Apple, Google Release Apis That Could Expose Users’ Data And Info

( Apple rolled out an update to its mobile operating system this week, which will set in motion the ability for contact tracing applications to work on their devices.
While the idea behind these apps is to help contain the spread of the coronavirus, they also could result in people giving up their privacy by opening up their phone to sharing data and information with apps, health-care organizations and other companies.
Apple and Google actually both released the first public versions of the “Exposure Notification” API, which is simply an interface that allows for communication to happen between programs and data on a mobile device. While the APIs by themselves won’t share data and start contact tracing, they’ll allow future third-party applications that are designed for that purpose to work.
According to a TechCrunch report, the Exposure Notification systems employ a “decentralized identifier system that uses randomly generated temporary keys created on a user’s device (but not tied to their specific identity or info).
“Apple and Google’s API allows public health agencies to define what constitutes potential exposure in terms of exposed time and distance, and they can tweak transmission risk and other factors according to their own standards.”
In other words, the APIs from Google and Apple only work if users manually download a specific contact tracing app, and then turn on the function to share information.
Apple’s documentation for its new iOS 13.5 says the Exposure Notifications are turned off by default at the system level. In order to turn it on, you’d have to download an app from your local health authority and then explicitly give your permission to use anonymous data for the programs to work.
According to the company:
“Each user will have to make an explicit choice to turn on the technology. [It] can also be turned off by the user at any time. [It] does not collect location data from your device, and does not share the identities of other users to each other, Google or Apple.”
Data is only given to “public health authorities” as long as the apps they develop “meet specific criteria around privacy, security and data control,” the company says.
Despite the two huge tech companies assuring people these new Exposure Notification APIs and ensuing apps won’t compromise users’ data, there are plenty of people who are naturally concerned and skeptical. Even some in the legal community feel the same way, such as Ryan Calo, a professor at the University of Washington Law School.
Calo said societies are going to have to accept “privacy trade-offs,” otherwise these coronavirus tracking systems will be “unlikely to help people navigate their world, to leave their house and feel safe.”
DP3T, a technology group in Europe, says this promise of a safeguard, law enforcement agencies and/or hackers could still potentially break the safeguards, which could open the door to “long-term persistent surveillance of individuals by third parties.”
As Michael Veale, of the University College of London, said:
“We need a roadmap of where this is going, who might have access, and without that roadmap and accountability around it, it is very hard to say the system is secure against mission creep.”