here is the explanation of the Apple/Google Notification system:
quote:
5. How will the system protect user privacy and security?
Google and Apple put user privacy at the forefront of this exposure notification technology’s design and have established strict guidelines to ensure that privacy is safeguarded:
• Each user will have to make an explicit choice to turn on the technology. It can also be turned off by the user at any time.
4 • The Exposure Notifications System does not share location data from the user’s device with the Public Health Authority, Apple, or Google
• Random Bluetooth identifiers rotate every 10-20 minutes, to help prevent tracking.
• Exposure notifications are only done on the user’s device. In addition people who test positive are not identified by the system to other users, or to Apple or Google.
• The system is only used to assist contact tracing efforts by public health authorities.
• Google and Apple will disable the Exposure Notifications System on a regional basis when it is no longer needed.
a. Can I turn it off? Yes. The choice to use this technology rests with the user, and they can turn it off at any time in Settings.
6. Will governments have access to the information facilitated by this technology?
The goal of this project is to assist public health authorities in their efforts to fight COVID-19 by enabling exposure notification in a privacy-preserving manner, and the system is designed so that the identities of the people a device comes in contact with are protected. Access to the technology will be granted only to public health authorities. If they create an app, it must meet specific criteria around privacy, security, and data control. The public health authority will be able to access a list of beacons provided by users confirmed as positive for COVID-19 who have consented to sharing them. The system was also designed so that Apple and Google do not have access to information related to any identifiable individual.
7. Where is the data stored and who has access to it? If a user decides to participate, exposure notification data will be stored and processed on device. Other than the random Bluetooth identifiers that are broadcast, no data will be shared by the system with the public health authority unless one of the following two scenarios takes place:
• If a user chooses to report a positive diagnosis of COVID-19, the user’s most recent keys to their Bluetooth beacons will be added to the positive diagnosis list shared by the public health authority so that other users who came in contact with those beacons can be alerted.
• If a user is notified that they have come into contact with an individual who is positive for COVID-19 the system will share the day the contact occurred, how long it lasted and the Bluetooth signal strength of that contact, as well as the type of report (such as confirmed by test, clinical diagnosis, or self-report). Any other information about the contact will not be shared.
5 In keeping with our privacy guidelines, Apple and Google will not receive identifying information about the user, device location data, or information about any other devices the user has been in proximity of.
8. Will my data be monetized by Google or Apple?
No, there will be no monetization from this project by Apple or Google. Consistent with well established privacy principles, both companies are minimizing data used by the system and relying on users’ devices to process information.
9. Who will create the apps and where do I find them? Public health authorities will update or create apps which users may install if they choose to participate. Google and Apple will make available, as normal, the public health authority apps for each region in the Play Store and App Store. In some regions, Exposure Notifications will be available without an app created by the public health authority. If this is available in your region, you’ll receive a notification when it becomes available, and you can decide whether you want to participate.
10. How will apps get approval to use this system?
Apps will receive approval based on a specific set of criteria designed to ensure they are only administered in conjunction with public health authorities, meet our privacy requirements, and protect user data. The criteria are detailed separately in agreements that developers enter into to use the API, and are organized around the principles of functionality and user privacy. There will be restrictions on the data that apps can collect when using the API, including not being able to request access to location services, and restrictions on how data can be used.
11. What public health authority can users contact about Exposure Notifications for their region?
Google and Apple are currently in discussions with various public health authorities globally to provide them with this technology. Both companies will highlight public health authority apps that use this technology where they are available.
12. How do users report themselves as positive for COVID-19?
The mechanism for allowing users to report themselves as positive will be determined by the relevant public health authority and may vary across regions. Some public health authorities may allow users to verify a test result using a pin code, while others may provide different mechanisms for verification.
13. How does the system know when I have been exposed?
The public health authority sets parameters to determine if someone has been exposed. For example, by defining the risk parameters based on estimated time the user has been in contact with someone who has been diagnosed as positive for COVID-19 and the approximate distance between the users. Public health authorities will set a minimum threshold for time spent together. To approximate distance, the system compares the Bluetooth signal strength between the two devices in contact. The closer the devices are, the higher the signal strength recorded. This signal strength can vary significantly based on factors like how the device is being held and as such this only provides an estimate of distance.