COVID-19 Exposure Logging | Are Apple & Google Tracking Your Health?

Over the last few days, you may have heard news of Apple and Google pushing updates across iPhone and Android devices with the intent to better track the spread of COVID-19.

While this tracking feature was not heavily publicized at the time of its launch, rest assured that it  did not secretly grant government officials  the rights to collect and share your health information without your consent

Instead, what Apple and Google have introduced is a foundational tool to help health agencies streamline the development of regional smartphone applications to ultimately curb the spread of the virus.

What are Exposure Notifications?

During health outbreaks, like the Coronavirus, public health officials use what is called ‘contact tracing’ to contact, test, treat and advise people who may have been exposed to the virus  Not only can this method of tracking be tedious and exhausting when conducted manually , it’s also very susceptible to user error when those who test positive for a disease are unable to recall the individuals they’ve been in recent contact with.

In light of this, Apple and Google teamed up in late May of 2020 to provide health authorities with ‘Exposure Notifications’; a more reliable and less intensive alternative to collecting real-time data on the potential spread of COVID-19. In turn, both  companies worked closely with health officials, scientists and privacy groups from around the world to develop an application programming interface (API) that promises to mitigate the risk of coronavirus without infringing upon the privacy of individuals. As a result, what Apple and Google designed was not an application, but rather a phone setting that can rapidly notify mass groups of people that they may have come in contact with an individual that tested positive for COVID-19.

Exposure Logging Privacy Concerns

Through the development of this smartphone feature, Apple and Google are looking to provide public health agencies with the framework to design and implement apps on the local, state, and national level. That said, when it comes to developing these apps, Apple and Google aren’t lowering their privacy standards. Instead, health organizations must meet strict security, privacy, and data control criteria before being authorized to use the newly launched API.

But this isn’t the only way Apple and Google are looking to protect their customers’ information. Because only authorized apps can utilize exposure logging and notifications, smartphone owners must first download, install, and legally consent before any tracking can occur.

Currently, in the United States, as of the writing of this article, Alabama, North Dakota, Rhode Island, South Carolina, and Vermont are the only regions that have opted to participate. A vast majority of states, including Georgia, have yet to give a response on the decision to use this new technology.

How Does Exposure Logging Work?

By default, and without any approved government health apps installed, exposure logging is turned off on both Apple and Android devices. Should you wish to check to see if this feature is either enabled or disabled on an iPhone device, first ensure that you have iOS 13.5 or higher installed by navigating to Settings > General > Software Update. Once confirmed, remain in the iPhone’s settings, but scroll down and select Privacy > Health > COVID-19 Exposure Logging.

On the other hand, for those individuals using an Android smartphone, the update allowing for exposure notifications arrived via an update to the Google app. To check if your Google Android app has been updated, navigate to Settings > Google > COVID-19 Exposure Notifications.

Should you install a health tracking app that takes advantage of the API, you can easily turn the feature off at any time and erase all collected information from either of these locations. That said, Exposure Notifications don’t track location-based information, never share the identity of an individual, and neither Apple nor Google can view  the information collected.

So how does this technology work, you may be wondering. Once an individual installs an approved health app, they’ll be asked to manually report if they have tested positive for Coronavirus. To mitigate false reporting, some health authorities have discussed providing infected individuals with a PIN code to verify the information provided is accurate. After this initial information is confirmed and uploaded, the individual’s smartphone will continuously transmit an anonymous beacon containing an unidentifiable key via Bluetooth.

When the owner of that phone passes by another individual that also has the feature enabled, each individual’s unidentifiable keys are exchanged and recorded. Once per day, Apple and Google download the keys of individuals that are confirmed to belong to those people that tested positive for COVID-19. That list is then compared to the keys an individual may have come in contact with for longer than five minutes throughout the day. Should an individual have met with someone that tested positive for Coronavirus, Apple or Google will send a notification with the next appropriate steps that individual should take, but will never reveal the individual, time, or location from which the contact occurred.

With that said, it’s safe to say that both Apple and Google have maintained a sense of social responsibility during the ongoing pandemic. As a result, this partnership has proven that privacy should continue to be a focal point when developing new innovations and data collection can be used for the greater good when conducted under strict guidelines.