Exposure Notification
View on Wikipedia| Developed by | |
|---|---|
| Introduced | April 10, 2020 |
| Industry | Digital contact tracing |
| Compatible hardware | Android & iOS smartphones |
| Physical range | ~10 m (33 ft)[1] |
The (Google/Apple) Exposure Notification System (GAEN)[2][3][a] is a framework and protocol specification developed by Apple Inc. and Google to facilitate digital contact tracing during the COVID-19 pandemic. When used by health authorities, it augments more traditional contact tracing techniques by automatically logging close approaches among notification system users using Android or iOS smartphones. Exposure Notification is a decentralized reporting protocol built on a combination of Bluetooth Low Energy technology and privacy-preserving cryptography. It is an opt-in feature within COVID-19 apps developed and published by authorized health authorities.[10][11] Unveiled on April 10, 2020, it was made available on iOS on May 20, 2020 as part of the iOS 13.5 update[12] and on December 14, 2020 as part of the iOS 12.5 update for older iPhones.[13] On Android, it was added to devices via a Google Play Services update, supporting all versions since Android Marshmallow.
The Apple/Google protocol is similar to the Decentralized Privacy-Preserving Proximity Tracing (DP-3T) protocol created by the European DP-3T consortium and the Temporary Contact Number (TCN) protocol by Covid Watch, but is implemented at the operating system level, which allows for more efficient operation as a background process.[14][15][16] Since May 2020, a variant of the DP-3T protocol is supported by the Exposure Notification Interface.[17] Other protocols are constrained in operation because they are not privileged over normal apps. This leads to issues, particularly on iOS devices where digital contact tracing apps running in the background experience significantly degraded performance.[18][19][20] The joint approach is also designed to maintain interoperability between Android and iOS devices, which constitute nearly all of the market.
The ACLU stated the approach "appears to mitigate the worst privacy and centralization risks, but there is still room for improvement".[21] In late April, Google and Apple shifted the emphasis of the naming of the system, describing it as an "exposure notification service", rather than "contact tracing" system.[22]
Technical specification
[edit]Digital contact tracing protocols typically have two major responsibilities: encounter logging and infection reporting.[19] Exposure Notification only involves encounter logging which is a decentralized architecture. The majority of infection reporting is centralized in individual app implementations.[23]
To handle encounter logging, the system uses Bluetooth Low Energy to send tracking messages to nearby devices running the protocol to discover encounters with other people. The tracking messages contain unique identifiers that are encrypted with a secret daily key held by the sending device. These identifiers change every 15–20 minutes as well as Bluetooth MAC address in order to prevent tracking of clients by malicious third parties through observing static identifiers over time.[citation needed]
The sender's daily encryption keys are generated using a random number generator.[24] Devices record received messages, retaining them locally for 14 days. If a user tests positive for infection, the last 14 days of their daily encryption keys can be uploaded to a central server, where it is then broadcast to all devices on the network. The method through which daily encryption keys are transmitted to the central server and broadcast is defined by individual app developers. The Google-developed reference implementation calls for a health official to request a one-time verification code (VC) from a verification server, which the user enters into the encounter logging app. This causes the app to obtain a cryptographically signed certificate, which is used to authorize the submission of keys to the central reporting server.[25]
The received keys are then provided to the protocol, where each client individually searches for matches in their local encounter history. If a match meeting certain risk parameters is found, the app notifies the user of potential exposure to the infection.[26] Google and Apple intend to use the received signal strength (RSSI) of the beacon messages as a source to infer proximity.[27] RSSI and other signal metadata will also be encrypted to resist deanonymization attacks.[24]
Version 1.0
[edit]To generate encounter identifiers, first a persistent 32-byte private Tracing Key () is generated by a client. From this a 16 byte Daily Tracing Key is derived using the algorithm , where is a HKDF function using SHA-256, and is the day number for the 24-hour window the broadcast is in starting from Unix Epoch Time. These generated keys are later sent to the central reporting server should a user become infected.[28]
From the daily tracing key a 16-byte temporary Rolling Proximity Identifier is generated every 10 minutes with the algorithm , where is a HMAC function using SHA-256, and is the time interval number, representing a unique index for every 10 minute period in a 24-hour day. The Truncate function returns the first 16 bytes of the HMAC value. When two clients come within proximity of each other they exchange and locally store the current as the encounter identifier.[28]
Once a registered health authority has confirmed the infection of a user, the user's Daily Tracing Key for the past 14 days is uploaded to the central reporting server. Clients then download this report and individually recalculate every Rolling Proximity Identifier used in the report period, matching it against the user's local encounter log. If a matching entry is found, then contact has been established and the app presents a notification to the user warning them of potential infection.[28]
Version 1.1
[edit]Unlike version 1.0 of the protocol, version 1.1 does not use a persistent tracing key, rather every day a new random 16-byte Temporary Exposure Key () is generated. This is analogous to the daily tracing key from version 1.0. Here denotes the time is discretized in 10 minute intervals starting from Unix Epoch Time. From this two 128-bit keys are calculated, the Rolling Proximity Identifier Key () and the Associated Encrypted Metadata Key (). is calculated with the algorithm , and using the algorithm.[29]
From these values a temporary Rolling Proximity Identifier () is generated every time the BLE MAC address changes, roughly every 15–20 minutes. The following algorithm is used: , where is an AES cryptography function with a 128-bit key, the data is one 16-byte block, denotes the Unix Epoch Time at the moment the roll occurs, and is the corresponding 10-minute interval number. Next, additional Associated Encrypted Metadata is encrypted. What the metadata represents is not specified, likely to allow the later expansion of the protocol. The following algorithm is used: , where denotes AES encryption with a 128-bit key in CTR mode. The Rolling Proximity Identifier and the Associated Encrypted Metadata are then combined and broadcast using BLE. Clients exchange and log these payloads.[29]
Once a registered health authority has confirmed the infection of a user, the user's Temporary Exposure Keys and their respective interval numbers for the past 14 days are uploaded to the central reporting server. Clients then download this report and individually recalculate every Rolling Proximity Identifier starting from interval number , matching it against the user's local encounter log. If a matching entry is found, then contact has been established and the app presents a notification to the user warning them of potential infection.[29]
Version 1.2
[edit]Version 1.2 of the protocol is identical to version 1.1, only introducing minor terminology changes.[29]
Privacy
[edit]Preservation of privacy was referred to as a major component of the protocol; it is designed so that no personally identifiable information can be obtained about the user or their device.[30][11][31][32] Apps implementing Exposure Notification are only allowed to collect personal information from users on a voluntary basis.[33] Consent must be obtained by the user to enable the system or publicize a positive result through the system, and apps using the system are prohibited from collecting location data.[34] As an additional measure, the companies stated that it would sunset the protocol by-region once they determine that it is "no longer needed".[35]
The Electronic Frontier Foundation showed concerns the protocol was vulnerable to "linkage attacks", where sufficiently capable third parties who had recorded beacon traffic may retroactively be able to turn this information into tracking information, for only areas in which they had already recorded beacons, for a limited time segment and for only users who have disclosed their COVID-19 status, once a device's set of daily encryption keys have been revealed.[36]
On April 16, the European Union started the process of assessing the proposed system for compatibility with privacy and data protection laws, including the General Data Protection Regulation (GDPR).[37] On April 17, 2020, the UK's Information Commissioner's Office, a supervisory authority for data protection, published an opinion analyzing both Exposure Notification and the Decentralized Privacy-Preserving Proximity Tracing protocol, stating that the systems are "aligned with the principles of data protection by design and by default" (as mandated by the GDPR).[38]
