INTRO: Google collaborated with Apple to develop Exposure Notification API that now powers contact tracing apps in 16 countries across Africa, Asia, Europe, North America, and South America. The software giants have today announced a few improvements in the API, along with privacy protections.
According to Google’s recent blog post, public health authorities will now have more flexibility in assessing the level of risk with a particular incident. Also, Google says it has calibrated Bluetooth values for hundreds of devices. As a result, the accuracy and precision of detection will get improved.
In addition, the API now supports interoperability between countries. This approach is likely to help different countries work together to track and contain the spread of the virus.
Coming to privacy protections, Google emphasizes that Exposure Notifications API does not use device location. Instead, it uses Bluetooth to detect when devices are near each other. The API seeks location permissions since Android links Bluetooth scanning to device location settings.
However, that behavior will change with Android 11. Google says that Android 11 users will be able to use exposure notification apps without having to turn on device location. Below are the key privacy protections of Exposure Notifications API, as pointed out by Google:
- You decide whether you want to use Exposure Notifications—it’s off unless you turn it on.
- ENS doesn’t use location data from your device.
- Your identity is not shared with Google, Apple, or other users.
- Only public health authorities can use this system.
Google has also published a few technical resources regarding how the API works behind the scenes. This includes a reference verification services to help public health authorities build a server that allows verification of test results, implementation code, and telemetry design.