virus. I am exposing sets of vulnerable people within my bubble, so I truly want to know. I don’t at all mind that I’m back to work, but other people might, and this might give them some confidence. I think the data should all roll up across the country to account for the inevitable summer tourism. I think, ultimately, that this is a good thing.

So let’s take a look at the history of this. I’m going to preface this by saying I’m trying to stick to reliable and often first-party sources, so Apple, Google, and mainstream press. Flat-earthers will, I’m sure, point out the fallacy of falling for these “self-interested” parties.

On April 10, 2020, a few weeks after North America started going into lockdown, Apple and Google jointly announced that they were starting to work cooperatively on a set of APIs to assist with COVID-19 contact tracing. To quote the press release(s):

First, in May, both companies will release APIs that enable interoperability between Android and iOS devices using apps from public health authorities. These official apps will be available for users to download via their respective app stores.

Second, in the coming months, Apple and Google will work to enable a broader Bluetooth-based contact tracing platform by building this functionality into the underlying platforms.

Apple and Google joint press release

It didn’t take very long for the two companies to hammer something together that could be released for testing – two weeks is a very short timeline, even for the rapid-fire world of mobile technology. The APIs have now been completed, and they have been adopted first by the Swiss, along with other European countries including Germany. France and the UK initially struck out on their own path, but the UK has now reversed course; interestingly, the UK has leveled their finger directly at Apple, stating:

“Apple software prevents iPhones being used effectively for contact tracing unless you’re using Apple’s own technology. Our app won’t work because Apple won’t change that system… and their app can’t measure distance well enough to a standard that we are satisfied with.”

British Health Secretary Matt Hancock

Canada is releasing their own app based on the API, first for Ontario, developed by Shopify and Blackberry. Of course, Alberta still struck out on their own, which is unfortunate; noting the comments from the UK Health Minister, above, I can’t help but wonder why they don’t just switch over.

So, what do they do and how do they work? Well, here’s a couple of images that describe it in far fewer words than I ever could.

The Apple | Google explanation of the API
The BBC explanation

What about privacy? Here’s an admission: while I am no fan of Apple, I will give them credit for customer privacy. They really do a good job there. So, here’s Apple’s statement, and a direct quote from the cryptography document that they have posted:

Without the release of the Temporary Exposure Keys, it’s computationally infeasible for an attacker to find a collision on a Rolling Proximity Identifier. This prevents a wide range of replay and
impersonation attacks.

They are minimizing the chance that there will be a hack, and even if there is one, the data is anonymized. To be honest, for the type of data they are looking at sending, I’m completely fine with what they have proposed. I think this is a good thing, and something that everyone should get behind. I also think that the entire country should be on one app – but unfortunately, Alberta just had to go its own way – but at least they are looking at connecting with the federal app. Which leaves one to wonder – why not just ditch the made-in-Alberta solution for the one everyone else will use?

Now the big question: will it work? In the article above from the British Health Minister, he points out that Apple is frustrating to work with. He also points out that the contact distance wasn’t acceptable for their needs, but they had to make the decision on what would work best; Apple, of course, refutes this, and the Apple/Google solution recognizes about 99% of phones with great accuracy. An editorial in Forbes has pointed out that the Apple/Google duopoly has traded privacy for efficacy; the tracing data, even though anonymized, will not be available to researchers in order to ensure users’ privacy. This, despite the fact that users have to opt-in to sharing the data in the first place. If I’m opting in, don’t I wan to help the researchers too?

Roll-out of any contact-tracing app in the US will be interesting to watch, as I don’t imagine one single app will be adopted everywhere; it’s hard enough to do that in Canada. I firmly believe it will be the most difficult in the US, with states wanting to go their own way, no socialized / centralized medicine, and a liberty and privacy before everything else culture.

The net result is that the black helicopters aren’t coming for you. The Apple / Google API is solely to provide better access to key technologies, which will allow governments to roll out contact tracing apps. These are good things. Please, if you are headed anywhere near downtown Vancouver – download the app, and turn it on in settings.

I hope you and your families remain well.

*I have a deal for all the anti-vaxxers out there. You didn’t vaccinate your children (causing measles outbreaks, we appreciate that). Therefore, once developed, you don’t get the COVID-19 vaccine. You’ll still need to go to work and shopping and whatever else you need to do, but no vaccine for you. There won’t be herd immunity anytime soon, so the virus will still be out there, lying in wait. It’s our way of saying thanks.

Insurance is my profession, and one of my passions. Motorcyclist, runner, skier, photography newbie. Nerdy tech geek, craft beer enthusiast. Thoughts are my own. Snark is omni-present.

2 thoughts on “Google and Apple’s COVID-19 contact tracing: what they are really doing.

Do you like my blog? Do you hate my blog? Say something below. I promise to answer.

This site uses Akismet to reduce spam. Learn how your comment data is processed.