Deployment
[edit]Exposure Notification is compatible with Android devices supporting Bluetooth Low Energy and running Android 6.0 "Marshmallow" and newer with Google Mobile Services. It is serviced via updates to Google Play Services, ensuring compatibility with the majority of Android devices released outside of Mainland China, and not requiring it to be integrated into Android firmware updates (which would hinder deployment by relying on individual OEMs). It is not compatible with devices that do not have GMS, such as Huawei devices released since May 2019.[39][40] On iOS, EN is serviced via operating system updates.[12] It was first introduced as part of iOS 13.5 on May 20, 2020.[41][42] In December 2020, Apple released iOS 12.5, which backported EN support to iPhone models that cannot be upgraded to iOS 13, including iPhone 6 and older.[42]
Exposure Notification apps may only be released by public health authorities. To discourage fragmentation, each country will typically be restricted to one app, although Apple and Google stated that they would accommodate regionalized approaches if a country elects to do so.[34] Apple and Google released reference implementations for apps utilizing the system, which can be used as a base.[34]
On September 1, 2020, the consortium announced "Exposure Notifications Express" (EN Express), a system designed to ease adoption of the protocol by health authorities by removing the need to develop an app themselves. Under this system, a health authority provides parameters specific to their implementation (such as thresholds, branding, messaging, and key servers), which is then processed to generate the required functionality. On Android, this data is used to generate an app, and a configuration profile that can also be deployed to users via Google Play Services without a dedicated app.[43] On iOS, the functionality is integrated directly at the system level on iOS 13.7 and newer without a dedicated app.[44]
The last information update on the "Exposure Notification Systems" partnership was a year end review issued by Google in December 2020:[45] "we plan to keep you updated here with new information again next year". Nothing has however been issued on the one year anniversary of the launch of the "Exposure Notification Interface" API in spite of important changes on the pandemic front such as vaccination, variants, digital health passports, app adoption challenges as well as growing interest for tracking QR codes (and notifying from that basis) on a mostly airborne transmitted virus.[original research?] The Frequently Asked Questions (FAQ) published document has not been revised since May 2020.[46] Basic support remains provided through the apps store released by authorized public health agencies, including enforcement of the personal privacy protection framework as demonstrated on the UK NHS challenge in support of their contact tracers.[47]
In June 2021, Google faced allegations that it had automatically downloaded Massachusetts' "MassNotify" app to Android devices without user consent. Google clarified that it had not actually downloaded the app to user devices, and that Google Play Services was being used to deploy an EN Express configuration profile that would allow it to be enabled via the Google Settings app without needing to download a separate app.[43]
Adoption
[edit]As of May 21, at least 22 countries had received access to the protocol.[33] Switzerland and Austria were among the first to back the protocol.[48] On April 26, after initially backing PEPP-PT, Germany announced it would back Exposure Notification,[49] followed shortly after by Ireland [50] and Italy.[51] Despite already adopting the centralised BlueTrace protocol,[52] Australia's Department of Health and Digital Transformation Agency were investigating whether the protocol could be implemented to overcome limitations of its COVIDSafe app.[33] On May 25, Switzerland became the first country to launch an app leveraging the protocol, SwissCovid, beginning with a small pilot group.[53]
In England, the National Health Service (NHS) trialed both an in-house app on a centralized platform developed by its NHSX division, and a second app using Exposure Notification.[54] On June 18, the NHS announced that it would focus on using Exposure Notification to complement manual contact tracing, citing tests on the Isle of Wight showing that it had better cross-device compatibility (and would also be compatible with other European approaches), but that its distance calculations were not as reliable as the centralized version of the app,[55] an issue which was later rectified.[56][57] Later, it was stated that the app would be supplemented by QR codes at venues.[58] A study of the impact of Exposure Notification in England and Wales estimated that it averted 8,700 (95% confidence interval 4,700–13,500) deaths out of the 32,500 recorded from its introduction on 24 September 2020 to 31 December 2020.[59]
Canada launched its COVID Alert app, co-developed in partnership with BlackBerry Limited and Shopify,[60] on July 31 in Ontario.[61] As of February 2022, only around 57,000 positive cases had been reported via the app, leading some critics to dismiss it as a failure.[62][63][64]
In May 2020, Covid Watch launched the first calibration and beta testing pilot of the GAEN APIs in the United States at the University of Arizona.[65][66] In Aug 2020, the app launched publicly for a phased roll-out in the state of Arizona.[67][68][69]
The U.S. Association of Public Health Laboratories (APHL) stated in July 2020 that it was working with Apple, Google, and Microsoft on a national reporting server for use with the protocol, which it stated would ease adoption and interoperability between states.[70][44]
In August 2020, Google stated that at least 20 U.S. states had expressed interest in using the protocol. In Alabama, the Alabama Department of Public Health, University of Alabama at Birmingham, and the University of Alabama System deployed the "GuideSafe" app for university students returning to campus, which includes Exposure Notification features.[71][72] On August 5, the Virginia Department of Health released its "COVIDWise" app — making it the first U.S. state to release an Exposure Notification-based app for the general public.[73][74][75] North Dakota and Wyoming released an EN app known as "Care19 Alert", developed by ProudCrowd and using the APHL server (the app is a spin-off from an existing location logging application it had developed, based on one it had developed primarily for use by students travelling to attend college football away games).[76][77]
Maryland, Nevada, Virginia, and Washington, D.C. have announced plans to use EN Express.[44] In September, Delaware, New Jersey, New York, and Pennsylvania all adopted "COVID Alert" apps developed by NearForm, which are based on its COVID Tracker Ireland app.[78][79] Later that month, the Norwegian Institute of Public Health announced that it would lead development of an Exposure Notification-based app for the country, which replaces a centralized app that had ceased operations in June 2020 after the Norwegian Data Protection Authority ruled that it violated privacy laws.[80][81]
In Nov 2020, Bermuda launched the Wehealth Bermuda app developed by Wehealth, a Public Benefit Corporation, which was based on the Covid Watch app released in Arizona.[82][83][84]
| Country | Region/State | Name | Announced/Released | Notes |
|---|---|---|---|---|
| Stopp Corona App | June 26, 2020 | [85] | ||
| Coronavírus-SUS | July 31, 2020 | [86] | ||
| Wehealth Bermuda | Nov 24, 2020 | [82][83][84] | ||
| Coronalert | October 1, 2020 (public) | September 2, 2020 (Pilot phase) [87] | ||
| COVID Alert | July 31, 2020 | Available in New Brunswick, Newfoundland and Labrador, Ontario, Manitoba, Saskatchewan, Quebec, Prince Edward Island, and Nova Scotia.[88][61][89] Alberta and British Columbia have declined its use.[89] | ||
| eRouška (eMask) | September 17, 2020 | Since version 2.1[90][91] | ||
| Smittestop | June 18, 2020 | [92] | ||
| Hoia | August 20, 2020 | [93] | ||
| Koronavilkku | August 31, 2020 | [94] | ||
| Corona-Warn-App | June 16, 2020 | [95] | ||
| BEAT Covid Gibraltar | June 18, 2020 | Based on COVID Tracker Ireland and will interoperate with it.[96][97] | ||
| Rakning C-19 | May 12, 2021 | GEAN implementation activated in May 2021, replaced previous version of app which used GPS tracking stored on-device launched in April 2020.[98][99] | ||
| COVID Tracker Ireland | July 7, 2020 | [100][101] | ||
| Immuni | June 1, 2020 | [102] | ||
| COCOA | June 19, 2020 | [103] | ||
| Jersey COVID Alert | September 21, 2020 | [104] | ||
| Apturi Covid | May 29, 2020 | [105] | ||
| Ma3an | July 16, 2020 | [106] | ||
| CoronaMelder | October 10, 2020 (full release) | [107] | ||
| NZ COVID Tracer | December 10, 2020 (full release) | [108] | ||
| Smittestopp | December 21, 2020 | Replaced a version of the app that was suspended earlier in the year due to scrutiny from the local Norwegian Data Protection Authority.[80][81] | ||
| StaySafe.ph | March 29, 2021 | GAEN implementation activated in April 2021 [109] | ||
| ProteGO Safe | June 9, 2020 | Update to existing encounter logging app.[110] | ||
| STAYAWAY COVID | August 28, 2020 | [111] | ||
| Gosuslugi. Covid Tracker | November 23, 2020 | https://play.google.com/store/apps/details?id=com.minsvyaz.gosuslugi.exposurenotificationdroid | ||
| COVID Alert SA | September 1, 2020 | [112] | ||
