Finding out that you’ve been exposed to a serious disease through a push notification may still seem like something out of dystopian science fiction. But the ingredients for that exact scenario will be baked into Google and Apple’s operating system in as soon as a matter of days. Now the two companies have shown not only how it will work, but how it could look—and how it’ll let you know if you’re at risk.
On Monday, Apple and Google released a few new details about the Bluetooth system they’re building into both Android and iOS that will let health care authorities track potential encounters with Covid-19. The companies have now made clear that only government agencies—preferably at the national level, Google and Apple say, though they note they’re willing to work with state and regional authorities—will be granted permission to the feature’s application programming interface. If those government-run apps want access to Apple and Google’s Bluetooth-based system, they won’t be allowed to collect location data, and must ask for consent before collecting information on a user’s proximity to others. They’ll need permission to upload any information from the phones of Covid-19 positive people as well again before uploading any information from the phones of Covid-19 positive people.
The two companies have published sample user interface screenshots for the first time as well. As Google and Apple first outlined last month, their Covid-19 exposure notification system transmits unique, rotating codes from phones via their Bluetooth radios based on cryptographic keys that change daily. They not only keep a log of the last two weeks of your codes, but also listen for the codes broadcast by others. If two people running the app spend a certain amount of time in proximity—say, 10 minutes within six feet, or whatever health care agencies dictate—their phones will both record each others’ Bluetooth codes. If one of them later receives a positive Covid-19 diagnosis, they can choose to upload all of their keys from the last two weeks to the app’s server, which will then send those keys out to the phones of all the other users in their region. Those phones will then check if the codes they’ve recorded from other nearby users can be generated from those keys. If you get a match, the app will show a message that you’ve potentially been exposed to Covid-19 and caution you to self-quarantine or get tested.
Now Google and Apple are showing how some parts of that process might look. The two companies warn, however, that they’re only releasing sample images as references, since health care agencies will build the final apps, not Apple and Google.
Here, for instance, is how Google and Apple suggest the apps ask for user consent to transmit and record Bluetooth codes when the app is first installed: