On May 20 we echoed the expansion of the API of Google and Apple against COVID-19, the first step for a system that aims to protect us from disease. The implementation of this API has resulted in the appearance of a new submenu on some Android phones under the name of ‘COVID-19 Exposure Notifications’, which seems to be worrying users for security reasons.
We will explain everything related to this matter so that you can be clear what are these notifications, why does this submenu appear and why there is no reason to worry that it has appeared overnight.
Google has a plan against COVID and the implementation of the API is a first step
Both Apple and Google have worked together on a system so that users can receive notifications related to possible exposures to those infected by COVID-19. This contact tracking system is intended inform public health authorities and give guidance to anyone who may have been exposed to an infected person, in order to minimize the risk of new outbreaks.
Despite how little we may like the simple reading of ‘contact tracking’, Neither Google nor Apple share our identity with other users. This system does not track our location, identity, or personal data, the entire process is carried out using random identifiers that are only shared with public health authorities. Further, when it is implemented it will be totally optional, being able to activate or deactivate it at will at any time.
The API that Google and Apple have worked on is just the first step. An official government application is necessary for this contact tracking system to work
This system requires a tracking application that is still being worked on. Specifically, in Spain, Nadia Calviño, Minister of Economic Affairs and Digital Transformation, anticipated that work is underway on a pilot project for said app in the Canary Islands, so there is still no trace on the peninsula on it.
The direct implication here is that if there is no application there is no working system, so the subsection of ‘Notifications by COVID-19’, as Google itself indicates within it, is currently not functional (in fact, you can see that the functions are disabled).
Exactly how this system works
Having explained that the system not yet implemented (pending the application in Spain), we will delve a little deeper into how it works, as it may not be clear how Google sends our information and what exactly it shares.
- First of all, an application downloadable from the Play Store is necessary for the system to work, which does not yet exist in Spain.
- Once the app is installed and the system is activated, it is generated a random ID for our device. This ID changes every 10/20 minutes, to ensure that they cannot serve to identify us or our location.
- In the event that we test positive for COVID-19, we can share voluntarily and anonymously our ID, so that it is recorded in the database as a positive case.
- So these IDs can be exchanged Bluetooth connectivity is used, which also allows the app to exchange information in the background
- The phone periodically checks all IDs associated with positive COVID-19 cases.
- If there is a match, the application will send us a notification with instructions from the public authorities.
The basic idea here is that, if we have COVID-19, we can use the Government app to report that we have it. After reporting, we can share the random IDs that have been generated. In this way, if someone has been in contact with us and has this system active, may be informed about said contact.
The key points at the privacy level are three: the first is that the tracking is done at the level of random identifiers, the second, that these identifiers self-destruct after 14 days and, the third, that the system itself is voluntary
In other words, it is a voluntary and anonymous system (According to Google). One of the keys is sending random identifiers to preserve the privacy of users, so that technically we can be calm and deny that “our phone is spying on us.”
More information | Google