| Radar COVID | June 30, 2020 (beta test) | [113] | ||
| SwissCovid | May 26, 2020 (pilot phase) | [53] | ||
| 臺灣社交距離 | May 3, 2021 | [114] | ||
| Thai Covid Alert | April 26, 2022 | [115] | ||
| NHS COVID-19 | September 24, 2020 | [116] | ||
| StopCOVID NI | July 30, 2020 | Interoperates with COVID Tracker Ireland.[101] | ||
| Protect Scotland | September 11, 2020 | Based on COVID Tracker Ireland and will interoperate with it.[96] | ||
| GuideSafe | August 3, 2020 | Targeting University of Alabama students as part of a larger program under the same name.[71] | ||
| Alaska COVID ENX | January 20, 2022 | [117] | ||
| Covid Watch | May 28, 2020 (attenuation and dynamic risk testing)
August 19, 2020 (released) |
Targeting University of Arizona in a phased roll-out for the state of Arizona.[67][68][69] | ||
| CA Notify | December 10, 2020 | [118][119] | ||
| CO Exposure Notifications | October 25, 2020 | [120] | ||
| COVID Alert CT | November 12, 2020 | [121] | ||
| COVID Alert DE | September 15, 2020 | Based on COVID Tracker Ireland.[79] | ||
| Guam Covid Alert | September 10, 2020 | Based on the PathCheck Foundation's GAEN Mobile project | ||
| Aloha Safe Alert | November 11, 2020 | Based on the PathCheck Foundation's GAEN Mobile project | ||
| COVID Defense | January 22, 2021 | Based on the PathCheck Foundation's GAEN Mobile project [122][123] | ||
| MD COVID Alert | October 10, 2020 | [124] | ||
| MassNotify | Uses EN Express.[125] | |||
| MI COVID Alert | October 15, 2020 (Michigan State University pilot)
November 9, 2020 (statewide) |
[126][127][128] | ||
| COVIDaware MN | November 23, 2020 | [129][130] | ||
| MO/Notify | July 29, 2021 | Targeting Washington University in St. Louis in a phased roll-out for the state of Missouri.[131][132] | ||
| COVID Alert NJ | September 30, 2020 | Based on COVID Tracker Ireland.[79] | ||
| COVID Alert NY | September 30, 2020 | Based on COVID Tracker Ireland.[79] | ||
| SlowCOVIDNC | September 22, 2020 | The app was shut down on or before August 19, 2022.[133] | ||
| Care19 Alert | August 13, 2020 | [134] | ||
| COVID Alert PA | September 24, 2020 | Based on COVID Tracker Ireland.[79] | ||
| UT Exposure Notifications | February 16, 2021 | [135] | ||
| COVIDWise | August 5, 2020 | [75] | ||
| WA Notify | November 30, 2020 | [136][137] | ||
| WI Exposure Notification | December 23, 2020 | [138] | ||
| Care19 Alert | August 14, 2020 | [139] | ||
| Coronavirus UY | June 15, 2020 | [140] | ||
Alternatives
[edit]Some countries, such as France, have pursued centralized approaches to digital contact tracing, in order to maintain records of personal information that can be used to assist in investigating cases.[31][141] The French government asked Apple in April 2020 to allow apps to perform Bluetooth operations in the background, which would allow the government to create its own system independent of Exposure Notification.[142]
On August 9, the Canadian province of Alberta announced plans to migrate to the EN-based COVID Alert from its BlueTrace-based ABTraceTogether app.[143][144] This did not occur, and on November 6 Premier of Alberta Jason Kenney announced that the province would not do so, arguing that ABTraceTogether was "from our view, simply a better and more effective public health tool", and that they would be required to phase out ABTraceTogether if they did switch.[145] British Columbia has also declined to adopt COVID Alert, with provincial health officer Bonnie Henry stating that COVID Alert was too "non-specific".[145]
Australia's officials have stated its COVIDSafe, which is based on Singapore's BlueTrace, will not be shifting from manual intervention.[146][147]
In the United States, states such as California and Massachusetts declined to use the technology, opting for manual contact tracing.[148] California later reversed course and adopted the system in December 2020.[118][119]
Chinese vendor Huawei (which cannot include Google software on its current Android products due to U.S. sanctions) added a OS-level DP-3T API known as "Contact Shield" to its Huawei Mobile Services stack in June 2020, which the company states is intended to be interoperable with Exposure Notification.[149]
Notes
[edit]References
[edit]- ^ Sponås, Jon Gunnar. "Things You Should Know About Bluetooth Range". blog.nordicsemi.com. Retrieved 2020-04-12.
- ^ "Google | Apple Exposure Notifications". WeHealth.
- ^ Nebeker, C.; Kareem, D.; Yong, A.; Kunowski, R.; Malekinejad, M.; Aronoff-Spencer, E. (2023). "Digital exposure notification tools: A global landscape analysis". PLOS Digital Health. 2 (9) e0000287. doi:10.1371/journal.pdig.0000287. PMC 10473497. PMID 37656671.
- ^ "Exposure Notification". Apple Developer. Archived from the original on July 23, 2020. Retrieved February 19, 2024.
- ^ "Exposure Notification | Apple Developer Documentation". developer.apple.com. Retrieved 2020-05-21.
- ^ Burke, Dave (July 31, 2020). "An update on Exposure Notifications". The Keyword. Archived from the original on July 31, 2020. Retrieved February 19, 2020.
- ^ "Exposure Notifications: Helping fight COVID-19 - Google". Exposure Notifications: Helping fight COVID-19 - Google. Retrieved 2020-07-31.
- ^ "Privacy-Preserving Contact Tracing". Apple. 10 April 2020.
- ^ "Contact Tracing – Bluetooth Specification" (PDF) (Preliminary ed.). 2020-04-10. Archived from the original (PDF) on 2020-04-10. Retrieved 2020-04-10.
- ^ "Apple and Google are launching a joint COVID-19 tracing tool for iOS and Android". TechCrunch. 10 April 2020. Archived from the original on 2020-05-22. Retrieved 2020-04-10.
- ^ a b Sherr, Ian; Nieva, Richard (2020-04-10). "Apple and Google are building coronavirus tracking tech into iOS and Android". CNET. Archived from the original on 2020-04-10. Retrieved 2020-04-10.
- ^ a b "COVID-19 exposure notification settings begin to go live for iOS users with new update". TechCrunch. Retrieved 2024-04-17.
- ^ Miller, Chance (2020-12-14). "Apple releases iOS 12.5 for older iPhones with support for COVID-19 exposure notifications". 9to5Mac. Retrieved 2021-01-05.
- ^ "Apple and Google update joint coronavirus tracing tech to improve user privacy and developer flexibility". TechCrunch. 24 April 2020. Archived from the original on 2021-06-04. Retrieved 2020-04-26.
- ^ Farr, Christina (2020-04-28). "How a handful of Apple and Google employees came together to help health officials trace coronavirus". CNBC. Retrieved 2020-04-29.
- ^ "Private Contact Tracing Protocols Compared: DP-3T and CEN". Zcash Foundation. 2020-04-06.
- ^ "Coronalert: A Distributed Privacy-Friendly Contact Tracing App for Belgium: Corona App Task Force Version 1.2" (PDF). Esat.kuleuven.be. 5 August 2020. Retrieved 27 June 2022.
- ^ Bogle, technology reporter Ariel (2020-04-26). "Want the COVID-19 tracing app to work properly? Keep your iPhone charged". ABC News. Retrieved 2020-04-26.
- ^ a b Jason Bay; Joel Kek; Alvin Tan; Chai Sheng Hau; Lai Yongquan; Janice Tan; Tang Anh Quy. "BlueTrace: A privacy-preserving protocol for community-driven contact tracing across borders" (PDF). Government Technology Agency. Archived from the original (PDF) on 17 April 2020. Retrieved 12 April 2020.
- ^ "How COVIDsafe app tracks people 1.5m from you". Chronicle. Archived from the original on 2020-05-03. Retrieved 2020-04-26.
- ^ "ACLU Comment On Apple/Google COVID-19 Contact Tracing Effort". ACLU. 2020. Retrieved 2020-04-22.
- ^ Morrison, Sara (2020-04-24). "Apple and Google's new contact tracing tool is almost ready. Just don't call it a contact tracing tool". Vox. Retrieved 2020-04-27.
- ^ "Android Contact Tracing API" (PDF). Blog.google. 2020-04-10. Retrieved 2020-05-08.
- ^ a b "Apple and Google update joint coronavirus tracing tech to improve user privacy and developer flexibility". TechCrunch. 24 April 2020. Archived from the original on 2021-06-04. Retrieved 2020-04-27.
- ^ "Exposure Notifications verification server". Google Developers. Retrieved 2020-09-01.
- ^ "Exposure Notification Frequently Asked Questions Preliminary — Subject to Modification and Extension" (PDF). Apple. 2020-05-01. Archived from the original (PDF) on 2020-05-06. Retrieved 2020-05-08.
- ^ "Is Apple and Google's Covid-19 Contact Tracing a Privacy Risk?". Wired. ISSN 1059-1028. Retrieved 2020-04-18.
- ^ a b c "Contact Tracing - Cryptography Specification" (PDF). April 2020. Retrieved 2020-06-14.
- ^ a b c d "Exposure Notification - Cryptography Specification" (PDF). Apple. April 2020. Retrieved 2020-05-22.
- ^ "Apple and Google update joint coronavirus tracing tech to improve user privacy and developer flexibility". TechCrunch. 24 April 2020. Archived from the original on 2021-06-04. Retrieved 2020-05-21.
- ^ a b Newton, Casey (2020-05-08). "Why countries keep bowing to Apple and Google's contact tracing app requirements". The Verge. Retrieved 2020-05-21.
- ^ Sherr, Ian. "Apple, Google announce new privacy features for coronavirus tracking tech". CNET. Retrieved 2020-05-21.
- ^ a b c "Google and Apple unite to help countries like Australia fix their contact tracing apps". ABC News. 2020-05-21. Retrieved 2020-05-21.
- ^ a b c "Apple and Google release sample code, UI and detailed policies for COVID-19 exposure-notification apps". TechCrunch. Retrieved 2020-09-01.
- ^ Newton, Casey (2020-04-14). "Apple and Google have a clever way of encouraging people to install contact-tracing apps for COVID-19". The Verge. Retrieved 2020-04-15.
- ^ Gebhart, Bennett Cyphers and Gennie (2020-04-28). "Apple and Google's COVID-19 Exposure Notification API: Questions and Answers". Electronic Frontier Foundation. Retrieved 2020-05-21.
