[clug] Apple-Google Contact Tracing API. V1 released May 20, 2020
sjenkin at canb.auug.org.au
Sun May 24 22:15:32 UTC 2020
Does anyone see security or privacy issues with the spec?
It’ll mean rewriting the local AusGov contact tracing App, the one that they haven’t fully developed the back-end for.
The Apple-Google notification service is designed to be anonymous & tracking-resistant, without a central database of user details or central processing of contacts.
There is a central database of rapidly (15-30 min) keys generated on devices.
Unclear to me who runs the DB? On what hardware?
Google’s tech spec page contains sample code for an “Exposure Notifications server” - presumably the local public health authority runs one of these, known to its App.
App users who are diagnosed Covid-19 positive, notify the App, which uploads the last 14 days of keys ’seen’ by the device. The devices with those keys are sent notifications.
It’s unclear to me how the keys-device connection is made within the server database.
The Notification side of the server must push a notification to devices (presumably when they connect to upload keys).
Currently, App developers - presumably public health authorities - have to build local Apps for users to download & ‘accept’. This allows local ’tuning’ of what constitutes a ‘contact’.
In coming months, this interface will be baked into the O/S of both Android and iOS.
We’re told the contact tracing O/S module will require ‘opt-in’.
Exposure Notification - Frequently Asked Questions
Google and Apple partner on COVID‑19 Exposure Notifications API
+ More information and technical specs
Apple - Bluetooth Spec
Apple Developer API
Steve Jenkin, IT Systems and Design
0412 786 915 (+61 412 786 915)
PO Box 38, Kippax ACT 2615, AUSTRALIA
mailto:sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin
More information about the linux