Earlier this week, Apple released iOS 13.7, the main feature of which was updated COVID-19 Exposure Notifications. On iPhone, it works at the operating system level and means that health authorities do not need to produce an app for users, whatever platform they use. They can choose to send alerts instead.
Addressing Privacy Concerns With COVID-19 Exposure Notification in iOS 13.7
As ever, this has prompted some privacy concerns. However, a look through the documentation (from Apple,) should help allay those fears.
Some details from the FAQs:
The Exposure Notifications system harnesses the power of Bluetooth technology to aid in exposure notification. Once enabled, users’ devices will regularly send out a beacon via Bluetooth that includes a random Bluetooth identifier — basically, a string of random numbers that aren’t tied to a user’s identity and change every 10-20 minutes for additional protection. Other phones will be listening for these beacons and broadcasting theirs as well. When each phone receives another beacon, it will record and securely store that beacon on the device.
At least once per day, the system will download a list of the keys for the beacons that have been verified as belonging to people confirmed as positive for COVID-19. Each device will check the list of beacons it has recorded against the list downloaded from the server. If there is a match between the beacons stored on the device and the positive diagnosis list, the user may be notified and advised on steps to take next.
Who Gets My Data? Where is it Stored?
The data is stored on device. You have to opt-in and out of getting COVID-19 Exposure Notifications on your iPhone. Furthermore, you choose whether or not to be updated when they are available in your area. Access to the data collected will be shared with health authorities “if a user chooses to report a positive diagnosis of COVID-19,” or “if a user is notified that they have come into contact with an individual who is positive for COVID-19.” However, “the system was also designed so that Apple and Google do not have access to information related to any identifiable individual.”