- ^ Drozdiak, Natalia (16 April 2020). "Google, Apple Covid-19 Tracking Tech Faces EU Scrutiny". Bloomberg.com.
- ^ "Apple and Google joint initiative on COVID-19 contact tracing technology" (PDF). Information Commissioner's Office. 17 April 2020. Archived from the original (PDF) on 20 April 2020.
- ^ Bohn, Dieter (2020-04-13). "Android phones will get the COVID-19 tracking updates via Google Play". The Verge. Retrieved 2020-04-16.
- ^ "Apple And Google's Contact Tracing Software Won't Work On Some Huawei Devices". Gizmodo Australia. 2020-05-25. Retrieved 2020-10-07.
- ^ Gartenberg, Chaim (2020-04-14). "Here's how Apple and Google will track the coronavirus with Bluetooth". The Verge. Retrieved 2020-09-01.
- ^ a b Miller, Chance (2020-12-14). "Apple releases iOS 12.5 for older iPhones with support for COVID-19 exposure notifications". 9to5Mac. Retrieved 2020-12-14.
- ^ a b Amadeo, Ron (2021-06-21). "Even creepier COVID tracking: Google silently pushed app to users' phones [Updated]". Ars Technica. Retrieved 2021-06-22.
- ^ a b c Brandom, Russell (2020-09-01). "Apple and Google announce new automatic app system to track COVID exposures". The Verge. Retrieved 2020-09-01.
- ^ "Exposure Notifications: End of year update". 11 December 2020.
- ^ "Archived copy" (PDF). Archived from the original (PDF) on 2020-04-26. Retrieved 2020-04-27.
{{cite web}}: CS1 maint: archived copy as title (link) - ^ "NHS Covid-19 app update blocked for breaking Apple and Google's rules". BBC News.
- ^ "Switzerland, Austria align with 'Gapple' on corona contact tracing". Reuters. 2020-04-22. Retrieved 2020-05-06.
- ^ "Germany flips to Apple-Google approach on smartphone contact tracing". Reuters. 2020-04-26. Archived from the original on April 26, 2020. Retrieved 2020-04-26.
- ^ "HSE Covid-19 tracing app data will be stored on individual devices". The Irish Times. 2020-04-29. Retrieved 2020-05-06.
- ^ "Is it Safe? THE IMMUNI APP Digital Surveillance during the Coronavirus Pandemic". Byline Times / La Stampa. 2020-05-01. Retrieved 2020-05-06.
- ^ "Five questions we need answered about the government's coronavirus contact tracing app". ABC News. 2020-04-16. Retrieved 2020-05-21.
- ^ a b "SwissCovid App startet in die Pilotphase" [SwissCovid app launched into pilot phase] (in German). 25 May 2020. Archived from the original on 4 June 2020. Retrieved 25 May 2020.
- ^ Neville, Sarah; Bradshaw, Tim; Warrell, Helen (8 May 2020). "UK starts to build second contact tracing app". Financial Times. Retrieved 8 May 2020.
- ^ "UK virus-tracing app switches to Apple-Google model". BBC News. 18 June 2020. Retrieved 2020-06-18.
- ^ Lovett, Tom; Briers, Mark; Charalambides, Marcos; Jersakova, Radka; Lomax, James; Holmes, Chris (2020-07-09). "Inferring proximity from Bluetooth Low Energy RSSI with Unscented Kalman Smoothers". arXiv:2007.05057 [eess.SP].
- ^ "Updates to the algorithm underlying the NHS COVID-19 app". The Alan Turing Institute. Archived from the original on 2021-09-18. Retrieved 2021-06-30.
- ^ O'Halloran, Joe (July 31, 2020). "UK contact-tracing app to be launched 'shortly' as Northern Ireland deploys service". Computer Weekly. Retrieved 2020-07-31.
- ^ Wymant, Chris; Ferretti, Luca; Tsallis, Daphne; Charalambides, Marcos; Abeler-Dörner, Lucie; Bonsall, David; Hinch, Robert; Kendall, Michelle; Milsom, Luke; Ayres, Matthew; Holmes, Chris (2021-06-17). "The epidemiological impact of the NHS COVID-19 app". Nature. 594 (7863): 408–412. Bibcode:2021Natur.594..408W. doi:10.1038/s41586-021-03606-z. ISSN 0028-0836. PMID 33979832. S2CID 234484448.
- ^ "Here's a first look at the government's 'COVID Alert' contact tracing app". MobileSyrup. 2020-07-23. Retrieved 2020-07-24.
- ^ a b "New COVID-19 notification app rolls out in Ontario". CBC News. 2020-07-31. Retrieved 2020-07-31.
- ^ "Was Canada's COVID Alert app a hit or a miss?". CTV News. 2021-05-27. Archived from the original on May 27, 2021. Retrieved 2022-05-07.
- ^ Nardi, Christopher. "With low uptake, Canada 'gave up' on its COVID Alert app months ago, Newfoundland and Labrador health minister reveals in live update". SaltWire Network. Retrieved 2022-05-07.
- ^ Turnbull, Sarah (2021-12-30). "COVID Alert app still active, but rarely used to record positive tests". CTV News. Archived from the original on 2021-12-30. Retrieved 2022-01-02.
- ^ "UA testing app to trace COVID-19 cases on campus". KOLD News 13. 2020-05-28. Retrieved 2020-05-28.
- ^ "Online apps likely to play a big role in rebooting UA campus for fall semester". Github. 2020-05-28. Retrieved 2020-05-28.
- ^ a b "UArizona and Covid Watch Launch COVID-19 Exposure Notification App". University of Arizona News. 2020-08-18. Retrieved 2020-08-20.
- ^ a b "Covid Watch Arizona". App Store. Retrieved 2020-08-20.
- ^ a b "Covid Watch Arizona - Apps on Google Play". play.google.com. Retrieved 2020-08-20.
- ^ "Bringing COVID-19 exposure notification to the public health community". APHL Lab Blog. 2020-07-17. Retrieved 2020-09-01.
- ^ a b Walsh, Lauren (2020-08-03). "COVID-19 testing, monitoring system GuideSafe launches". ABC 33/40. Retrieved 2020-08-05.
- ^ "Alabama launches contact tracing app based on Google-Apple API". StateScoop. 2020-08-03. Retrieved 2020-08-06.
- ^ "Virginia Set To Release COVIDWISE App To Public This Week". VPM.org. 2 August 2020. Retrieved 2020-08-05.
- ^ Wetsman, Nicole (2020-08-05). "Apple and Google's COVID-19 tracking system will make its full US debut in new Virginia app". The Verge. Retrieved 2020-08-05.
- ^ a b "Virginia Unveils App To Aid Contact Tracing". NPR.org. Retrieved 2020-08-06.
- ^ "ND launches Care19 Alert app to help reduce spread of COVID-19". minotdailynews.com. Retrieved 2020-09-01.
- ^ "Three more U.S. states launching coronavirus exposure warning apps". Reuters. 2020-08-14. Archived from the original on December 4, 2020. Retrieved 2020-09-01.
- ^ Goodin-Smith, Ellie Rushing, Oona (23 September 2020). "Contact tracing app tells Pennsylvanians if they've been exposed to coronavirus". Philadelphia Inquirer. Retrieved 2020-10-07.
{{cite web}}: CS1 maint: multiple names: authors list (link) - ^ a b c d e Gorey, Colm (2020-10-02). "NearForm contact-tracing apps launched in New York and New Jersey". Silicon Republic. Retrieved 2020-10-07.
- ^ a b "NIPH starts work on a new solution for digital contact tracing". Norwegian Institute of Public Health. Archived from the original on 2021-03-01. Retrieved 2020-11-17.
- ^ a b "Uden konkurrence: Netcompany vinder ordren på en ny norsk smittestop-app". Computerworld (in Danish). 2020-10-21. Retrieved 2020-11-17.
- ^ a b "The WeHealth Bermuda App Is Now Live". Wehealth News. 2020-11-24. Archived from the original on 2023-03-08. Retrieved 2023-03-08.
- ^ a b "Wehealth Bermuda on the Play Store". Google Play Store. 2020-11-24. Retrieved 2023-03-08.
- ^ a b "Wehealth Bermuda on the App Store". Apple App Store. 2020-11-24. Retrieved 2023-03-08.
- ^ "Rotes Kreuz: Stopp Corona-App: Das Update für den automatischen Handshake ist da". Archived from the original on 2020-10-23. Retrieved 2020-08-22.
- ^ "Aplicativo Coronavírus-SUS vai alertar contatos próximos de pacientes com Covid-19" (in Brazilian Portuguese). Ministério da Saúde. 31 July 2020. Retrieved 31 July 2020.
- ^ "Coronalert", l'application de traçage belge devrait être disponible dès ce mois de septembre" (in French). RTBF. 3 September 2020. Retrieved 27 September 2020.
