back to article Apple-Google COVID-19 virus contact-tracing API to bar location-tracking access

Apple and Google will ban location-tracking by apps using their new coronavirus contract-tracing API, newly renamed ExposureNotification. In a set of guidelines [PDF] for the API released today, the companies said that developers will not be able to access or even seek permission to access location data using the app. That's …

  1. Anonymous Coward
    Anonymous Coward

    Makes a change

    for Google/Apple to be seen as less Evil than [insert your National Government].

    1. RyokuMas
      Big Brother

      Re: Makes a change

      Personally, I'd still rather take my chances than install this - call me irresponsible if you will, but my distrust for big corporations and politicians is probably deeper-rooted than a linux user's grudge against Microsoft...

      1. Jim Birch

        Re: Makes a change

        It's not all about you. Think outside your individualism ideology.

        In general, the value of a network increases with the number of nodes and this is no exception. It will only work with a significant uptake.

        Secondly, you aren't doing this for yourself anyway. If you are young and healthy you are very unlikely to die. You would probably get quite sick and have a real chance of ending up with residual lung damage that it might take (eg) a year to clear. The people at real risk are your and other people's grandparents and people with diseases like diabetes. If you don't care about them, then go with protecting yourself from the security risk. the risk is very minor compared to a whole bunch of stuff you and the rest of us do every day but it does have that cool narrative of heroic individual resistance.

        1. Intractable Potsherd

          Re: Makes a change

          @Jim Birch: Ultimately, I *don't* care enough about others that the privacy of myself and others is negotiable. At root, I rather despise the people who put their life before all other things regardless of cost to others. Life is about more than the mere fact of living - quality beats quantity and these apps have a huge potential to reduce quality of life for far more people than will die, just as the results of the lockdown will have devastating effects on far more people than it will benefit. Part of his is familial - we all have an attitude of "if it's your time, so be it", couple with "I don't want to be a burden on anyone". I'd possibly have more relatives left if we had a different attitude, but c'est la vie et la mort. I was mortified when my wife insisted we self-isolate for a fortnight recently, and we had to accept help from others (even though I would happily offer that same help to others). My mum, in her mid-eighties, is going about her business almost as usual, and I'm pleased that she is.

          I have long been a supporter of human rights, but, increasingly, the damage that the current iteration has on communitarianism has troubled me, and the response to this virus has crystallised that to near opposition. It is time for some good old-fashioned utilitarianism to be applied - balance harms with benefits.

          1. Intractable Potsherd

            Re: Makes a change

            By coincidence, I just read this article that makes some of my points much more articulately: https://unherd.com/2020/05/why-we-should-take-risks-over-covid-19/?tl_inbound=1&tl_groups[0]=18743&tl_period_type=3

          2. Trigonoceps occipitalis

            Re: Makes a change

            "quality beats quantity"

            You only live once, but if you do it right, once is enough.

            Mae West

    2. Dinanziame Silver badge
      Devil

      Re: Makes a change

      In the very specific subject of privacy in UK, that's pretty standard.

    3. NonSSL-Login

      Re: Makes a change

      One assumes Google will still slurp and keep the location data for themselves. Just not sharing it with others....except the obligatory NSA, FBI, CIA etc.

      It has always bugged me how Google has got away with bundling Bluetooth permissions with location so they can get location on apps that don't need it. There is no need for the app for bluetooth scales to need the location permission but impossible to use it if you deny,

      Of course, having bluetooth in hair brushes, toothbrushes, toasters etc is another debate on its own...

      1. SImon Hobson Silver badge

        Re: Makes a change

        That's been explained a number of times already.

        Using bluetooth to find other devices - as is needed to hook up to your scales for example - is one way of identifying location. Build up a large enough database of IDs, and proximity to another devices is enough to locate you fairly closely. As with doing the same thing via WiFi SSIDs or base station MACs, you can be as careful as you want, it only needs one "I've nothing to hide" id10t to populate that database.

        And THAT is why finding your scales means granting location permissions to an app.

  2. Ken Hagan Gold badge

    one app per country?

    Wouldn't it make more sense to have one app, or is cross-border travel a thing of the past?

    Also, is there just one distributed database that everyone is using, or is that split, too?

    1. Gordon 10 Silver badge
      FAIL

      Re: one app per country?

      And how precisely do you expect countries to agree to that? Get a UN resolution and then half of them ignore it.

    2. NonSSL-Login

      Re: one app per country?

      It makes more sense to throw the tracking app idea out the window altogether.

      Judging distances via bluetooth is a shambles to begin with due to how all different phones with different chipsets output the BT signal and how they receive it. Working on that flawed data and advising people (advising them what exactly?) based on that is pointless,

      Even if you accept someone will change their behaviour based on the app, we have to assume everyone has a mobile phone and installs the app. There would be so many holes and missing information in the big picture, I just dont see it being useful in any way at all. Except for goverments to have one database to easily track who interacts with who, without waiting for the NSA and GHCQ's to do the search through their collated phone mast info instead. /Cynic

      1. Pirate Dave Silver badge
        Pirate

        Re: one app per country?

