Utah declines Apple-Google exposure notification API for app made by social media startup
The state of Utah has rejected the Apple-Google Exposure Notification framework in favor of a less private contact tracing app created by social media startup Twenty.
Screenshots of Utah's new 'Healthy Together' contact tracing app. Credit: Twenty
Digital contact tracing, or using software to track and curb the spread of diseases like COVID-19, is seen as a way out of current social distancing and stay-at-home mandates. On April 10, Apple and Google announced a developer framework that would allow public health organizations to create their own contact tracing apps. Just a couple of weeks later, Utah unveiled an app called Healthy Together.
Although the ultimate goal of the two solutions is the same, the systems take vastly different approaches. Healthy Together was created by a company called Twenty, known for an app that lets young people meet up in person. Unlike the Apple-Google API, Utah's contact tracing solution relies on personally identifiable information.
Some of the data Healthy Together collects includes GPS, cell tower location data, and Bluetooth signal data. It also requests access to a user's phone contacts, according to national security blog Lawfare. Healthy Together's privacy policy states that this data may be shared with public health officials and a "limited number" of development staffers working at Twenty.
That stands in stark contrast to the Apple-Google API, which relies on anonymized Bluetooth identifiers and only stores data locally on a user's device. The Apple-Google solution isn't an app -- it's a toolkit that health organizations can use to build their own exposure notification apps.
On Utah's government website, state officials argue that relying on Bluetooth alone gives a "less accurate picture" than its solution. That's the reason for adding GPS location data into the mix, as well as the reason why the state has rejected the Apple-Google framework.
Twenty's founders told CNBC that the app is opt-in, and users can choose to limit Bluetooth and Location Services permissions if they want. Any data stored on Twenty's servers is deleted after 30 days, they added.
Privacy experts and civil liberties advocates have long had concerns about mass location surveillance. And although the Apple-Google solution isn't perfect, it places great emphasis on protecting user privacy.
It's also worth noting that, by rejecting the Apple-Google API, it's likely that Healthy Together will work less effectively in the background due to built-in security restrictions in iOS.
Americans appear to be skeptical of contact tracing efforts, per some early surveys. Technologists generally think trust will be important as public health organizations attempt to get to the reported 60% adoption rate required for contact tracing to be effective.
A Utah public health spokesperson told CNBC that Healthy Together's use of personally identifiable location data makes that 60% adoption statistic less necessary.
Healthy Together is currently in beta testing and no data is being used for contact tracing. Twenty eventually hopes to sell the app and back-end to other states, as well as private companies, CNBC reported.
In addition to digital contact tracing, Healthy Together also has resources about coronavirus symptoms, testing facilities and a feature that lets users see their test results within the app.
The state of Utah isn't the only government to reject Apple's and Google's framework. In the UK, the National Health Service has also decided to forego the API in favor of its own contact tracing app.
Screenshots of Utah's new 'Healthy Together' contact tracing app. Credit: Twenty
Digital contact tracing, or using software to track and curb the spread of diseases like COVID-19, is seen as a way out of current social distancing and stay-at-home mandates. On April 10, Apple and Google announced a developer framework that would allow public health organizations to create their own contact tracing apps. Just a couple of weeks later, Utah unveiled an app called Healthy Together.
Although the ultimate goal of the two solutions is the same, the systems take vastly different approaches. Healthy Together was created by a company called Twenty, known for an app that lets young people meet up in person. Unlike the Apple-Google API, Utah's contact tracing solution relies on personally identifiable information.
Some of the data Healthy Together collects includes GPS, cell tower location data, and Bluetooth signal data. It also requests access to a user's phone contacts, according to national security blog Lawfare. Healthy Together's privacy policy states that this data may be shared with public health officials and a "limited number" of development staffers working at Twenty.
That stands in stark contrast to the Apple-Google API, which relies on anonymized Bluetooth identifiers and only stores data locally on a user's device. The Apple-Google solution isn't an app -- it's a toolkit that health organizations can use to build their own exposure notification apps.