- ^ "COVID Alert app now operational in Saskatchewan". 650 CKOM. Retrieved 2020-09-18.
- ^ a b "Few provinces still resisting COVID Alert app as new features under consideration". CBC News. 2020-10-06. Retrieved 2020-10-07.
- ^ "eRouška – chráním sebe, chráním tebe". erouska.cz (in Czech). Retrieved 18 September 2020.
- ^ Kůžel, Filip; Lutonský, Marek. "eRouška 2.0: Co to je, jak se používá a proč se nemusíte bát o soukromí". MobilMania.cz (in Czech). Retrieved 19 September 2020.
- ^ "Smittestop appen downloadet tæt på en halv million gange på den første uge" (in Danish). Ministry of Health (Denmark). 2020-06-25. Archived from the original on 2020-06-28. Retrieved 2020-06-26.
- ^ "The Estonian coronavirus mobile application HOIA is now available for download". Estonian Ministry of Social Affairs. 2020-08-20. Retrieved 2021-09-08.
- ^ "First peek: Finland's Covid-19 contact tracing app". Yle NEWS. 11 August 2020. Retrieved 11 August 2020.
- ^ "Corona-Warn-App" (in German). Bundesregierung. Archived from the original on 2020-06-16. Retrieved 2020-06-16.
- ^ a b "Scotland's new tracing app: What you need to know about Protect Scotland". BBC News. 10 September 2020. Retrieved 11 September 2020.
- ^ "Beat Covid Gibraltar App - 409/2020". HM Government of Gibraltar. 18 June 2020.
- ^ Þórhallsson, Markús Þ (2021-05-12). "Uppfærslan auðveldar rakningu þegar tengsl eru óþekkt - RÚV.is". RÚV. Retrieved 2023-03-06.
- ^ "Nearly 40% of Icelanders are using a covid app—and it hasn't helped much". MIT Technology Review. Retrieved 2023-03-06.
- ^ Wall, Martin; O'Brien, Ciara; Hilliard, Mark (7 July 2020). "Coronavirus: HSE reports 725,000 downloads of new contact-tracing app since launch". The Irish Times. Retrieved 9 July 2020.
- ^ a b "Covid-19: Tracing app is released for NI". BBC News. 30 July 2020. Retrieved 31 July 2020.
- ^ "Italy launches COVID-19 contact-tracing app amid privacy concerns". Reuters. 1 June 2020. Retrieved 3 June 2020.
- ^ Byford, Sam (2020-06-19). "Japan rolls out Microsoft-developed COVID-19 contact tracing app". The Verge. Retrieved 2020-06-20.
- ^ Jersey, States of. "Government of Jersey". Gov.je. Retrieved 2020-10-07.
- ^ "Latvian 'Stop Covid' app first of its kind in the world". Lsm.lv. Retrieved 2020-05-20.
- ^ "moph". Moph.gov.lb. Retrieved 27 June 2022.
- ^ "Stop the spread of the coronavirus, download". Coronamelder.nl. Archived from the original on 2020-11-08.
- ^ "Bluetooth tracing". Health.govt.nz. 15 August 2023.
- ^ Ranada, Pia (2 April 2021). "StaySafe to use Google Apple Exposure Notifications for contact tracing". Rappler. Retrieved 27 June 2021.
- ^ "Ministerstwo cyfryzacji uruchomilo aplikacje protego safe do sledzenia koronawirusa". Wirtualna Polska (in Polish). 9 June 2020. Retrieved 9 June 2020.
- ^ "App portuguesa de rastreio à Covid-19 já está disponível em Android e iOS". Observador (in Portuguese). 28 August 2020. Retrieved 29 August 2020.
- ^ "Download the app – Every COVID Alert SA app download means more lives saved in SA". SAcoronavirus.co.za. September 2020. Archived from the original on 2020-09-16. Retrieved 2020-09-19.
- ^ Pérez, Enrique (2020-06-30). "Probamos Radar COVID: así funciona la aplicación de rastreo de contactos que usaremos en España". Xataka (in Spanish). Retrieved 2020-07-28.
- ^ "臺灣社交距離App". Taiwan Centers for Disease Control. 2021-05-03. Retrieved 2021-05-03.
- ^ "วิธีเปิดการแจ้งเตือนการสัมผัสเชื้อโควิด-19 บน iPhone". iMod. 2022-04-26. Retrieved 2022-04-27.
- ^ "NHS Covid-19 app: England and Wales get smartphone contact tracing for over-16s". BBC. 24 September 2020. Retrieved 24 September 2020.
- ^ "Alaska ENX | University of Alaska Anchorage | University of Alaska Anchorage". Uaa.alaska.edu. Retrieved 2022-03-28.
- ^ a b "CA Notify app offers COVID-19 exposure alerts for Stanford community". The Stanford Daily. 2020-12-29. Retrieved 2021-01-13.
- ^ a b "More than 6 million have signed up for California's COVID-19 alert system". San Diego Union-Tribune. 2020-12-15. Retrieved 2021-01-13.
- ^ "CO Exposure Notifications". Addyourphone.com. Retrieved 27 June 2022.
- ^ "COVID-19 Exposure Notifications Now Available on Your Phone". NBC Connecticut. 12 November 2020. Retrieved 2020-11-17.
- ^ "In response to third COVID surge, Louisiana launches COVID Defense | La Dept. of Health". Ldh.la.gov. 22 January 2021. Retrieved 27 June 2022.
- ^ "COVID Defense - Louisiana's Smartphone App". Coviddefensela.com. Retrieved 27 June 2022.
- ^ "Maryland Department of Health launches MD COVID Alert". health.maryland.gov. Retrieved 2020-11-10.
- ^ Wetsman, Nicole (2021-06-21). "Massachusetts' COVID-19 exposure notification app auto-installed on Android phones". The Verge. Retrieved 2021-06-21.
- ^ "Spartans Respond with MI COVID Alert". msu.edu. Retrieved 2020-11-10.
- ^ "Coronavirus - MDHHS and DTMB Roll Out COVID-19 Exposure Alert App Statewide". Michigan.gov (Press release). Archived from the original on 2020-11-10. Retrieved 2020-11-10.
- ^ Shamus, Kristen Jordan. "Michigan rolls out new app to alert people of COVID-19 exposure". Detroit Free Press. Retrieved 2020-11-10.
- ^ "COVIDaware MN: Minnesota's free COVID-19 exposure notification app". mn.gov. Archived from the original on 2020-11-26. Retrieved 2020-11-26.
- ^ "Minnesota rolls out new app for COVID exposure alerts". Mprnews.org. 23 November 2020. Retrieved 2020-11-26.
- ^ "COVID-19 Exposure Notifications system launches for university community". medicine.wustl.edu. 29 July 2021. Retrieved 2021-08-24.
- ^ "MO/Notify". play.google.com. Archived from the original on 2021-08-25. Retrieved 2021-08-24.
- ^ "SlowCOVIDNC app | NC COVID-19". Archived from the original on 2022-08-19. Retrieved 2022-10-18.
- ^ "North Dakota announces launch of Care19 Alert app to help reduce spread of COVID-19 as students return". ND Office of the Governor. Retrieved 2020-08-13.
- ^ "Google/Apple Exposure Notification Express Launches in Utah". UT Department of Health. Retrieved 2021-02-17.
- ^ "WA Notify system goes live with COVID exposure notifications for iPhone and Android users in Washington state". The Seattle Times. 2020-11-30.
- ^ "Washington Exposure Notifications - WA Notify". Washington State Department of Health. 2020-11-30. Retrieved 2020-11-30.
- ^ "COVID-19 Contact Tracing App Launches in Wisconsin" (Press release). Wisconsin Department of Health Services. 2020-12-23. Archived from the original on 2020-12-23.
- ^ "Care19 Contact Tracing Apps". Wyoming COVID-19 Information. Archived from the original on 2020-08-14.
- ^ "Información sobre aplicación Coronavirus UY" (in Spanish). gub.uy. 15 June 2020. Retrieved 15 June 2020.
- ^ Kelion, Leo (2020-05-20). "Apple and Google's Covid-19 'watershed moment'". BBC News. Retrieved 2020-05-21.
- ^ Fouquet, Helene (20 April 2020). "France Says Apple Bluetooth Policy Is Blocking Virus Tracker". Bloomberg.com. Retrieved 27 April 2020.
- ^ "Alberta to adopt national COVID-19 tracing app". Edmonton Journal. Retrieved 2020-08-09.
- ^ "Alberta's contact-tracing app only works on iOS when phone is unlocked, app running in foreground". Global News. Retrieved 2020-08-09.
- ^ a b Franklin, Michael (2020-11-06). "Alberta will not adopt national COVID-19 Alert app: Kenney". CTV News Calgary. Retrieved 2020-11-17.
- ^ Grubb, Ben (2020-06-28). "'There's no way we're shifting': Australia rules out Apple-Google coronavirus tracing method". The Sydney Morning Herald. Retrieved 2020-09-23.
