The coronavirus app is going deeped into your phone than you might think. Image: Shutterstock.

In brief Apple and Google plan to integrate a Bluetooth-based contact tracing technology into iOS and Android.

Corresponding apps should help track the spread of the coronavirus globally.

Experts fear that it could lead to greater surveillance through mobile phones.

American tech corporations Apple and Google issued a joint statement on April 10, announcing their plans to integrate a new Bluetooth-based coronavirus contact tracing technology into the iOS and Android operating systems.

“In the coming months, Apple and Google will work to enable a broader Bluetooth-based contact tracing platform by building this functionality into the underlying platforms. This is a more robust solution than an API,” the announcement stated, adding that it will “enable interaction with a broader ecosystem of apps and government health authorities.”

In theory, apps based on this new functionality will act as an “alarm,” warning you if your smartphone was in close proximity to a device tagged as “infected”—belonging to someone tested positive for the coronavirus. But there’s a catch.

The companies claim new technology will “maintain strong protections around user privacy,” yet its implementation could result in the exact opposite, according to Jaap-Henk Hoepman, associate professor of Computer Science at Radboud University.

Your phone might be watching you. Image: Shutterstock.

In his article titled “Stop the Apple and Google contact tracing platform. (Or be ready to ditch your smartphone.),” Hoepman argued that Apple and Google’s plans could expose people’s phones at the operating system layer.

“Even though ‘privacy, transparency, and consent are of utmost importance’, this is a game changing event that has grave consequences. [...] Instead of an app, the technology is pushed down the stack into the operating system layer creating a Bluetooth-based contact tracing platform. This means the technology is available all the time, for all kinds of applications,” he said.

“This effectively turns our smartphones into a global mass surveillance tool.” Jaap-Henk Hoepman

Additionally, Hoepman suspected that contact tracing won’t be limited by the pandemic period. After its implementation, the technology will remain embedded in smartphones’ operating systems—unless Apple and Google choose to remove it in the future.

The researcher noted that, according to the whitepapers, there are no guarantees that tracing will be used purely to track the coronavirus and not for some other purposes. At the same time, Bluetooth tracking is much more precise than GPS, meaning apps will be able to pinpoint your exact location up to a few meters.

“This means that two very important safeguards to protect our privacy are thrown out of the window,” said Hoepman.

He also noted that even if Apple and Google won’t exploit the technology themselves, the very fact of its existence on the OS-level means that other companies or entities potentially would.

Hoepman suggests that other apps could use the bluetooth tracking ability. Image: Shutterstock.

“Any decentralised scheme can be turned into a centralised scheme by forcing the phone to report to the authorities that it was at some point in time close to the phone of an infected person,” Hoepman argued. “In other words, certain governments or companies—using the decentralised framework developed by Apple and Google—can create an app that (without users being able to prevent this) report the fact that they have been close to a person of interest in the last few weeks.”

While Apple and Google's coronavirus platform itself may be decentralized, an app developed on top of it “breaks this protective shield” and collects the contact information centrally.

“This effectively turns our smartphones into a global mass surveillance tool,” warned Hoepman.

As an example, he described a situation where people could be forced or incentivized to install such apps, while manufacturers could even pre-install apps with this functionality on smartphones.

According to Hoepman, this way, Google Home will be able to tell who visited your house, jealous spouses could spy on their partners, police could track whether you were close to some of their suspects, and so on. All it takes is announcing any given device as “infected”—and it will force other smartphones in close proximity to unveil themselves on the network.

“If this is the medicine, I think it is worse than the disease,” Hoepman added.

In defense of the app

While the contact tracing initiative might be opening a door into mobile phones, the app itself might not be so bad.

Bitcoin lawyer and libertarian Preston Byrne has argued that he will download Google and Apple’s contract tracing app, as long as it’s not made mandatory and that the data isn’t being monetized or unlawfully shared with the government.

“I don’t like Apple. I don’t like Google. In my view these companies have unfair and anti-competitive strangleholds over mobile app distribution. I don’t like surveillance capitalism. I don’t like how these companies do business,” he said, in a blog post on April 12, adding, “But we should all use this app anyway.”

Byrne gave three reasons why he figured the app should be used—despite his reservations about Apple and Google.



First, he argued that it’s possible the app could be designed not to share the data with Apple, Google, or the government. He pointed to the open-source coronavirus app TraceTogether, which is run by the Singapore government and doesn’t share personal data. Although there’s no guarantee that this will be the case.

Byrne hopes the app will preserve data like TraceTogether does. Image: Shutterstock.

Second, he stated the government needs a warrant to access cell phone data from tech companies, including Apple and Google. This should help prevent the government from accessing the data en masse.

Third, he said that it’s probably too late anyway to preserve privacy. “If you use Twitter and you’re trying to be anonymous, chances are good that you’ve already failed. If you have the mobile apps you’ve definitely failed,” he said.

“If you use a mobile phone, it’s particularly easy to figure out who and where you are using IP addresses and cell phone tower locations. Your phones also have unique ad tracking identifiers known as IDFAs which follow you around wherever you go,” he added.

The point being that if the government has a warrant it can likely find out your whereabouts already. But is that too defeatist?