Contact tracing by Apple and Google - Explained

This is truly a moment to remember - in spite of all the bad that COVID-19 has brought to our lives, we continue to witness new examples of solidarity around the globe every day. Latest news just in from Apple [1] and Google [2], who have announced partnership to deliver technology for contact tracing across the world (via all iOS and Android devices).

This partnership is even more exciting for us because, after getting many inbound requests from institutions around the world, our team was already discussing rolling out a very similar service for free. However, we were worried about adoption being the largest blocker, as this “device beaconing” technology is only useful when the majority of the population has it. In other words, I can’t trace another person if that other person doesn’t also have the same tech on their smartphone. Apple and Google solve this.

Highlights

• Apple and Google, together, represent the vast majority of the smartphone market. Therefore, by enabling contact tracing in iOS and Android, they effectively cover almost every smartphone user.
• This technology enables each smartphone to opt-in to a global contact tracing system whereby your phone, while sitting in your pocket and completely anonymously, detects which other phones (not people) you got in close contact with and when.
• If and when a user reports positive for the virus, they can opt-in to let the system know. Once a system receives this information, it notifies all the smartphones on the system with an encrypted piece of information which allows them to check if they have been in close contact with the infected person’s smartphone. If they do, then they get a warning notification and official health advice.
• If most smartphone users opt-in to this system, almost every smartphone holder will have access to accurate contact tracing information which can drastically slow down the spread of the virus.
• Current specification clearly ensures that Apple and Google do not obtain any location or tracking information of the users. This is a “device to device” detection system - no location information is stored and all processing is done via encrypted information on the smartphone (not on a server).

What is Contact Tracing and why is it important?

We are not medical experts so here is the description taken as-is from the World Health Organisation (WHO) website [3]:

“People in close contact with someone who is infected with a virus, such as the Ebola virus, are at higher risk of becoming infected themselves, and of potentially further infecting others. Closely watching these contacts after exposure to an infected person will help the contacts to get care and treatment, and will prevent further transmission of the virus.

This monitoring process is called contact tracing…”

In other words, viruses like COVID-19 typically spread from human to human. Therefore, once a person is identified to be infected, it is very crucial to understand who else has been in close contact with that person in the previous days (14 days for COVID-19) so that those people can be warned and asked to self-isolate, in case they happen to have been infected too (and have not realized it yet). If every infected person and anyone who has been in contact with them could self-isolate right away, the spread would almost cease, since the only potential carriers of the virus would be self-isolating.

Why Apple and Google?

They have a special role in all of our lives: almost every smartphone in the market today uses either iOS or Android operating systems. Therefore, they are in the pockets of the majority of the world population. This excludes those smartphones with other operating systems (such as proprietary Chinese operating systems) or lower cost feature phones or any user without any phone.

Given their presence in our smartphones, Apple and Google together represent a unique position to roll this out to the majority of the world.

How does it work?

Bluetooth! Bluetooth is probably the most ubiquitous technology in the mobile world today as both iOS and Android smartphones come with Bluetooth sensors in them. It is the same technology that allows your smartphone to connect to wireless earphones or car systems.

There are two parts:

Part 1 - Registering detections (“Contact Detection Service”)

Technically, the system will work by every smartphone advertising Bluetooth packets with a rotating unique identifier. Imagine you are on the bus on your way to work. Your smartphone (if and only if you opt in) will start advertising specific Bluetooth packets. Similarly, it will also detect these Bluetooth packets coming from other smartphones around you (eg. other smartphone users on the same bus). Your smartphone will record these signals from other users with timestamp and distance. For example, your smartphone will record that “you were 5-10 meters away from ‘abc’ signal on Monday at 9:40am”. Note - the identifiers are shuffled around every 15 minutes and no other information (such as your actual GPS location) is stored. The system only tracks you being close to another smartphone user at a specific time. It doesn’t track where you were during this occurrence.

Too technical?

As an analogy, imagine each of us were constantly playing different songs on our smartphones while also recording music coming out of other devices around us. You got on a bus, your phone is playing “Madonna - Like a prayer” while another person is playing “Michael Jackson - You rock my world”. Your phone can hear Michael Jackson while the other phone can hear your Madonna song. Your phone records that “on Monday morning, at 9:40am, I heard another phone playing Michael Jackson and the music came from very close”. At this point, you do NOT know who that other person is (and your phone does NOT store where this happened).