On Utah's government website, state officials argue that relying on Bluetooth alone gives a "less accurate picture" than its solution. That's the reason for adding GPS location data into the mix, as well as the reason why the state has rejected the Apple-Google framework.
Twenty's founders told CNBC that the app is opt-in, and users can choose to limit Bluetooth and Location Services permissions if they want. Any data stored on Twenty's servers is deleted after 30 days, they added.
Privacy experts and civil liberties advocates have long had concerns about mass location surveillance. And although the Apple-Google solution isn't perfect, it places great emphasis on protecting user privacy.
It's also worth noting that, by rejecting the Apple-Google API, it's likely that Healthy Together will work less effectively in the background due to built-in security restrictions in iOS.
Americans appear to be skeptical of contact tracing efforts, per some early surveys. Technologists generally think trust will be important as public health organizations attempt to get to the reported 60% adoption rate required for contact tracing to be effective.
A Utah public health spokesperson told CNBC that Healthy Together's use of personally identifiable location data makes that 60% adoption statistic less necessary.
Healthy Together is currently in beta testing and no data is being used for contact tracing. Twenty eventually hopes to sell the app and back-end to other states, as well as private companies, CNBC reported.
In addition to digital contact tracing, Healthy Together also has resources about coronavirus symptoms, testing facilities and a feature that lets users see their test results within the app.
The state of Utah isn't the only government to reject Apple's and Google's framework. In the UK, the National Health Service has also decided to forego the API in favor of its own contact tracing app.
Comments
Only Android reports device location almost continuously, many times per hour (to Google), whether or not the user even touches their device. iOS users demand better, and the Apple-Google collaboration delivers.
Note that like on Apple if you were to do so some Android services will also become hobbled and some basic features will not be available.
https://digitalcontentnext.org/wp-content/uploads/2018/08/DCN-Google-Data-Collection-Paper.pdf
iOS users do not need to disable location tracking completely in order to avoid being tracked all the time. Each app has its own settings.
You and Google would like everyone to believe Apple is no better (so just give in to the devil already!) but it's simply not the case.
And what the heck CPSPRO? I've generally considered you to be honest. I never claimed Google and Apple are the same. Read my post again. To accomplish the same "opt out entirely" on Google Android requires more than one setting be visited. Apple handles it more directly. But you CAN do the same thing on Android which has granular permissions PER APP along the same lines as Apple.
Read more, something more current than two years ago, then come back and claim I'm serving up misinformation. I won't bother waiting because you won't be able to. I don't and never intentionally. Never.
https://developer.android.com/preview/privacy/permissions
https://support.google.com/nexus/answer/6179507?hl=en
It appears it may have been available since April 22. If that's actually the correct date, I'd think it highly unlikely that Utah would have "rejected" the Apple/Google APIs but that they contracted with Twenty before those efforts were public. After the API announcement, the spin began -- Utah gov. to people or Twenty to Utah gov (or both).
Apple’s API hasn’t been released yet and will only be compatible with devices running the very latest iOS version. It’s a similar story on Android. These apps require mass adoption to work effectively and that’s not going to happen if they require the very latest OS version to work.
The NHS’s app has been released under a MIT license and is available on GitHub if anyone wants to take a look at the code (https://github.com/nhsx/COVID-19-app-iOS-BETA). It’s got a pretty clever workaround for the the lack of true background functionality, relying on nearby devices to wake the app up.
That's a 100% accurate and factual statement. Your followup is simply intended to obfuscate.
I'm beginning to waver on my opinion of your honesty.
By the way you're not helping yourself by making up stories about Google seizing and profiting from your photos for ads etc. You're not curious why 5 years into it there's not one single instance of them ever doing so? They cannot, no more than Apple can do so. Both company's privacy policies prevent it (even ignoring Google's statement from 2015 that "your photos remain yours" and are private), but does allow them to modify, store, and access them according to your wishes. Those photos fall under the personally identifiable data sections. YOU control what is done with them, not Apple and not Google.
And no that doesn't mean "Apple is just like Google" LOL.