        Not to mention the fact that they seem to expect people to voluntarily tell the app that they have Corona. So...their entire dataset is built on voluntary submission from users. The same users who forget their 4-digit pin within 5 minutes of setting it.

        And what happens when the 4Chan/Anonymous crowd (or whatever they're called these days) decide to start playing around with these "voluntary" submissions or submitting bogus submissions? It all seems like the Highway to Clusterfuck to me.

        1. Anonymous Coward
          Anonymous Coward

          Re: one app per country?

          "Not to mention the fact that they seem to expect people to voluntarily tell the app that they have Corona. So...their entire dataset is built on voluntary submission from users."

          A.K.A. "crowdsourcing", which is what a large chunk of the web from Wikipedia to Tripadvisor is built upon.

          You just need someone to be able to "Like" your announcement that you have Covid-19, and possibly upload a photo of the person you caught it from.

      2. ilmari

        Re: one app per country?

        Do they actually need to judge distances though? Isn't it enough to be in range?

        1. Anonymous Coward
          Anonymous Coward

          Re: one app per country?

          "Do they actually need to judge distances though?"

          Yes - read the TraceTogether stuff for an explanation of the difficulties and how to overcome them.

      3. Big_Baldy_Bloke

        Re: one app per country?

        "we have to assume everyone has a mobile phone and installs the app". No we don't; it doesn't have to be perfectly adopted or to perfectly judge distance by Bluetooth to have the potential to help. I can see the value of a central database in giving epidemiologists better information to help manage this pandemic, and also better insight for future pandemics.

        I heard talk up front of sunset clauses that would ensure the data was deleted by a certain date. I don't think that is happening now, and worse, apparently a user has no right to request deletion of submitted data (if true, I don't know what exception the HMG is using to get through GDPR) and it appears selling on of the data is no longer excluded.

        So, I have no problem with the principle of contributing personal data for overall Public Health benefit, and I started wanting to support the HMG app but the implementation looks worse and worse. Perhaps inevitable in any HMG IT project of this scale.

        But I still expect to use the app.

        PS I am one of the 3 million people voluntarily reporting through the COVID Symptom Tracker which has produced some interesting results already https://covid.joinzoe.com/

    3. Anonymous Coward
      Anonymous Coward

      They didn't say users couldn't install more than one app

      Just that there isn't more than one app allowed per country - so the US has one official app, you can't get a state like Florida creating their own or companies confusing people by creating "USA coronavirus app" that slings ads for bleach at you or something.

  3. Anonymous Coward
    Anonymous Coward

    What about outdated phones?

    There's a huge number of android phones that don't get OS updates anymore. Is the new API ever going to be available on those?

    EDIT: Never mind I found the answer. It's going to be implemented in in the play services - a bit of Android that's closed source and kept updated by Google themselves.

    1. Adam 1

      Re: What about outdated phones?

      Outdated phones? Well Covidsafe (Australia's effort) requires Android 6+ to install, which my phone purchased in early 2018 doesn't support. Love to know why they used that baseline given the stated need to have high installation base.

      1. sqlrob

        Re: What about outdated phones?

        Early 2018 and don't have 6? It was EOL a year before that.

        1. Adam 1

          Re: What about outdated phones?

          That's not how the OEMs operated back then. (particularly certain middle Kingdom manufacturers who forked Android 5.1 to add their own shameless iOS clone UI).

          Fragmentation in Android is much lower these days, but again, I am yet to find another app which reports it is incompatible with my device.

  4. Gordon 10 Silver badge
    Unhappy

    I hoped for a second

    That this meant the UK app was going to be blocked as they have made a big deal of doing GPS access as an addon. In reading the details looks like they can still go ahead as long as they dont access the Google or Api contact tracking API in the same app.

    I think this then puts a lie to the fact that the Data Guzzlers at NHSX and friends can use the Google/Apple API's.

    I do wonder what happens if Scotland say decides to develop a separate app based around DP3T - do either Apple or Google have a separate AppStore for Scotland?

    1. schultzter

      Re: I hoped for a second

      Yes, they can separate their app stores by country, or at least what you see available to you according to your region and the region(s) specified in the app. There are a number of factors they take into account when automagically filtering apps.

  5. Woodnag

    Wording

    Are they "banning location-tracking" or "preventing location-tracking"? What if the app comprises two processes, which communicate, and the while BLE process is "not ... able to access or even seek permission to access location data", the companion process can and does?

  6. Doctor Syntax Silver badge

    It's not hard to work out why HMG decided not to go with that.

    1. Freddie

      Good point. Giving the epidemiologists that dataset will have immense value. If we study this outbreak properly then hopefully we can save many more lives next time around.

  7. Anonymous Coward
    Anonymous Coward

    Not optional at all

    If it's an API they're going to bake into iOS and Andoird, there's no way to opt-out, it wil be used by google just like they use location now, even when its turned off. So saying you're not going to "download it" doesn't make sense, it will be there in the next Android update, ready for the guvmints to use on you.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022