Nat Cole dispels the social media rumours surrounding COVID-19 Exposure Notifications and explains how the tool makes for easier contact tracing on smartphones.
I am sure that this past week some of us must have received messages with some questions like: Do you know that COVID-19 tracker was recently installed on your phone without your permission? Or, Do you know that a COVID-19 Exposure Notifications Software was installed on your phone?. Do you know when or who installed or authorized the installation of the COVID-19 tracker on your phone? etc.
These social media questions about your phone are all over the place along with the expected furore over this assumed installation of this new software on your phone. Along comes the information that informs you on how to confirm that the named COVID-19 tracker is indeed on all your smartphones.
1. If you are using an Android phone, go to Settings and then to Google Settings. You will find COVID-19 Exposure Notifications.
2. For those iPhone users, go to Settings then to Privacy then to Health. There you will also find the COVID-19 Exposure Notifications.
It is because of this that it is now alleged on social media that the erroneously termed COVID-19 Exposure Notifications tracker was surreptitiously installed on your phone without your permission.
Fortunately, this is global but these allegations are not true. However, they are floating all over social media. This is partly why IT and Forensics Professionals should be interested in this unfolding story. This encouraged me to look deeper into the issue.
I will attempt to shed some light on past events that were not taken seriously by industry players.
For starters, in May 2020 Apple and Google jointly announced that they were building an app to notify consumers of COVID-19 Exposure if they are infected or exposed to the disease. The two techies also confirmed that they were rolling out the system for this app. A clear distinction.
This new API in your phone as COVID-19 Exposure Notifications will give the Public Health Agencies the ability to incorporate the API into their apps for COVID-19 contact tracing.
COVID-19 Exposure Notifications and API
So during most phone users’ recent iOS or Android updates, a new service interface was added. This is the COVID-19 Exposure Notifications interface. This tool is switched off by default on your phones. This was added as an Application Programming Interface (API) to either your iPhones or Android phones.
The API is not an app but an interface or tool that will allow a COVID-19 Exposure Notifications app to work on your phone whenever you choose to add or install the app to your phone.
This new tool will enable an app to run in the background while still using the Bluetooth functionalities. However, it caused a lot of confusion on social media to users who wondered about the new addition to their phones.
In addition, last month, May, the two tech giants Google and Apple publicly issued a joint statement that what they built for the COVID-19 Exposure Notifications was only a tool, the Application Programming Interface (API) and it is not an app.
The API is the framework within the Android or iOS operating system that will allow developers to build COVID-19 Exposure Notifications apps that can warn users of proximity to those already infected with COVID-19 or allow such apps to function properly with iPhones or Android phones whenever such apps are available and are installed on practically any smartphone.
This new API in your phone as COVID-19 Exposure Notifications will give This new API in your phone as COVID-19 Exposure Notifications will give the Public Health Agencies the ability to incorporate the API into their apps for COVID-19 contact tracing. Such apps can now be easily installed by consumers on their phones.
This tool will allow the public health agencies contact tracing apps to work with the Bluetooth running in the background for tracing or tracking COVID-19 infections according to the two tech giants. It is more of an enabler for the app’s functionality along with the required Bluetooth in the background.
This allows handsets to exchange data through Bluetooth and alert users if perchance they have been in close proximity to someone who is later found to be infected with COVID-19. This changes the dynamics of contact tracing in the new normal. This data is also not stored centrally but resides in the user’s phone.
I believe that by now we can appreciate that all these talks on social media about the unauthorized installation of some COVID-19 tracker or apps on our phone and related concerns are unfounded and erroneous because of the lack of understanding of the tool. Especially, when you consider the nature and purpose of the API system that you now have on your phone.
COVID-19 Exposure Notifications and Nigeria
Currently, Public Health Agencies around the globe are in the process of building apps for COVID-19 contact tracing. Contact tracing is among the tools used to control the spread of COVID-19.
In some countries, such as the United Kingdom they have built a contact tracing app which they are trying out and testing on the Isle of Wright. The UK is now considering ditching their own built system and replace it by incorporating their apps with this API tool developed by Apple and Google.
However, in Nigeria, nothing has been disclosed or discussed publicly about any development of apps for contacts tracing in controlling the spread of COVID-19 in Nigeria as of this June.
This now begs the question of whether or not if Nigeria is even considering the development of any contact tracing app? Or is the public health agency involved, the Nigeria Centre for Disease Control (NCDC) just relying on the old and archaic ways of doing contact tracing? Forgetting that we are in a new normal if nothing else? Nigerians need to know.
Nigeria has very capable IT professionals that can engage in the development of such apps if the health agency is interested in developing such an app that will consider and incorporate our unique cultural preferences in developing contact tracing technology that will serve Nigerians and Nigeria’s needs.
We should note that this tool requires users to opt-in. You must also opt-in to use the participating apps. We expect that only apps approved by Apple and Google will be included in their app stores for obvious reasons.The developers of such apps would have had to use this API or tool in their apps development.
However, there are additional restrictions that these potential participating apps must abide by. Such as removing all location services features as an example.
Additional restrictions require that contact tracing data is only stored on the user’s device or that it is only processed on the user’s device. A very reasonable requirement in ensuring user’s control over data.
Public Health Agencies such as NCDC may have other assigned responsibilities for the apps such as defining what constitutes an exposure event or to determine the number of exposure events a particular user has. Or how these events or interactions relate to the reproduction rate.
It is a known fact that it is only when the Reproduction Rate is lower than one in a given area or country that we can effectively contain COVID-19 for that particular geographic area.
As we can now appreciate from this discourse that the API is not an app that was covertly installed on your phone or device. Rather, it is a tool that gets your phone ready for contact tracing apps and make their use easier on your phone and to be user friendly.
Finally, in order to activate COVID-19 Exposure Notifications features on your phone, you need both Bluetooth on your phone and the contact-tracing technology from any of the authorized public health agencies apps as described in this discourse. It is only when you install and activate the apps that the COVID-19 Exposure Notifications will function as required and help to contain and reduce the spread of the disease.
Finally, there is a general concern that users were not informed or required to grant permission for this sensitive tool update on user’s phones. I believe that both Apple and Google may not have done anything illegal in respect of how the tool or API got updated on your phone. However, because of the current sensitive state of affairs globally pertaining to the new coronavirus and the heightened tensions surrounding COVID-19 in general, Google and Apple could have done better. The current process used is riddled with public relations insensitivity.
A formal announcement should have been made alerting users that such an update would be added to their phone operating system. Though they made some announcements, but they were not specifically directed at users. So it missed the point for users. This, along with adequate explanation to avoid misleading news and to promote understanding of the update, would have helped.
In the absence of this, phone users are questioning the fact that they failed to seek or obtain their consent for adding the tool despite the fact that it is just an update that are usually done without fanfare.
Even at that, users usually have a choice whether they want to update their system or not to add the tool needed to upgrade the services offered. Apparently, maybe this was buried in some innocuous update for which most users normally consent to.
However, because this is different it should have been handled differently. Clearly, this is the sign of the COVID-19 times with a new normal even in such mundane things as updating our phone systems operating system.
A case for the new normal that should be considered next time.
From the Desk of NAT COLE, June 2020