Download COVID Alert today
Governments and health authorities are working together to find answers to the COVID‑19 pandemic, to protect people and obtain community back up and running. Software developers are participating by developing professional tools to assist combat the virus and save lives. In this spirit of collaboration, Google and Apple are declaring a joint effort to facilitate the use of Bluetooth technology to help governments and health agencies decrease the spread of the virus, with user privacy and security central to the design.
COVID Alert is a privacy-protective application. No personal identifier, no GEO location data, nothing personal are collected. The app is entirely open-source in Canada (which can help experts look under the hood), And From what I could find in Apple and google technical reports, this app is totally under the control of the user. Privacy is all about personal control, and no personal identifier is collected Whatsoever. This is Called exposure identification (COVID Alert) not contact tracing app, ( Which I think the problem with not so many people downloading this can be the name of contact tracing too, which I think we have to avoid), That makes sense because no one is Traced, Tracked or monitored. This app will enable you to be notified if you have been exposed to someone who has COVID-19 positive (It is all in the user's hand, and the user has total control).
Twenty-one percent of Canadian adults state they have downloaded the federal government's COVID-19 exposure notification app (COVID Alert), while approximately half say they intend to, according to recent Mainstreet Research polling. The app launched on July 31 and rolled out first in Ontario to determine whether a user has been in close contact with someone who has tested positive with COVID-19 over the past 14 days.
How does this work?
The design of the Google/Apple API is such that this protected layer of the operating system is isolated, so no other app on the device can access its data, the following Comic picture by Nicky Case describes the whole procedure in simple words.
Downloading and installing the app does not start the exposure notification process. When users first open the app, they are presented a walk-through of how exposure notifications work and what data is shared. They are then asked if they wish to enable exposure notifications. A consent dialog from their device's operating system appears. If they enable exposure notifications, the Google/Apple API exposure notification "layer" (GAOS layer) of the device is activated. This also initiates activation of the device's Bluetooth function so that the device begins sending signals to and receiving signals from the devices of other users who have downloaded the app. This Bluetooth communication between participating users is short-range device-to-device communication; nothing is being transmitted to any server.
Privacy at Its Optimum level
This technology uses Bluetooth, Bluetooth beacons they change every 15 minutes, So someone cannot say, " Oh, we located this person, we got the identifier we got the keys, " because they continuously change. In addition to that, apple and google encrypted the metadata arising from Bluetooth beacon, so it makes it almost impossible the identify someone. So this AppleGoogle framework is very interesting and unique in terms of being transparent. It is a free contribution from Apple and Google with the public health authority. It is decentralized, built on privacy by design framework, privacy is by default setting, meaning nobody has to ask for privacy to be protected. It is automatically embedded in the system right from the start.
As mentioned, all the protocols are controlled by rules issued in the Apple Google framework. For instance, this is how Bluetooth broadcasting behavior works in its framework. During the Bluetooth broadcast, advertisements are non-connectable undirected of type ADV_NONCONN_IND. The advertiser address type shall be Random Non-resolvable. On platforms supporting the Bluetooth Random Private Address with a randomized rotation timeout interval, the advertiser address rotation period shall be a random value that is greater than 10 minutes and less than 20 minutes. The advertiser address, Rolling Proximity Identifier, and Associated Encrypted Metadata shall be changed synchronously so that they cannot be linked. If the hardware allows, a separate Bluetooth broadcasting instance shall be used to provide reliability and flexibility in choosing optimal intervals. The broadcasting interval is subject to change but is currently recommended to be 200-270 milliseconds. The following are maintained by any application that uses AppleGoogle framework:
- The Exposure Notification Bluetooth Specification does not use the location for proximity detection. It strictly uses Bluetooth beaconing to detect proximity.
- A user’s Rolling Proximity Identifier changes on average every 15 minutes and needs the Temporary Exposure Key to be correlated to a contact. This behavior reduces the risk of privacy loss from broadcasting the identifiers.
- Proximity identifiers obtained from other devices are processed exclusively on the device.
