Apple and Google said on Friday they were to strengthen the privacy of their global contact-tracing system, following a wave of concerns from data security experts.
The rival tech companies announced two weeks ago they would work together to help curb the Covid-19 outbreak by releasing a system that can alert smartphone users if they have come into contact with people infected with the coronavirus.
Government authorities have said these alerts could be critical in helping economies to reopen.
An early version of the system is due to be shipped to health authorities next week, and the companies have updated their designs to improve privacy protections and give public health authorities more precise information.
Among the changes are modifications to how phones emit Bluetooth signals to prevent hackers from snooping on the information.
They said the system would encrypt the metadata associated with Bluetooth — additional context such as the strength of a signal — to make it more difficult for someone to use it to identify a person by matching that information to a particular device, for example.
The companies added that users’ temporary digital identifiers would be generated on a more random basis than planned, to prevent bad actors from guessing how they were assigned to a person and using that to track them.
The project will be an important test case of whether Silicon Valley can help combat the crisis at scale, without jeopardising user data or being abused by governments looking to monitor citizens.
Google and Apple also plan to give more flexibility to the health authorities that will actually build the apps using their system.
Apps using the system will now be able to derive information about the power of Bluetooth signals, which should allow them to judge the distance between two phones more accurately.
Health authorities will also be able to define for themselves what length of contact between two phones should count as an “exposure event”. The parameters range from five to 30 minutes — they cannot be shorter because the system is designed to save battery power and will only send/receive signals every five minutes.
The Financial Times is making key coronavirus coverage free to read to help everyone stay informed. Find the latest here.
Apple and Google have still to address widespread concerns on whether the exposure notifications will actually work. A chief criticism is that not enough people would download them for the network to be effective.
But the companies say these notifications are not a silver bullet to flatten the curve, but are only designed to augment other efforts including mass testing, social distancing and better hygiene.
They also made a commitment to shut down the tracker when the pandemic has come to an end, on a region-by-region basis.