Apple and Google make changes to their contact tracing solution to address privacy concerns
Exposure notification data will be processed on device
The two companies are going to boost the security of the solution further, so it cannot be traced back to any individual. This will be an opt-in system, and users will be able to turn it off whenever they want.
The changes made have been detailed. First off, the Bluetooth metadata will be encrypted. The temporary keys associated with a particular phone will now not be derived but randomly generated every day. Additionally, the Bluetooth beacons will be rotated every 10 to 20 minutes. These measures will make it nearly impossible for attackers to trace back a user. This will make the system more secure and protect the private information of users.
The exposure notification solution will also share the strength of Bluetooth signals and allow developers to set parameters so they can decide what constitutes an exposure event. The system will only reveal the approximate time of shared contact, starting from 5 minutes, and going up to a maximum of 30 minutes, with 5-minute increments. The upper limit will further help protect the privacy of individuals.
APIs will be available starting next month and from then on public health authorities will be able to develop apps. Although iOS and Android will, of course, support the tech, Apple and Google will not be making the apps. It could be months before the first app arrives, according to the two tech firms.