Skip to navigationSkip to contentSkip to footerHelp using this website - Accessibility statement
Advertisement

Opinion

John Davidson

Big tech's virus-tracking apps explained

The platform that Apple and Google are co-developing gives Google (and to a much lesser extent Apple) vastly less information about us than they are already collecting.

John DavidsonColumnist

Subscribe to gift this article

Gift 5 articles to anyone you choose each month when you subscribe.

Subscribe now

Already a subscriber?

On Good Friday, two of the biggest companies in big tech, Apple and Google, did something almost unheard of in the annals of tech.

The two companies, which ordinarily wouldn't be seen at the same conference together much less join up to work on the same project, co-announced they were co-operating to develop a contact tracing platform for their respective iOS and Android phone operating systems, that could help health agencies around the world figure out who has been in contact with carriers of the novel coronavirus.

As far as Big Tech is concerned, COVID-19 does present as something of a redemption narrative. Minh Uong

Then on Easter Monday, they got together on the same conference call (though, presumably, still not in the same room as each other – the spirit of co-operation can only stretch so far) and provided technical briefings on exactly what their plans were, and on how they might fit with the contact tracing apps that governments, including Australia's, are already working on.

The timing of the co-announcement, over a holiday when Christians celebrate the resurrection of Jesus, may have had more to do with the pressing need for such technology than with any sort of symbolism, but nevertheless it's not too big a stretch to say that, as far as big tech is concerned, COVID-19 presents as a redemption narrative.

The tech industry, which these past few years has done everything it could think of to abuse and ultimately lose the trust of the citizens of the world, suddenly has the chance to be part of the solution, and, for once, not part of the problem.

Advertisement

But the difficult question now facing citizens is this: having cast big tech into the political wilderness for abusing our trust, can we afford to let it back inside now?

Well, it may be that we don't have to.

Collecting less data than usual

The platform that Apple and Google are co-developing, which the Australian government ought to consider for its own contact tracing app due to the way it helps solve the single biggest problem facing all such efforts, is designed in a way that gives Google (and to a much lesser extent Apple) vastly less information about us than they are already collecting.

However odious Apple's "walled garden" approach to its user base may be, at least it tends to mean the company doesn't sell its users' data to all comers, meaning it has better-than-average-privacy settings.

Meanwhile, just one of Google's apps, Maps, which many of us use every day without thinking twice, is infinitely more invasive of users' privacy than the COVID-19 contact tracing app which Apple and Google are proposing.

Advertisement

Indeed, the contact-tracing platform collects so little information, it's actually far less useful than it could be to health authorities.

The platform doesn't collect geographic data, for instance, which could help health authorities figure out where there might be clusters of infection.

The software utilises hardware known as Bluetooth Low Energy that already exists in any recent smartphone.

Every 15 minutes, it randomly generates a globally unique identifier (and just how random it is will be important, because if it's not genuinely random it could help hackers – or Google advertising execs – figure out who the identifier belongs to) and then beams that fresh "beacon" out to all nearby devices.

The app takes a note of the beacon it just beamed out, and also takes a note of any beacons that it receives from nearby devices.

Advertisement

The beacons, which don't encode any information about either party or even the locations of either party, are stored on the phone, and never get uploaded to a central server unless the phone's owner is notified that he or she has an official COVID-19 diagnosis.

When an authenticated diagnosis is downloaded to the phone of an infected person, the app uploads to a central server all the beacons that phone sent out, but not the ones it received.

The server could be hosted either by a government agency that has worked with Apple and Google, or by Apple and Google themselves. That detail is yet to be fleshed out.

App will be opt-in

Meanwhile, all the phones running the same app will from time to time ping the central server, download the list of all the beacons on it, and check to see whether any of those beacons are on the list of beacons it received from other nearby phones.

If there's a match, the user is told to contact the health authority as a possible contact.

Advertisement

That's it. All the matching is done on your phone, and, unless you're infected, all the data is stored on the phone, too.

The upside of the technology is, it collects no information about anyone using the app. The downside is, it collects no information about anyone using the app.

But, by collecting the bare minimum amount of data to be useful (which happens to be one of the pillars of good privacy design, and something which Google would do well to bring back into the rest of its operation), and due to the fact that both Apple and Google plan to roll this software out to all of their phones via the usual over-the-air updates, the platform has a better-than-average chance of avoiding the big problem that has undermined other efforts around the world.

Not enough people install them.

Experts estimate that, in order to be useful, contact tracing apps need to be used by at least half the population. Singapore, a state well-versed in getting its citizens to comply with strict laws, was only able to get less than a quarter of its population to install its contact tracing app, which was designed around similar privacy principles.

Advertisement

Google and Apple's version of the technology will be opt in, to be sure, but it will have the advantage it will already be on the phone when people go to opt in.

When it gets installed as part of a regular software update in coming weeks and months (it's a two-stage rollout), it may even prompt users to opt in, which would go a long way to getting its usage above that crucial 50 per cent mark.

Phone users are sick of tricky and misleading prompts on their phones, no doubt. But this could be one prompt that helps stop them getting sick.

Just this once, it might be worth giving big tech a second chance.

John Davidson is an award-winning columnist, reviewer, and senior writer based in Sydney and in the Digital Life Laboratories, from where he writes about personal technology. Connect with John on Twitter. Email John at jdavidson@afr.com

Subscribe to gift this article

Gift 5 articles to anyone you choose each month when you subscribe.

Subscribe now

Already a subscriber?

Read More

Latest In Technology

Fetching latest articles

Most Viewed In Technology