Health emergencies COVID-19 The global crisis has put two large tech companies working together to help global governments reduce the crash rate. Nothing and nothing less Apple and Google are working together access to information about the severity of the disease, using the mobile technology they guide between the two, based on four basic pillars: health, privacy, transparency and user control over the use (or not) of this program.
Representatives from Apple and Google have shared a major update of the program to combat the distribution of COVID-19, improve privacy and increase development opportunities
At a special press conference held this afternoon with products, Apple and Google representatives They've updated us with a new bundle of improvements for the first edition they launched on April 10. Thanks to the effort by both companies to explain in a better way to the general public the idea they propose: it's starting to change the name of the program, now renamed "Explanatory Notice" – much to do with what the program is doing, warnings about preventing it from spreading across the population. In this case, our mobile technology is used because it can be used and expanded to find out who has infected us.
To do this, Apple and Google start with the first stage including:
- Provide government planning tools (API or Application Program) which will allow each of them to develop (or enter) in their healthcare applications this technology.
- Apple and Google are responsible for the development of this API together, and will support the development by publishing all the details of their technology, on Android and iOS (they are the same in both systems
- Apps integrated with these APIs will allow or disable this technology. Only the user has full control of their installation.
- The final version of these planning tools will be available in mid-May.
Promote improved privacy and more development opportunities
Progress on the development of this Apple and Google editing tool that we reviewed today for the first version, is as follows:
Development of privacy
- The identification for each user who is part of the program now they will be fixed, instead of temporary. This prevents the ID from being traced by the origin of its creation.
- The Data available on Bluetooth is now encrypted. This data contains the emitter signal strength, which determines the exposure distance. Each country can prepare the one it sees fit. They even encrypted this data to protect anyone from identifying someone with the power of their portable Bluetooth beacon.
- Exposure time is limited to maximum of 30 minutes, in fractions for 5 minutes.
Developments to facilitate the creation of applications
- It improves distance estimation between two devices that currently use Bluetooth signal strength, not the amount received by the recipient. As I mentioned, this is encoded to prevent pattern identification.
- Initially, the API generated random numbers that changed every 15 minutes. Now the API has changed to improve security. Every day, the system will generate a new user identification code (and random) where the new code will be generated randomly, with two-step encryption that improves data security and its use anonymity (I remember, whether it was iOS or Android, or mixed. Genre doesn't matter, the tool works similarly and is shared between both platforms).
- You can find it the number of days since the last exposure user. This will allow administrators to customize their system: for example, if it's unveiled today, the app will tell us to go to the emergency room. If it was disclosed 10 days ago, you would recommend staying at home. All of this is customized by each government at any time – and most importantly, the app will not know any data about who it is telling, because it is completely anonymous, but the motive will be valid when displaying this configuration in the system.
- It has algorithm translation improved, from HMAC to AES, which is currently widely used for data entry. Most devices contain computer-based acceleration, which will speed up this installation (all iPhones since 2015 have started, by the way). This algorithm works well, allowing it to be quickly used by applications.
Next stage: implementation at application level
When the first phase is completed, which includes providing this API for governments so that they can implement the program in their operating systems, the companies plan the second edition Improving system performance and avoiding the low cost of downloading applications reduces system performance:
- Add to both operating systems (IOS and Android) to activate and deactivate the program. In Phase 1 it will only be used on applications that use this API, the idea in this section is to make it to be used at the operating system level for easy user access.
- The notifications Every day will be handled between Apple and Google to improve efficiency and ease of use.
- Transfers to active programs will continue to be based on policy privacy, transparency and that the user continues to have complete control over the system.
- Available soon (in the case of iOS, maybe an update to iOS 13 will install it, before iOS 14 arrives in the last months of the year – this is my opinion).
Questions and answers
The process is very technical and can create doubts, so I add here a small section questions and answers for those who are most popular with the program
1.- How does Apple and Google's proposal work?
The system proposed by Apple and Google is the use of a contact tracking system: Bluetooth technology is used on mobile phones to help identify the victim. When activated, our cellphone transmits a signal through a random identifier without any personal information, which changes every 10 or 20 minutes.
A poster authentication is performed on each phone, not on the servers: Mobiles registered in the program listen and store beacons close to what has been established by the requesting authority. At least once a day, the program will download a list of certified beacons on COVID-19 from health authorities in the app. The app will check if any of them are on your "most recent" list, where, the app will notify the user of the action they should take.
2.- How is privacy and security protected?
Each user MUST select REALLY to create the program, activating the application within their own explicit permission to do so. And you can withdraw from it, at any time. No Apple or Google or anyone else may use this without the explicit consent of the user.
The system does not collect position data from the phone, nor does it share it with other devices, or with companies. The user always controls the information he wants to share, and when he wants to do so.
Each user's Bluetooth beacon is rebuilt every 10 to 20 minutes, to avoid personal tracking.
Emerging notification is performed only on the user's physical device and always under his or her control. Positives are not displayed in any way on the system, or between users, or at Apple or Google.
3.- How is information handled by these managed applications?
The system is designed to be fully anonymous of any kind of user identification and only the health authorities of each country have access, no one else. Applications will be tested and must meet specific privacy, security and data management processes. Health authorities of each country will have access to a list of beacons marked as COVID-19, but are connected to any personal data that may allow them to identify who they are.
4.- Can this data be monetized by Gooole or Apple?
No, by any means, by relying on privacy principles and protecting the connection with real user data.
5.- How do users indicate that they expect COVID-19?
It can only be done through the official apps of the health agency of each country. Details of each location will be provided when the app is launched.