Apple and Google tell health departments their privacy requirements for coronavirus tracking

The exposure notification API is due to roll out this month.

Apple / Google

Apple and Google have stipulated how public health authorities around the world can use their upcoming coronavirus tracking system in an effort to preserve user privacy.

Representatives from the two companies announced today that, in addition to standard reviews on Apple and Google’s app stores, public health authorities will have to sign legal addendums to gain access to the new API agreeing to several principles. Those include: that the apps are only used for the coronavirus pandemic — as opposed to, say, targeted advertising — and should minimize the amount of data they collect. They must require user consent at multiple stages and they cannot ask permission to use a smartphone’s location services. Lastly, the API will be granted to one app per country or region, depending on the government’s approach.

The system, which Apple and Google are calling exposure notification, involves anonymous Bluetooth keys exchanged between phones to track potential contact with the coronavirus causing COVID-19. The companies are collaborating on an interoperable API which should be released this month. But the two tech giants won’t be the ones building the actual apps -- that falls to national or regional public health agencies. Apple and Google can therefore build privacy into their API regardless of what varying political regimes may want to do once this functionality rolls out globally.

Google exposure notification
Apple / Google

Last week, the two companies seeded the API to developers in preparation for a full rollout. In the months to come, exposure notification functionality may be built into operating systems, allowing them to be sent out without the use of separate app. And once the pandemic is over, Google and Apple have said they’ll disable the system.