- ^ "Apple/Google privacy preserving COVID-19 contact tracing. · Issue #10 · AU-COVIDSafe/mobile-ios". GitHub. Retrieved 2020-09-23.
- ^ Volgelstein, Fred; Knight, Will (2020-05-08). "Health Officials Say 'No Thanks' to Contact-Tracing Tech". Wired. Retrieved 2020-05-10.
- ^ "Huawei releases its "Contact Shield" API for COVID-19 contact tracing". xda-developers. 2020-06-08. Retrieved 2020-10-07.
External links
[edit]- Official website (Google)
- Official website (Apple)
- Announcement (Apple)
- Overview presentation (Google)
- Technical specifications (Apple)
- Exposure Notification: Frequently Asked Questions Archived 2020-04-26 at the Wayback Machine (Apple/Google)
Exposure Notification
View on GrokipediaOrigins and Development
Initial Proposal Amid COVID-19 (2020)
In early 2020, as the COVID-19 pandemic escalated and overwhelmed manual contact tracing efforts worldwide, governments and researchers began exploring smartphone-based digital alternatives leveraging Bluetooth Low Energy (BLE) for proximity detection. Singapore pioneered the first national implementation with the TraceTogether app, launched on March 20, 2020, by the Government Technology Agency in collaboration with the Ministry of Health. The app used BLE to exchange temporary proximity tokens between devices, storing this data locally on users' phones for up to 21 days; upon a positive test, users could consent to upload the data to a central server for matching against reported cases, enabling notifications to contacts without real-time location tracking.[11][12] This semi-centralized model prioritized rapid deployment amid rising cases—Singapore reported over 200 infections by mid-March—but raised privacy concerns due to potential data sharing with authorities, including for law enforcement purposes later clarified in policy updates.[11] Privacy advocates and cryptographers responded by proposing fully decentralized protocols to minimize data centralization risks. On April 3, 2020, the Decentralized Privacy-Preserving Proximity Tracing (DP-3T) initiative, comprising researchers from institutions including EPFL, ETH Zurich and KU Leuven, released a whitepaper outlining a BLE-based system. In this design, devices broadcast and collect rotating ephemeral identifiers (EphIDs) from nearby phones, logging them locally with estimated proximity metrics derived from signal strength; no personal identifiers or locations were transmitted or stored centrally. Upon diagnosis confirmation, users would upload one-time daily temporary tracing keys (derived from a seed via pseudorandom functions) to a public server, allowing other users to download these keys periodically and compute matches on-device, notifying only those with qualifying exposures (e.g., 5-30 minutes within 2 meters) without revealing identities or contact details to servers.[13][14] This approach aimed to balance traceability efficacy—projected to detect 53-63% of transmissions under 80% adoption, per simulations—with privacy, using cryptographic rotations every 10-15 minutes to thwart tracking, though it relied on voluntary key uploads and accurate BLE ranging, which empirical tests later showed could overestimate distances indoors.[13] Concurrent efforts included the Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) framework, announced around April 1, 2020, by a consortium of eight European tech firms and universities, which initially favored a centralized model where servers could request full contact graphs from diagnosed users' devices for backend matching.[15] This diverged from DP-3T's decentralization, sparking debates over surveillance risks, with over 300 academics signing an open letter on April 20 criticizing PEPP-PT for enabling potential mass querying of user data despite opt-in claims. DP-3T's model, however, influenced subsequent designs by prioritizing local computation to avoid "central points of failure" for privacy breaches, setting the stage for broader adoption amid growing scrutiny of centralized alternatives' alignment with data protection laws like the GDPR. These early proposals highlighted trade-offs: decentralized systems reduced breach impacts but required high adoption for efficacy, while BLE's limitations—such as cross-device variability in signal propagation—necessitated calibration against ground-truth exposure data from manual tracing.[13]Apple-Google Collaboration and Protocol Design
On April 10, 2020, Apple Inc. and Google LLC announced a collaborative initiative to develop an Exposure Notification System leveraging Bluetooth Low Energy (BLE) signals from mobile devices to facilitate decentralized contact tracing for COVID-19.[16] The partnership, described as a two-phase approach, aimed to enable interoperability between iOS and Android platforms by providing application programming interfaces (APIs) for public health authority apps, with subsequent operating system-level integration.[16] This effort prioritized user opt-in consent, cryptographic anonymity, and local data processing to mitigate privacy risks associated with centralized tracing systems.[16] The protocol design centers on Temporary Exposure Keys (TEKs), which devices generate and rotate daily using a cryptographically secure pseudorandom number generator.[17] Each TEK derives a Daily Tracing Key (DTK) via HKDF with the salt set to null and info string'CT-DTK', truncated to 16 bytes:
From the DTK, devices compute ephemeral Rolling Proximity Identifier Keys (RPIKs) and Associated Encrypted Metadata Keys (AEMKs) using HKDF: RPIK as HKDF(TEK, NULL, 'EN-RPIK', 16) and AEMK as HKDF(TEK, NULL, 'EN-AEMK', 16).[17] These keys enable the generation of Rolling Proximity Identifiers (RPIs), broadcast every 10-30 minutes (configurable interval ) via BLE advertisements, computed as AES-128 encryption of a fixed string concatenated with zeros and an ephemeral interval nonce (ENIN):[17] Receiving devices scan and log nearby RPIs along with signal strength metadata (e.g., RSSI) and timestamps for a configurable duration (default 14 days).[17] Metadata, such as transmission power or additional fields, is encrypted using AES-128 CTR mode with the RPI as initialization vector and AEMK as key.[17] Exposure risk scoring occurs locally by downloading batches of diagnosis keys (recent TEKs from confirmed cases, uploaded only with user consent post-diagnosis verification) from public health servers, regenerating expected RPIs from those keys, and matching against stored observations; matches trigger notifications based on proximity duration and attenuation thresholds set by health authorities.[17] The APIs for Phase 1 were released on May 20, 2020, integrated into iOS 13.5 and Android via Google Play Services, allowing one app per jurisdiction to access the framework while enforcing strict rate limits on key downloads to prevent abuse.[4][18] Phase 2 expanded to OS-native notifications without requiring app downloads in select regions, though adoption remained limited by opt-in requirements and varying state implementations.[16] The design drew from open proposals like DP-3T but incorporated proprietary elements for cross-platform BLE advertisement formats and key verification using HMAC-SHA256 on TEKs.[19]
Technical Framework
Bluetooth Low Energy Detection Mechanism
Exposure Notification systems utilize Bluetooth Low Energy (BLE) technology to facilitate proximity detection between mobile devices without relying on location services or persistent identifiers. Devices alternate between advertising and scanning roles, broadcasting ephemeral data packets that nearby scanners can detect and record for later risk assessment. This mechanism operates on the principle of opportunistic signal exchange, where received signal strength serves as a proxy for physical distance, typically calibrated to identify contacts within approximately 2 meters.[20] Broadcasts employ non-connectable undirected advertisement events (PDU type ADV_NONCONN_IND) using randomly generated, non-resolvable private addresses that rotate every 10 to 20 minutes to prevent tracking. The advertisement includes a fixed service UUID of 0xFD6F in the service data field, signaling Exposure Notification content, followed by a 16-byte Rolling Proximity Identifier (RPI) derived from temporary exposure keys and a 4-byte Associated Encrypted Metadata (AEM) block. The AEM encodes protocol versioning (major version 01, minor 00 as of April 2020) and the advertiser's calibrated transmit power level, ranging from -127 dBm to +127 dBm, which enables receivers to adjust RSSI measurements for more accurate attenuation-based distance estimation. Advertising intervals are configured between 200 and 270 milliseconds to optimize detection probability while conserving battery life, with devices recommended to maintain a dedicated broadcasting instance separate from other BLE activities.[20] Scanning devices perform passive, opportunistic listens with parameters designed to achieve sufficient coverage for discovering advertisements from nearby devices within any given 5-minute window, timestamping detections and capturing RSSI values per packet. Duplicate filtering at the hardware level suppresses redundant observations of the same advertisement to reduce processing overhead and power usage. The effective range is constrained by BLE's low transmission power (typically under 5 dBm), limiting detections to tens of meters, though risk scoring in the protocol applies thresholds to RSSI-attenuation pairs to approximate "close contact" events, often defined as sustained exposure below -65 to -70 dBm after calibration. RPIs and AEM refresh every 150 minutes (approximately 15 minutes in practice, accounting for derivation intervals), ensuring identifiers remain transient.[20] This RSSI-centric approach inherits inherent limitations from BLE physics, including variability due to multipath propagation, human body attenuation, and environmental interference, which can result in distance estimation errors of up to 50% or more in real-world tests. Calibration via reported transmit power mitigates some device-specific discrepancies, but studies confirm that absolute distance prediction remains probabilistic rather than precise, with false positives and negatives common in dynamic settings like public transport. National Institute of Standards and Technology evaluations using controlled BLE datasets underscore the feasibility for coarse proximity binning (e.g., <2m vs. >6m) but highlight the need for empirical tuning per device model and scenario.[21][22]Cryptographic Privacy Protections
