Contact tracing by Apple and Google: is privacy dead?

BlurDeleteMePrivacyPrivacy News

Written by:

Apple and Google mobile operating systems will offer a common way for anyone’s smartphone to log its location and the location of all the other phones it has been in close proximity to each day.  In essence, imagine a Facebook “social graph” of all your Facebook family and friends and their connections – but instead – one based on your physical real-world connections.  

This is critical because the world needs to get back to work.  Orders to quarantine can only reasonably last so long. So-called “contact tracing” or tracking, deployed widely, could enable much of the country to return to work while also allowing public-health departments to quickly ID and quarantine new cases.  

However, creating a large-scale information nexus between Government and Silicon Valley has for a long time rightly been seen as the potential death of consumer privacy.  

The current promise is that technologists (including researchers from pandemic-based groups like DP3T) have found ways to preserve privacy by using a combination of “unique identifier” (bluetooth beacon), encryption, and the technique of keeping data stored on phones locally.  Using this mix, Apple and Google’s implementation will be “privacy-preserving tracking” – a baby only Tim Cook and Sundar Pichai could both love.

What are the contact tracing privacy promises from Apple and Google? 

Apple and Google claim “user privacy and security are central to the design.”  Users will self-report and authorize requests for their data.

Here’s a snippet of language from one of the actual documented api calls: 

CTSelfTracingInfoRequest 

This request is intended to be called when a user has a positive diagnosis. Once the keys are shared with a server, other users can use the keys to check if their device has been in contact with any positive diagnosis users. Each request will require the user to authorize access. Keys will be reported for the previous 14 days of contact tracing.

While there are a variety of well-thought out protections in the design which are certainly better than including it in the next Google Maps update, the document doesn’t specify who is in control of the “Server” which plays its role in the dissemination of data.  Despite the protections, like anything that is using a network of peoples phones to accurately track each other, there are plenty of potential problems with the privacy implementation claims.  

Quite obviously, tracking and privacy are ultimately in conflict:  

contact tracing privacy

With Google and Apple standardizing this (api) to collect and query health data, the industry can make sure that 90% of people with smartphones can automatically report their physical connections to everyone else, every day.  Having this information standardized for the future is a big opportunity for Silicon Valley and for Government generally.

Do Apple and Google already know Governments will force people to report?

The whole usefulness of contact-tracing depends on broad participation.  Apple and Google already know that when it comes to enabling online services, the default behavior drives 90% of people’s choices.  Less than 10% of consumers typically opt-in to anything that isn’t default. It is hard to imagine Apple and Google doing this unless they already knew that local, state and or federal governments would compel healthcare providers and citizens directly to participate.  

Of course, this may be a good and necessary thing to defeat this pandemic.  But long after COVID-19 fades, a vaccine is disseminated and so on, the comprehensive standardized data potentially available about our physical connections and social ties will remain as a new level of valuable information about the actual physical lives and the interactions we all have.  Who will get access to this and for what purposes in the future will it be used?

This blog post was written by Rob Shavell, a co-founder of Abine, The Online Privacy Company.


Blur – is a free password manager that protects the privacy of your personal information.


DeleteMe – removes your personal information from data brokers and Google searches

Leave a Reply