Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple and Google must convince public that contact tracing is secure, senator says

The Apple and Google system will use Bluetooth to monitor a user's proximity to others, including those infected with COVID-19.

Last updated

A U.S. senator says that Apple and Google still need to convince the public that their newly announced COVID-19 contact tracing app will respect user privacy and security.

On April 10, the two tech giants announced a partnership to develop and deploy a cross-platform mobile contact tracing technology that could help curb the spread of COVID-19.

In a statement to Reuters on Wednesday, Senator Richard Blumenthal (D-CT) said that the two companies "have a lot of work to do to convince a rightfully skeptical public that they are fully serious about the privacy and security of their contact tracing efforts."

Sen. Blumenthal and two other Democratic members of Congress previously raised concerns about White House-led efforts to collect Americans' health information during the COVID-19 pandemic.

Contact tracing is a process to track the spread of a disease by building out a history of who an infected person has come into contact with over a period of time. The system devised by Apple and Google largely automates this process using short-range Bluetooth signals, secure local databases, anonymized device identifiers and other modern mobile technology.

Both companies have said that their contact tracing system, which will initially roll out as a framework for public health organizations to build apps upon, is being designed with "privacy, transparency and user control" in mind.

The technology will be completely voluntary at every stage and will take steps to protect user identities by using rotating Bluetooth identifiers and storing that data locally on a device until a person who tests positive for the disease opts to notify the system. In such a scenario, said person's device pushes out 14 days' worth of contact keys to a central server, which is subsequently pulled down by other devices taking part in the program. Positive broadcast beacons are cross-checked with locally stored contact lists and, if a match is found, the recipient is alerted that they recently came in contact with someone who tested positive for the virus.

Android and iOS contact tracing APIs are expected to be made available in May, while operating system-level integration is planned to follow.

Apple and Google detailed the system's privacy protections in a press briefing Monday.