Temporary Exposure Keys (TEKs) form the foundational cryptographic primitive in the Exposure Notification protocol, generated locally on each device as 16-byte cryptographically secure random values valid for 24 hours.[17] Each TEK rolls over daily, with up to 14 prior TEKs retained on the device to enable retrospective exposure checks spanning two weeks.[17] These keys are never transmitted during routine proximity detection; instead, they serve solely to derive transient identifiers, ensuring no persistent device or user linkage without voluntary disclosure upon a positive diagnosis.[4] From each TEK, the protocol derives two session keys using the HMAC-based Key Derivation Function (HKDF): the Rolling Proximity Identifier Key (RPIK) and the Associated Encrypted Metadata Key (AEMK), both 16 bytes.[17] Specifically, RPIK is computed as HKDF(TEK, empty salt, "EN-RPIK", 16), while AEMK uses "EN-AEMK" as the info parameter.[17] These derivations employ one-way cryptographic functions, preventing observers from reversing the process to uncover the underlying TEK or correlating identifiers across days.[17] Rolling Proximity Identifiers (RPIs), the Bluetooth-broadcast beacons, are generated every 10 minutes from the RPIK using AES-128 encryption on a padded structure incorporating the Exposure Notification Interval Number (ENIN).[17] The formula is RPI = AES128(RPIK, "EN-RPI" || 0x000000000000 || ENIN), truncated to 16 bytes, with rotation synchronized to Bluetooth address changes.[17] Associated metadata, such as signal strength or transmission power, is encrypted using AES-128-CTR with AEMK and the current RPI as initialization vector, obscuring it until a matching TEK is available post-diagnosis.[17] This rapid rotation—144 intervals per TEK—limits any intercepted RPI to a brief 10-minute window, thwarting prolonged tracking by passive adversaries.[17] Upon a confirmed positive test, the relevant TEKs (as Diagnosis Keys) are uploaded to a public health server without user identifiers, allowing apps to download and locally recompute RPIs for risk assessment.[4] This design enforces pseudonymity and ephemerality: proximity data remains decentralized on devices, with cryptographic unlinkability across sessions unless a TEK is released, minimizing risks of mass surveillance or re-identification.[23] The use of collision-resistant primitives like HKDF and AES further resists forgery or replay attacks, as deriving valid RPIs requires the authentic TEK.[17]Protocol Versions and Updates
The Exposure Notification protocol, jointly developed by Apple and Google, was first specified in detailed technical documents released on April 29, 2020, including the Cryptography Specification version 1.2 and the Bluetooth Specification version 1.2.[17][20] These documents outlined the core mechanisms for generating temporary exposure keys (TEKs), deriving daily temporary keys (DTKs), rolling proximity identifiers (RPIs), and associated encrypted metadata (AEMs) using cryptographic primitives such as HKDF, HMAC, and AES-128-CTR to ensure pseudonymity and forward secrecy. Version 1.2 introduced no substantive changes from version 1.1, which had been updated on April 23, 2020, primarily to rename the system from "Contact Tracing" to "Exposure Notification" and refine terminology for clarity.[24] Subsequent updates to the protocol's implementation occurred through operating system releases rather than revisions to the core specifications. On iOS 13.7, released in September 2020, Apple introduced an updated method for calculating the Exposure Risk Value (ERV) within the ENExposureConfiguration class, allowing health authorities to customize risk scoring based on factors like infectiousness and attenuation while maintaining backward compatibility with prior configurations.[25] Starting with iOS 14.4 in January 2021, the framework enabled apps to request user permission for automatic release of TEKs upon a positive COVID-19 diagnosis, streamlining diagnosis verification without altering the underlying cryptography.[26] On Android, the API supported devices running version 6.0 (API level 23) or higher from initial rollout, with enhancements in Android 11 (released September 2020) permitting operation without requiring location services to be enabled, addressing privacy concerns raised by users and regulators.[27][28] No further major protocol revisions were issued after 2020, as the design prioritized stability for cross-platform interoperability amid the urgency of the COVID-19 pandemic. Apple and Google jointly deprecated the Exposure Notifications API and framework on September 18, 2023, citing the diminished public health need following widespread vaccination and reduced transmission rates, though apps could continue functioning until OS-level enforcement.[29][1] This deprecation did not retroactively alter prior data handling but rendered new integrations impossible, effectively ending active development of the protocol.Privacy and Security Analysis
Decentralized Data Handling
In the Exposure Notification framework developed by Apple and Google, decentralized data handling ensures that proximity data and risk computations occur locally on user devices, preventing the aggregation of identifiable contact graphs on central servers. Devices generate ephemeral Temporary Exposure Keys (TEKs) daily, from which Rolling Proximity Identifiers (RPIs) are derived and broadcast via Bluetooth Low Energy signals without revealing user identities or locations. Nearby devices passively collect these RPIs along with associated metadata, storing them securely on-device for a limited period, typically 14 days, without transmitting them to any external entity unless the user explicitly consents to a positive diagnosis report.[30][4] Upon a confirmed positive COVID-19 test, users may opt to upload their recent TEKs—now termed diagnosis keys—to a public health authority's server, often after verification via a one-time code to mitigate false reports. These diagnosis keys are anonymized, rotated, and salted to preclude linkage to individuals, and the server distributes them in batches without retaining or analyzing proximity data. Receiving devices periodically download these batches, locally regenerate possible RPIs from the keys using the same cryptographic primitives (such as HMAC and AES), and match them against stored observations to calculate exposure risk scores based on factors like signal strength and duration. This on-device matching avoids exposing raw contact data to intermediaries, theoretically limiting surveillance risks compared to centralized models where servers process full traces.[27][23] The architecture draws from privacy-focused designs like the Decentralized Privacy-Preserving Proximity Tracing (DP-3T) protocol, prioritizing user control through opt-in uploads and local storage to address concerns over data misuse by authorities or breaches. However, implementation details vary by app; for instance, public health servers must enforce rate-limiting and verification to prevent abuse, such as spam uploads, which could degrade system utility without compromising decentralization. Empirical analyses of deployed systems, including those in the U.S. and Europe, confirm that no central repository of user locations or contacts was maintained, aligning with privacy claims, though reliance on voluntary reporting introduced gaps in coverage.[30][23]Claimed vs. Actual Privacy Safeguards
Proponents of the Exposure Notification (EN) framework, including Apple and Google, asserted that its decentralized architecture inherently protected user privacy by confining contact data to individual devices, thereby avoiding the creation of centralized databases vulnerable to mass surveillance or breaches.[3] The system employed rotating Temporary Exposure Keys (TEKs) generated daily on each device, from which ephemeral identifiers like Rolling Proximity Identifiers (RPIs) were derived using cryptographic functions such as HKDF and AES, ensuring that observed signals could not be linked across time periods or to specific users without possession of the underlying TEK.[4] Official documentation emphasized that no personal identifiers, location data, or movement histories were collected or transmitted; proximity detection relied solely on Bluetooth Low Energy (BLE) signal strength, with diagnosis verification requiring user-initiated codes from health authorities to prevent unauthorized key uploads.[2] These features were presented as enabling risk notifications without compromising anonymity, with opt-in consent and local processing mitigating risks of governmental overreach or commercial exploitation.[3] In practice, however, the framework's privacy safeguards proved susceptible to several vulnerabilities that undermined these claims, particularly under adversarial conditions involving compromised verification or large-scale observation. Formal security analyses using tools like the Tamarin prover revealed that while decentralization reduced the blast radius of backend compromises compared to centralized alternatives like ROBERT, it did not eliminate risks such as relay attacks, where an active adversary could forward signals to fabricate exposures, requiring only proximity to targeted devices rather than global access.[31] Weaknesses in diagnosis key authorization—such as reliance on temporary access numbers (TANs) in implementations like Germany's Corona-Warn-App—allowed potential false positive uploads if verification processes were socially engineered or bypassed, enabling targeted misinformation rather than the promised controlled anonymity.[31] Property-based evaluations of decentralized schemes akin to EN highlighted leakage of contact timing data upon diagnosis, which, when correlated with external location knowledge (e.g., via public events or device ownership graphs), could deanonymize users despite key rotations, violating the asserted unlinkability.[32] Further discrepancies arose from inherent protocol limitations and implementation variances. Cryptographic primitives like HMAC and AES-CTR for metadata encryption protected against direct identifier extraction but failed to fully obscure patterns in Associated Encrypted Metadata (AEM), potentially exposing auxiliary information such as transmission power levels that adversaries could exploit for coarse location inference over repeated encounters.[32] Sybil attacks remained feasible if devices generated multiple virtual identities undetected, amplifying an attacker's ability to simulate contacts and infer real proximities, a risk acknowledged in theoretical models but not fully mitigated in the core EN design without additional hardware attestations.[32] Empirical reviews, including U.S. Government Accountability Office assessments, noted persistent privacy concerns stemming from BLE's broadcast nature, where even randomized MAC addresses did not preclude statistical tracking by entities controlling dense device networks, contrasting with claims of negligible traceability.[5] While the system avoided overt identity linkage, these gaps—exacerbated by varying public health authority integrations—demonstrated that actual protections fell short of absolute privacy, particularly against sophisticated, resource-rich threats, leading to adoption hesitancy driven by perceived residual risks.[6]Identified Vulnerabilities and Risks