- Users decide whether to contribute to exposure notification.
- If diagnosed with COVID-19, users must provide their consent to share Diagnosis Keys with the server.
- Users have transparency in their participation in exposure notification.
The following figure illustrates the broadcasting behavior of each user device.
This protocol leverages a new concept to strengthen privacy Bluetooth pseudorandom identifiers referred to as Rolling Proximity Identifiers. Each Rolling Proximity Identifier is derived from a Rolling Proximity Identifier Key, which is, in turn, derived from a Temporary Exposure Key and a discretized representation of time. The Rolling Proximity Identifier changes at the same frequency as the Bluetooth randomized address, to prevent linkability and wireless tracking. Nonuser identifying Associated Encrypted Metadata is associated with Rolling Proximity Identifiers. The broadcast metadata from a user can only be decrypted later when the user tests positive. In this protocol, the time is discretized in 10-minute intervals that are enumerated starting from Unix Epoch Time. ENIntervalNumber allows conversion of the current time to a number representing the interval it’s in. Temporary Exposure Keys roll at a frequent cadence called TEKRollingPeriod, which is set to 144, achieving a key validity of 24 hours. Each key is randomly and independently generated using a cryptographic random number generator. All devices are sharing the same TEKRollingPeriod roll keys at the same time — at the beginning of an interval whose ENIntervalNumber is a multiple of TEKRollingPeriod. The following figure shows the overall key schedule processes :
ENIntervalNumber is a function that provides a number for each 10 minute time window that’s shared between all devices participating in the protocol. These time windows are derived from timestamps in Unix Epoch Time. ENIntervalNumber is encoded as a 32-bit (uint32_t) unsigned little-endian value. The TEKRollingPeriod is the duration for which a Temporary Exposure Key is valid (in multiples of 10 minutes). In our protocol, TEKRollingPeriod is defined as 144, achieving a key validity of 24 hours.
When setting up the device for exposure detection, the first Temporary Exposure Key is generated on the device and associated with an ENIntervalNumber, corresponding to the time from which the key is valid. That value is aligned with the TEKRollingPeriod and is derived as follows:
If you are not interested in the technical part, I am confident to say the application is completely Privacy-Protected, No Personal data is collected or transmitted to any server, everything happens on the user phone only.
The Worst-Case Scenario
Bad guys never stop, and if my memory serves me right, they usually take advantage of a situation where people take their guards down. An increasing number of different cyber-attacks and new variants of malware in the past three months can prove this hypothesis. However, this application's design makes it hard for any malicious actor to violate the privacy of users. In the worst-case scenario, rolling proximity identifier (RPI) can be intercepted, which is meant to be public by its default, and it does not contain any information. The following are mentioned in the report published by the Canadian government:
Even if an RPI were intercepted by a device operated by a malicious actor, it would be a meaningless number on its own and would not be linkable to a device without significant effort. There is a very unlikely risk that a highly motivated attacker could leverage something called a "linkage attack." By placing Bluetooth collection devices at several different locations throughout a city, they could collect the RPIs of the passerby at every road intersection. If an individual were then diagnosed and decided to upload their diagnosis keys, this attacker could recreate a device's path through the city. To effectively track somebody's path, an attacker would have to have numerous collection devices deployed at significant density throughout an entire geographical region. Such an attack is a possibility but requires extensive resources and expertise to implement. Further, the chance of such an attack being successful is even lower, given that there is a high chance of the malicious actor being caught, and the attack is prevented.
Please Download the Application
Although this does depend on people downloading the app and signifying their positive statues, so the individual has to self report if they are COVID-19 positive. That will enable others who were exposed to them. Know and seek medical attention or monitor themselves for signs. If people don’t trust this, it is not going to happen. We need 50 to 60 percent of the population using this for it to be effective. It is built on trust, and no privacy-protective measures are overlooked. The design is of the app is decentralized, and everything will happen on the user device. The user chooses when to enable and disable it, and all the information lives on the user device. It is ONLY an exposure notification app, and this app does not do any tracing or tracking.
