Apple is today releasing the third beta of iOS 13.5 for developers along with the first beta of Xcode 11.5, laying the groundwork for the release of its opt-in exposure notification APIs that will be used by public health apps to create coronavirus contact tracing tools.
iOS 13.4.5 has been bumped up to iOS 13.5 to include the code that’s necessary to run the first apps built using the exposure notification API, while Xcode 11.5 includes a new version of the iOS SDK with the exposure notification API.
Apple is working with Google on its exposure notification initiative, and Google has also delivered its beta Google Play Services update with the exposure notification API and SDK to select developers who can test using Android Developer Studio.
Public health authorities are able to use these new tools to begin getting their apps that take advantage of exposure notification ready. Apple is planning to release its exposure notification API in mid-May following the testing period.
Apple and Google first announced plans to develop Bluetooth-based contact tracing technology (now known as exposure notification) on April 10, providing a privacy-focused way to track coronavirus exposure.
The beta API released today is the first part of a two-prong effort to provide an exposure notification platform for health agencies. Apps created by verified health authorities can incorporate the API to allow smartphones to communicate with one another, providing users with notifications if they’ve come into contact with someone that is later diagnosed with COVID–19.
When smartphone users with a contact tracing app installed come into contact with another person that also has an app installed, their phones exchange an anonymous identifier beacon. If one of those people contracts coronavirus, they can then choose to notify all of the other people they’ve been in contact with, and at that point, all the other smartphones that have exchanged info with the infected person’s smartphone will be notified.
The API works cross platform on both iOS and Android devices, and it was built with privacy and transparency in mind. A random, rotating identifier, which changes every 15 minutes, is assigned to a person’s phone and transmitted via Bluetooth to nearby devices.
No personally identifiable information is associated with the identifier, and the list of identifiers a person has been in contact with doesn’t leave the phone unless the user decides to share it. Users that test positive will not be identified to other users, Apple, or Google, and location data is not collected.
Exposure time is recorded in five minute intervals, with the maximum exposure time capped at 30 minutes. All Bluetooth metadata is encrypted, and exposure estimates will rely on the power level of the Bluetooth signal to determine the distance between two phones when contact was made.
Public health authorities will be able to define and calculate an exposure risk level that they can choose to assign to users in the event they are notified of COVID–19 exposure, allowing for fine-tuned notifications that will evaluate exposure based on information like approximate distance and exposure duration. Exposure risk is calculated on users’ devices in the app and the data is not shared with Apple or Google.
Apple and Google on Friday plan to release additional information including sample code that will aid developers in understanding how the exposure notification system will operate, and specific criteria for developing apps.
Detailed privacy information about Apple’s exposure notification initiative is available on Apple’s Contact Tracing website, with info on Bluetooth and Cryptography specifications along with a Frequently Asked Questions feature.
In the future, Apple and Google plan to debut a broader Bluetooth-based contact tracing platform that is built into iOS and Android, allowing more individuals to participate.