Google and Apple place privacy limits on countries using their coronavirus tracing technology

Jenna McLaughlin
·National Security and Investigations Reporter

WASHINGTON — Countries hoping to use GPS to track the location of residents to let them know if they’ve had contact with someone infected by the coronavirus won’t be able to use the new tool being developed by Google and Apple.

The U.S. tech giants shared more details Monday about the technological tools they’ve been developing to help governments and public health authorities trace the spread of the coronavirus and notify citizens about exposure, including a set of privacy requirements for use of those tools.

Google and Apple won’t be creating the tracing apps themselves. Instead, they’ll be offering an application programming interface (API), or programming of technical functions, that will help app developers working with public health authorities and governments create the apps. Developers who adopt Google and Apple’s model will be able to bypass previous technical hurdles through the API, which will use Bluetooth technology to record contact between users and anonymously notify them when they’ve been exposed to someone with COVID-19.

(Photo: Apple/Google)

According to Google and Apple’s requirements, the apps must be created by or for a government or public health agency and will be able to utilize the companies’ API only if they don’t track users with location information or GPS. Additionally, the apps must seek users’ permission to notify them of possible exposures and before someone reports a positive diagnosis to be broadcast to other users.

Finally, the data cannot be used for advertising purposes and the functionality will be removed by region as the emergency subsides, according to company representatives speaking on a press call Monday morning.

Countries that do want to use location data to track citizens or want to use a different model to trace contacts will still be able to do so, and those applications will still be available in the Google and Apple app stores, the representatives explained. However, if they want to adopt Google and Apple’s technology, location services are forbidden. Part of the reason for that rule is to protect privacy, said the representatives, but the companies also believe that GPS is not nearly precise enough to pinpoint when two people have been in close contact for an extended period of time, particularly when they are both inside.

Instead, apps using Bluetooth technology will allow users in close contact for more than five minutes to exchange anonymous beacons with each other. If someone later logs a positive diagnosis, users in the area will routinely receive a list of those positive identifiers, which will be matched against the people they’ve been in contact with. If there is a match and someone has been exposed to a potentially infectious person, the government or public health agency will be able to provide information to users of the app about how to proceed, through potential self-isolation or by getting a test if one is available, for example.

The data is never stored centrally, further protecting privacy.

(Photo: Apple/Google)

While governments are free to pursue their own routes free of the tech companies’ help, some have already tried to use different options and have run up against barriers. The French government has sought the ability to use Bluetooth technology to track contacts, but it wants to send all that information to a central repository where the government would have complete information about individual users’ networks, instead of storing the information locally on devices. A group of cryptographers calling themselves the DP-3T Project have argued strongly against that model, worrying that the central database would be useful in social mapping and would put privacy at risk.

Singapore’s application, TraceTogether, was one of the first to be deployed and allowed for both decentralized storage and sending data to a central location. The app had trouble functioning because Apple currently doesn’t allow its operating system to continuously siphon Bluetooth data from locked phones due to the privacy concern. With the new API, if applications follow the model Apple and Google recommend, those technical hurdles would be resolved.


In the future, Google and Apple are also working on ways they might be able to build the contact tracing functionality into the operating system so that users wouldn’t even have to download the app.

(Thumbnail Photo: Rob Kim/Getty Images)


Click here for the latest coronavirus news and updates. According to experts, people over 60 and those who are immunocompromised continue to be the most at risk. If you have questions, please refer to the CDC’s and WHO’s resource guides.

Read more: