Apple and Google were keen to stress from the
get-go that the system uses only Bluetooth,
is fully opt-in, collects no location data from
users, and no data at all from anyone without
a positive Covid-19 diagnosis, but there are
still questions about how safe the scheme
may be. Aside from many potential flaws in
the new system, published by the Science
Journal earlier in April, some worry about
ways bad actors or advertisers could reveal the
identities of positive COVID-19 cases, the threat
of false positives from trolls, and mistaken self-
diagnoses causing panic.
What’s important to remember is that the
scheme requires our phones to constantly
beam a unique Bluetooth code, which will be
derived from a cryptographic key that changes
every day. Those keys will only be uploaded to
the server if a user tests positive for COVID-19,
and then those who may be affected will have
their keys decoded by the systems and self
individually, meaning no personal information
like numbers, emails, names or addresses
will enter the systems powered by Google or
Apple. And because codes that track a person’s
movement are switched every ten minutes, even
if data was breached, bad actors couldn’t link the
two together or get a full picture of a particular
user or their day-to-day movements.
Something else to consider is that the new
technology won’t be accessible to anybody
other than approved government bodies and
their trusted software developers. And that
includes advertisers. Ad-targeting firms cannot
implement the protocol to track users, but
an advertising firm could theoretically place
Bluetooth beacons into stores to collect contact