Getting over the novel coronavirus pandemic, health experts and officials say, will take an extensive contact tracing regime in order to determine who will be able to get back to normal life the fastest and who will need to stay vigilant. With this in mind, Apple and Google have announced a collaboration on universal mobile APIs to introduce a Bluetooth-based exposure notification system to help governments perform contact tracing — first through official public health apps, then, in a few months, right on the operating systems of smartphones and tablets.

What is contact tracing?

Simply put, it means keeping records of people who have been in close proximity to others, usually through interviews. This will allow health agencies to notify people quickly if it turns out that anyone they've spent time with has been diagnosed with COVID-19. The sooner more people can be notified, the quicker they can take action to reduce the spread of the virus. Throughout this process, contact tracers also ensure that people have the resources they need to self-isolate or attain medical help.

In the United States, some governments have already launched contact tracing initiatives — some states like California and Massachusetts are recruiting thousands of people to make phone calls while Rhode Island's governor has asked citizens to keep daily contact journals in anticipation of submitting those logs to a large-scale contact tracing system powered by Salesforce. The National Association of County & City Health Officials suggests that the country needs at least 100,000 contact tracers to cover the population.

Researchers at Lincoln Laboratories and MIT suggest that federating and automating contact tracing via Bluetooth will make the process easier to track and produce accurate footprints of where the virus is with little lag time so that officials can take swift, narrowly-targeted action.

What are Apple and Google doing?

On April 10, Apple and Google announced they were going to merge their individual efforts to help contact tracers by jointly developing what they initially called a contact tracing tool that can be distributed via app or a software update to people's phones. The companies later characterized it as an exposure notification tool to better reflect its prime purpose — the contact tracing process usually spans multiple interviews over an extended period to monitor further potential infectious spread, but this software would give health agencies a head start.

The main part of the tool would basically act as an always-on beacon that will ping all participating devices in proximity to it and log down their contact anonymously as randomly-generated ID keys. If the user or anyone else receives a positive COVID-19 diagnosis, they can self-report it through the tool. As they do, everyone who is on the key log can be notified that they've been in contact with that person. The contacts can then self-quarantine for two weeks minus the number of days since contact and public health authorities can follow up with individuals on next steps.

The companies have iterated on the tool in the weeks since announcing it, bolstering privacy aspects as a response to concerns from the press. Draft blueprints for the Bluetooth, cryptography, and API specifications are available from Apple and Google.

When and where will the tool come out?

The tool will be deployed in two stages: through public health apps and then on the operating system level for both Android and iOS via software updates.

Support for Apple and Google's exposure notification system rolled out in mid-May, allowing Android and iOS devices that sign onto the program through a public health app to ping each other and log down when they've been in traceable proximity. Governments that plan on officially adopting the APIs into their app may be able to implement them in a public release later on this month. Governments that already have launched app-based contact tracing and want to work these APIs into their app will need to abandon their existing system.

Adjustments have been made to the APIs so that public health authorities will be able to determine how many people will get exposure notifications based on a positive report. Factors include inherent increased transmission risks from any positive cases, ping distance from the positive user based on signal strength information, as well as the number of exposure events an individual may have encountered. Authorities will also be able to contact exposed users based on API data and information that users have submitted themselves (like a phone number) either through the app or via a diagnostic test.

The companies say 22 countries in five continents as well as a number of states in the U.S. — including Alabama, North Dakota, South Carolina, and South Dakota — have either incorporated the tool into their apps or plan to.

Here's what a public health app using Apple and Google's APIs may look like:

Apple and Google will deploy the OS-level appless tool to users in the next few months. Those with iOS devices dating as far back as 2016 (this includes the iPhone 7 series and iPhone SE) will get it by installing a software update. For Android users, this will occur with a Google Play services update — not a software update as distributed through your device's manufacturer.

What about privacy?

Every step of the way, users will be able to opt in and then back out. It's promised that no device data or personally identifiable information such as name and location history will be shared among users, Apple, Google, or the governments involved. Ultimately, it will be up to the user to decide what information to submit, including whether they have been diagnosed with COVID-19. Those who download an exposure notification app do not automatically get signed onto using the tools — they must consent from within the app. The data that does get generated will be processed locally on the device and can be deleted by the user. When it comes to exposure notification, the log of device ID keys are sent to, but are not processed by a server operated either by Apple and/or Google or the local government for distribution.

For Android users in particular, they will be able to head to their device's settings, hit the Google item, enter a dedicated section for COVID-19 Exposure Notifications, and then delete any generated data.

The companies insist that no one along the chain of communication will be able to discern any personally-identifiable information from any part of the process. Cryptographic ID keys are randomly generated on-device and are the only identifying data that can be manifest in the process. Bluetooth metadata is also encrypted so that anyone who intercepts it from point of broadcast cannot read it. Apple and Google have generally restricted its APIs to one application to country, but they will work to allow multiple apps in a country if governments are tackling COVID-19 with a state- or region-based approach. Governments that use the APIs in their apps are prohibited from requesting device location data, but they are able to obtain signal strength information to expand their risk assessment.

The APIs will only be shared with public health authorities for their apps and not private health organizations — Apple and Google believe that public health crises should be managed by the government that a public has delegated. They also have pledged to deprecate the service when the need has passed, region by region — details of how are vague at the moment.

There will always be concern about how broad-based initiatives can be nefariously exploited. Those worries are especially pertinent in a time when many people don't have financial security, are struggling in their personal and domestic lives, and may still be vulnerable to the virus. Desperation will breed dastardly ingenuity — something the two tech behemoths will have to be vigilant for as the rest of us are right now.

How does the tool actually work?

The tool uses Bluetooth Low Energy on a constant basis to ping any Android or iOS phones within a 10-15 ft. radius that is also running the tool. Relative signal strength information is logged down as an ad hoc measuring stick between devices.

To track these devices without relying on any proprietary information, the tool randomly generates ID keys every 10 to 20 minutes — this should help limit any malicious actors from tracking a user's location over any sustained length. When one device pings another device in any given 5-minute period, it logs down that device's ID key. If the two devices ping each other more than 6 consecutive times, their ID keys won't be logged again for as long as they are near enough to each other.

When a user submits a positive COVID-19 diagnosis, the user then can opt to share the log of keys recorded from the last 14 days to a server. Every other device using the tool will check that server from time to time and, if one is available, download the log to check if their ID keys match. If any do, the contact is then notified about their potential recent proximity to the infected person. The contact's local health authority may also communicate to them about what they should do next.

Two elements will be vital to ensure that the tool is successful in breaking the chain of transmission: increasing availability and reliability in COVID-19 testing and potential users' trust. Part of building that trust rests in the opt-in nature of this program as well as the self-reporting of positive diagnoses — the companies are considering working with healthcare operators to incorporate lockstep test verification (i.e. scanning a QR code after taking a test), but their current stance is that the entire process should be voluntary.

Source: Apple (1), (2) / Google (1), (2)

Thanks: Moshe, Nick