Replay attacks represent a primary vulnerability in the Google-Apple Exposure Notification (GAEN) framework, enabling adversaries to capture Bluetooth Low Energy (BLE) advertisements containing Rolling Proximity Identifiers (RPIs) and retransmit them in distant locations, thereby falsifying exposure notifications without geospatial validation.[33] These attacks exploit the protocol's lack of location-aware checks, allowing RPIs to remain valid globally within a ±2-hour window due to clock skew tolerance, and can be executed scalably using inexpensive hardware like Raspberry Pi devices or compromised smartphones connected to cloud servers.[33] Simulations demonstrated false-positive rates ranging from 62.91% to 91.06% in targeted scenarios, potentially leading to erroneous self-quarantines, economic disruptions, and erosion of public trust in the system.[33] Linking attacks further compromise user anonymity by correlating sniffed RPIs with visual identifiers, such as face photos captured via co-located cameras, achieving up to 86% success rates in high-traffic environments with 5,000 pedestrians per hour.[34] Attackers leverage received signal strength indicators (RSSI) peaks to match RPIs to individuals up to 7 meters away, even with devices in pockets or bags, and can derive additional RPIs from publicly uploaded Temporary Exposure Keys (TEKs) of confirmed cases to expose infection status or enable doxing.[34] Relay attacks extend this threat by forwarding BLE messages between geographically separated sites, artificially marking uninvolved users as exposed.[31] Inherent structural risks in decentralized designs amplify these issues, as colocation data inherently links proximity events to infection status, facilitating deanonymization through attacks like binary searches with multiple deployed devices to encode and decode user locations or statuses via unique notification patterns.[35] For instance, entities controlling multiple access points, such as hotels deploying 11 smartphones, can uniquely identify guests' rooms and infection-linked contacts, revealing movements across 1,344 fifteen-minute intervals per day.[35] Compromise of an infected user's device allows exploitation of TEKs to generate false alerts, while weak upload authorization enables unauthorized TEK dissemination, though the decentralized model limits mass-scale impacts compared to centralized alternatives by requiring physical Bluetooth proximity.[31] Formal security analyses confirm these flaws persist despite cryptographic protections like key rotation, underscoring that BLE's broadcast nature and protocol tolerances enable practical exploitation by motivated adversaries, including nation-state actors via malware or botnets.[31][33]Deployment and Implementation
Platform Integration (iOS and Android)
The Exposure Notification API, developed jointly by Apple and Google, was integrated into iOS via the ExposureNotification framework, first enabled in iOS 13.5 on May 20, 2020, allowing authorized public health apps to access Bluetooth Low Energy (BLE) signals for anonymous proximity logging while enforcing strict user opt-in requirements and on-device processing to minimize data transmission.[4] This framework supported devices running iOS 13 and later, with backporting to iOS 12.5 released on December 14, 2020, for older iPhone models lacking iOS 13 compatibility, ensuring broader hardware reach without compromising the decentralized key rotation and encryption protocols.[36] Apps interfaced with the system through classes like ENManager for key retrieval and exposure detection, but Apple restricted API access to government-approved entities, limiting integration to verified health authorities.[3] On Android, integration occurred through updates to Google Play Services, rolled out starting May 2020 to devices on Android 6.0 (Marshmallow) and above, leveraging the service layer to handle BLE advertising, scanning, and cryptographic key management without requiring app-level permissions for location after Android 11's release in September 2020.[29] This approach centralized backend logic in Play Services—updated independently of the OS—to facilitate cross-platform interoperability with iOS devices, where Android apps could request temporary exposure keys (TEKs) and rolling proximity identifiers (RPIs) via API callbacks, subject to user authorization toggled in device settings.[28] Google enforced similar eligibility criteria, partnering with health departments for app certification, and provided SDK tools for diagnosis key uploads only upon confirmed positive tests, with no persistent user tracking.[27] Both platforms emphasized API-level safeguards, such as ephemeral BLE advertisements rotating every 15 minutes and AES-128 encryption for metadata, to prevent device fingerprinting during inter-device handshakes, though implementation differences arose: iOS relied on native Core Bluetooth frameworks with tighter sandboxing, while Android's Play Services abstraction allowed finer-grained control over battery optimization and background execution.[4] The service was discontinued on September 18, 2023, following global COVID-19 policy shifts, rendering the integrations obsolete across both ecosystems.[29]Global and Regional App Rollouts
The Exposure Notification framework, announced by Apple and Google on April 10, 2020, enabled privacy-preserving Bluetooth-based contact detection for COVID-19 apps developed by public health authorities, with the API first available on May 20, 2020. Public health agencies integrated the system rapidly, launching apps in 16 countries and regions across Africa, Asia, Europe, North America, and South America by July 31, 2020. By December 11, 2020, implementations had expanded to more than 50 countries, states, and regions worldwide. A 2023 analysis documented 128 exposure notification apps supporting similar functionality across 127 countries, of which 75 employed the Google-Apple Exposure Notification (GAEN) API specifically. In Europe, early and widespread adoption occurred, with Germany's Corona-Warn-App—one of the earliest major deployments—launching on June 16, 2020, to facilitate decentralized risk notifications. The United Kingdom's NHS COVID-19 app for England and Wales followed on September 24, 2020, after initial trials and a shift to the GAEN framework. Numerous other European countries, including Austria, France, Italy, and Switzerland, rolled out compatible apps in mid-2020, achieving interoperability for cross-border alerts via an EU framework activated on October 19, 2020. North American rollouts emphasized national and subnational approaches. Canada introduced its federal COVID Alert app on July 31, 2020, enabling exposure warnings without centralized data storage. In the United States, absent a unified federal app, states initiated independent deployments starting with Virginia's app on August 6, 2020, followed by pilots like Alabama's GuideSafe in early August; by June 2021, 26 of 56 states, territories, and the District of Columbia had active apps using the framework, reflecting a staggered 10-month rollout influenced by local privacy laws and development capacity. Asia saw targeted implementations, such as Japan's COCOA app released on June 19, 2020, which used GAEN for opt-in proximity tracing. Additional early adopters in the region contributed to the initial 16 global launches noted in July 2020, though uptake varied due to preferences for alternative tracing methods in densely populated areas. South American and African nations, including examples like Argentina and Ghana, participated in early regional expansions but represented smaller shares of total deployments compared to Europe and North America.Adoption and Usage Patterns
Measured Uptake Rates by Region
Uptake of exposure notification apps, which primarily utilized the Apple-Google Exposure Notification (GAEN) framework, varied significantly by region, with downloads often outpacing sustained active usage due to factors like privacy concerns and perceived low utility. Globally, across 13 populous countries, adoption reached approximately 9.3% of residents as of mid-2020, based on installations of government-backed apps. In Europe, an average population adoption rate of 23% was observed among COVID-19 contact tracing apps by early 2021, though active user percentages were lower and highly variable. Active users across select European countries totaled around 56 million, representing 26-45% of the population in six nations (Finland, Ireland, Germany, Iceland, France, Switzerland) at peak usage in autumn 2021.[37][38][39] In the United States, deployment occurred in 26 states and territories by June 2021, but national uptake remained low, with app-enabled users comprising 1-3% of populations in states like Wyoming, North Dakota, Michigan, Nevada, and Alabama as of December 2020. Higher rates were recorded in specific states: Colorado achieved 30.2% adoption among smartphone owners by October 2024 through Exposure Notification Express (ENX), while Pennsylvania saw only 3.2% population usage for its COVID Alert app. California reported 16.5 million activations among cell phone users over 14 months ending in 2022, equating to roughly 40% of the adult smartphone-owning population, though exposure notifications were issued to just 1.19 million individuals. State-level variation stemmed from opt-in requirements and limited promotion, with overall U.S. surveys indicating 71% of respondents had no intention to download by June 2020.[5][40][41][42][43]| Region/Country | Measured Uptake Metric | Date | Source |
|---|---|---|---|
| Germany (Corona-Warn-App) | 37.9% of population aged 18-77; ~28 million downloads (~46% smartphone users) | March 2021 / May 2021 | [44] [45] |
| Australia (COVIDSafe) | 21.6% population downloads; 6.2 million (~25% population) early on | July 2020 / June 2020 | [46] [47] |
| European Average | 23% population adoption for tracing apps | Early 2021 | [38] |
