"for the app to work, information that identifies a phone/person needs to be retained and exchanged with other identifiable phones/persons. All solutions require the information to be shared via a 'trusted' broker..."
Trusted broker, yes
Identifiable information exchanged, no
If I've understood the google/apple solution correctly, my phone comes into contact with your phone. It gives your phone a one time code. If you get the virus your phone uploads all the onetime codes it has received in the last 14 days to a server. Every phone downloads the list of all codes. When my phone sees one of its codes it looks at it's own data to identify what the contact was (how close, how long etc).
The server only ever has a bunch of random codes. The server is just message passing.
Biting the hand that feeds IT
