In a joint effort, Apple and Google have made available to the certified health authorities an API that allows them to develop applications for both Android phones and iOS phones that allow them to know with whom a person who has COVID-19 has been in contact.
How these applications work
The process is simple, each user has a random identifier that is assigned to the phone. When this user approaches another user at a distance of up to about 2 m, their phone collects the identifier of this other user (if you have activated this option) and saves it. All of this is done through the use of Bluetooth technology.
This information remains on the phone and is only sent to a central server in case one of the postive users in COVID-19 enters this information in the app (only the contacts from the last 14 days). In this way, an alert message can be sent to the mobile phones of the contacts.
All this raises serious doubts about security and privacy, but Apple and Google that these are ensured thanks to the trace keys and the encryption of the data. There are countries like the United Kingdom and France that opt ??for their own solutions and others, like Germany, that will use this system from Apple and Google. In addition, this system has some drawbacks, such as the fact that not everyone has a mobile phone with Bluetooth or does not want to download the application.
How the phones communicate with each other
This system developed by Apple and Google is based on proximity identifiers (RPID), which are used to communicate with other devices with Bluetooth. These identifiers change every few minutes, but when stored in a pubic registry for about 14 days, if a user presents symptoms of Covid-19 and communicates it, thanks to this registry a notification can be sent to those devices with which there has been communication .
Although encryption keys are located on users' devices and not on a central server (which increases security), if someone somehow acquires those keys, they could use all that information, for example, to generate a map of the movements of any user, which would allow knowing, for example, their activities.
Can the system be improved?
Although Apple and Google have made a great effort in the development of this system, perhaps it could be subject to improvement. Encryption and decentralization of information could come into action here, as is the case with Blockchain technology and cryptocurrencies.
What do you think of all this? These applications are not supposed to collect sensitive information. In case you could install it on your mobile phone, what would you do? Would you activate it?
