Cupertino, mountain view Google and Apple have responded to criticism of the planned Corona warning apps. On Friday, they presented further details on opening interfaces in their operating systems. With new data protection measures, it should now be even more difficult to monitor individual users using the tracing apps.
The US technology giants want to enable authorities to trace the contacts of people infected with corona. According to the companies, this access could already be available from mid-May. But there is still great distrust of the apps.
Various governments and authorities had asked Google and Apple for help. Due to the widespread use of their Android and iOS operating systems, those technical tools could help to contain the virus.
The apps are seen as one of the prerequisites to loosen general contact restrictions. They should record when smartphones come close to each other. If one of the users later reports in the app as a Covid 19 patient, his contacts should be able to be informed.
The reworks presented include further encryption. Among other things, information about the signal strength of the Bluetooth radio is to be encrypted. In addition, the keys are created for every day from each device. According to experts from the companies, it is impossible to recognize individual devices or their users by such features.
Google and Apple emphasize that the use of the apps is voluntary. Users of Google’s Android operating system and Apple’s IOS system could decide at any time whether to activate the program on their smartphone.
If users decide to participate, their data are shared with the health authorities in two scenarios: when users report a Covid 19 disease in the app or when they have had contact with a reported sick person. In both cases, only anonymized data is transmitted.
The authorities in the respective country are to decide for themselves how close two users must have been and how long they have met for the data transmission to start, according to the companies. All other data should only be saved on the device of the user.
The companies did not want to comment on whether the method presented here excludes the controversial solutions based on central data storage in Germany. But they are in discussion with all interested authorities and tried to find common solutions, it said.
DP-3T vs. PEPP-PT
In Germany, a fierce controversy about the appropriate structure of an app for tracking infection chains has flared up. All experts emphasized that they wanted to build an approach that protects privacy and prevents state control.
All approaches want to develop a smartphone app that uses Bluetooth to determine which other devices are nearby. Both approaches also require servers on which information is stored. However, it is controversial how much information can be stored on the servers.
On the one hand, there is the DP-3T (Decentralized Privacy-Preserving Proximity Tracing) approach behind which, among other things, the Helmholtz Center for Information Security CISPA is based. The model is also described as a decentralized model. The idea behind it: The servers may only store the absolutely necessary information.
In essence, this would be an anonymized code from infected people. All other information is only stored on the end devices. This works out from the current documentation of the group forth. She has already released a first version of the app.
This is contrasted by the PEPP-PT (Pan-European Privacy-Preserving Proximity Tracing) project. In the concept paper of this approach the central servers get a significantly more extensive function. They should not only store information about confirmed infections, but also information about all devices on which the app is installed.
Data protection and network organizations warn that this collection of data can be misused. Many groups, including more than 300 scientists, have therefore spoken out against PEPP-PT and for DP-3T.
In a warning letter, the influential organization Chaos Computer Club (CCC), along with other groups, argues that the central approach offers little privacy and the information could be misused. “A corona tracing app should, if at all, only be built and programmed on the basis of a decentralized approach (…)”, demanded the groups.
More: Federal Office raises alarm due to security holes in Apple’s mail app