Part 2- Tracing detections with a virus holder

Imagine User A later tested positive for the virus. To enable contact tracing, User A needs to notify (at their discretion) this system through their smartphone (eg. imagine a button in your phone settings to report). Once Apple / Google receives this information that User A has tested positive (in an encrypted format), they will then anonymously share this encrypted data with all other users of the system, on a daily basis. This will allow any other smartphone to check their local storage if they have registered any detection that belongs to the same encrypted piece of data. (Note that Apple and Google do not share User A’s identity and it is not possible for other smartphones to understand that the signals came from a smartphone belonging to the User A. They only understand that they were in close proximity with a smartphone belonging to an infected user, without knowing it’s User A. This is achieved through 3 layers of encryption - further details are explained here [4]).

Too technical?

Keeping with the music analogy, imagine the user who was playing Michael Jackson that morning submits to the system that they have tested positive for the virus. The system then prompts every other user to check if they heard “Michael Jackson - You rock my world” on Monday 9:40am 2 weeks ago. If your phone confirms that it heard the same song around the same time, you get a warning that you should self-isolate because you have been in close contact with an infected person. However, if your phone hasn’t heard that song or the times don’t match, then you don’t get any warning.

When will it be available?

The proposal mentions 2 phases:

• Phase 1 (due May 2020) - Apple and Google to release developer APIs for developers to embed this feature inside their mobile apps. This is down to the app developer’s decision so any app (from BBC News to Uber) can decide to include this capability inside their mobile apps easily, as Apple and Google will provide the necessary software libraries on iOS and Android respectively.
• Phase 2 (due “coming months”) - Apple and Google embedding this capability directly into the operating system, without requiring any app. (Similar to how you can use Apple Pay or Google Pay, without having to install an additional app, as your smartphone comes with this capability out of the box).

How about data privacy?

The specification has a strong focus on data privacy.

• The system requires opt-in by the user for two stages: (i) for joining the system; and (ii) for notifying the system in case the user tests positive.
• All identifiers are encrypted through a 3-layer hierarchy. Each smartphone is assigned a unique device identifier (Tracing Key), which is then used to generate a daily identifier (Daily Tracing Key), which is then used to generate a unique identifier (Rolling Proximity Identifier) that rotates between every 10 to 20 minutes, all the time. The phones only advertise these short-lived (10-20 minutes) identifiers for detection.
• Advertising and detection happens between smartphones without going to any server (according to the specification). Therefore, neither Google nor Apple can “know” who you were in close contact with at any time. This information is kept on your smartphone storage only.
• Detections do not account for current device location - it only factors in timestamp and proximity to the other smartphone(s) (calculated via RSSI, which denotes “received signal strength indicator”).
• All specifications are shared publicly for review.

Google explains data privacy here.

Let us remark that these are based on the publicly available specifications at the time of writing. We do not or cannot control how Apple and Google engineers and executives ultimately decide to implement the system.

Why Bluetooth?

• It is ubiquitous - it is available on most iOS and Android devices
• It is low energy
• Both iOS and Android have Bluetooth APIs in place that allow phone to phone detection
• It is accurate for detecting nearby devices

Why not UWB?

UWB is the superior technology for device to device proximity detection (and we expect to see Apple releasing functionality based on UWB for iPhones to detect other iOS devices or even air pods around you very soon). However,

• UWB currently has limited availability (only available in most modern iOS devices and not available in most Android devices)
• Software libraries for UWB are in their infancy and have not been widely released to developers yet. Bluetooth, on the other hand, has been widely available to developers for many years and has been tested time and time again.

This will change in the coming years and we predict that we will see more UWB adoption, especially for “Smart Home” use cases. But that’s the topic for another blog post.

Conclusion

We are very pleased to see news like this - bringing two major competitors together for everyone’s benefit - and we truly believe this, if adopted by users, can make a true difference by making contact tracing available at a global scale for every smartphone user. We expect there will be concerns regarding data privacy; however, based on our technical analysis of the publicly published information, we believe both Apple and Google have done a good job of ensuring there is no private data stored anywhere and it is not possible to identify / reverse-engineer this system for abuse. It is clearly designed for one purpose - to allow any user, with their consent, to notify any other smartphone holder in case they test positive and they have been in close contact. Furthermore, once COVID-19 is over, we expect every user will opt-out and disable the system.

We hope to see the COVID-19 behind us as soon as possible and we believe, such examples of solidarity between even the biggest competitors, will only help us get there sooner.

(Legal note - this blog post serves to share Pointr’s own point of view and is mostly based on our technical interpretation of the publicly available technical details [1] [2] which are in draft form. The published technical details may be subject to change or we might have made unbiased errors or omissions during our interpretation. We accept no liability for the accuracy of this information and we advise any reader to check with Apple and Google directly as needed.).

References:

[1]

[2]

[3]

[4]