COVID Tracing: Apple/Google Control?

TL;DR

Apple and Google’s Exposure Notification System (ENS) dominates COVID-19 tracing, but it isn’t a complete takeover. While they control the core Bluetooth framework, open-source implementations like DP-3T can still function within their system. However, ENS significantly influences data privacy, user experience, and overall adoption. Full decentralisation is possible, but requires careful design and implementation to avoid reliance on Apple/Google APIs for critical functionality.

Understanding the Situation

In early 2020, Apple and Google collaborated to create ENS as a way to enable contact tracing on iOS and Android. This was done primarily through their Bluetooth frameworks. The key points are:

• Bluetooth Control: Apple and Google control the low-level Bluetooth scanning and advertising functionality used for proximity detection.
• Exposure Notification API: They provide an API that apps can use to access these proximity data, but with strict privacy controls. Apps cannot directly access Bluetooth identifiers; they only receive a list of potential exposures.
• Privacy Focus: ENS prioritises user privacy by using randomised IDs and avoiding central databases.

DP-3T (Decentralised Privacy-Preserving Proximity Tracing) is an open-source protocol for contact tracing that aims to be highly decentralised. It relies on users exchanging temporary identifiers without a central server.

Can Apple and Google Bypass DP-3T?

Not directly ‘bypass’ it, but they can significantly influence its effectiveness. Here’s how:

Steps to Maximise Decentralisation (and minimise Apple/Google control)

1. Implement ENS Correctly: The first step is to use the Exposure Notification API provided by Apple and Google. This is unavoidable for broad reach on iOS and Android.
2. Focus on Data Minimisation: Ensure your app collects only the data absolutely necessary for contact tracing. Avoid any unnecessary tracking or profiling.
3. Decentralised Identifier Exchange: Implement a secure mechanism for users to exchange temporary identifiers directly, without relying on Apple/Google servers. This can be done using:
   • QR Codes: Users scan QR codes to share their IDs.
   • Peer-to-Peer Bluetooth Communication (limited): While ENS controls the core Bluetooth, you might explore limited peer-to-peer exchange for initial ID setup. This is complex and may have compatibility issues.
4. Local Storage of Identifiers: Store all exposure data locally on the user’s device. Avoid sending any identifiers to a central server unless absolutely necessary (and with explicit consent).
5. Secure Key Generation: Use cryptographically secure random number generators to create temporary IDs. Example using Python:

   import secrets
   import hashlib
   
   def generate_id():
       random_bytes = secrets.token_bytes(32)
       hashed_id = hashlib.sha256(random_bytes).hexdigest()
       return hashed_id
   
   user_id = generate_id()
   print(user_id)

6. Federated Risk Assessment: Instead of a central server calculating risk scores, use a federated approach where each device calculates its own risk based on the exposures it receives.
7. Open-Source and Auditable Code: Make your app’s code open source so that it can be reviewed by security experts and the community.
8. Consider Alternative Platforms (limited): Explore alternative platforms or devices where you have more control over the Bluetooth stack, but recognise this limits reach.

Limitations

• Apple/Google API Changes: Apple and Google can change their APIs at any time, potentially breaking your app’s functionality. Stay up-to-date with their developer documentation.
• User Adoption: Getting enough users to adopt the app is crucial for its effectiveness. ENS has a significant advantage in terms of ease of use and integration with existing operating systems.
• Bluetooth Reliability: Bluetooth can be unreliable, especially in crowded environments. ENS attempts to mitigate this, but it remains a challenge.

Conclusion

Apple and Google don’t directly ‘bypass’ DP-3T, but they control the fundamental infrastructure for contact tracing on most smartphones. Achieving true decentralisation requires careful design, implementation, and ongoing maintenance to minimise reliance on their APIs and maximise user privacy.