Utah declines Apple-Google exposure notification API for app made by social media startup

Posted:
in General Discussion
The state of Utah has rejected the Apple-Google Exposure Notification framework in favor of a less private contact tracing app created by social media startup Twenty.

Screenshots of Utah's new 'Healthy Together' contact tracing app. Credit: Twenty
Screenshots of Utah's new 'Healthy Together' contact tracing app. Credit: Twenty


Digital contact tracing, or using software to track and curb the spread of diseases like COVID-19, is seen as a way out of current social distancing and stay-at-home mandates. On April 10, Apple and Google announced a developer framework that would allow public health organizations to create their own contact tracing apps. Just a couple of weeks later, Utah unveiled an app called Healthy Together.

Although the ultimate goal of the two solutions is the same, the systems take vastly different approaches. Healthy Together was created by a company called Twenty, known for an app that lets young people meet up in person. Unlike the Apple-Google API, Utah's contact tracing solution relies on personally identifiable information.

Some of the data Healthy Together collects includes GPS, cell tower location data, and Bluetooth signal data. It also requests access to a user's phone contacts, according to national security blog Lawfare. Healthy Together's privacy policy states that this data may be shared with public health officials and a "limited number" of development staffers working at Twenty.

That stands in stark contrast to the Apple-Google API, which relies on anonymized Bluetooth identifiers and only stores data locally on a user's device. The Apple-Google solution isn't an app -- it's a toolkit that health organizations can use to build their own exposure notification apps.

On Utah's government website, state officials argue that relying on Bluetooth alone gives a "less accurate picture" than its solution. That's the reason for adding GPS location data into the mix, as well as the reason why the state has rejected the Apple-Google framework.

Twenty's founders told CNBC that the app is opt-in, and users can choose to limit Bluetooth and Location Services permissions if they want. Any data stored on Twenty's servers is deleted after 30 days, they added.

Privacy experts and civil liberties advocates have long had concerns about mass location surveillance. And although the Apple-Google solution isn't perfect, it places great emphasis on protecting user privacy.

It's also worth noting that, by rejecting the Apple-Google API, it's likely that Healthy Together will work less effectively in the background due to built-in security restrictions in iOS.

Americans appear to be skeptical of contact tracing efforts, per some early surveys. Technologists generally think trust will be important as public health organizations attempt to get to the reported 60% adoption rate required for contact tracing to be effective.

A Utah public health spokesperson told CNBC that Healthy Together's use of personally identifiable location data makes that 60% adoption statistic less necessary.

Healthy Together is currently in beta testing and no data is being used for contact tracing. Twenty eventually hopes to sell the app and back-end to other states, as well as private companies, CNBC reported.

In addition to digital contact tracing, Healthy Together also has resources about coronavirus symptoms, testing facilities and a feature that lets users see their test results within the app.

The state of Utah isn't the only government to reject Apple's and Google's framework. In the UK, the National Health Service has also decided to forego the API in favor of its own contact tracing app.

Comments

  • Reply 1 of 12
    SpamSandwichSpamSandwich Posts: 33,407member
    I’d never volunteer anything to the people who are most interested in collecting this information. 
    mike1mailmeofferslkruppwatto_cobra
  • Reply 2 of 12
    cpsrocpsro Posts: 3,192member
    The data resides on Twenty's servers for just 30 days... but don't worry, it's harvested by the state and other interested 3rd parties before deletion.

    Only Android reports device location almost continuously, many times per hour (to Google), whether or not the user even touches their device. iOS users demand better, and the Apple-Google collaboration delivers.
    edited May 2020 watto_cobra
  • Reply 3 of 12
    gatorguygatorguy Posts: 24,176member
    cpsro said:
    The data resides on Twenty's servers for just 30 days... but is harvested by the state and other interested 3rd parties before deletion.

    Only Android reports device location almost continuously, many times per hour (to Google), whether or not the user even touches their device. iOS users demand better, and the Apple-Google collaboration delivers.
    You can do the same thing on both platforms: Opt out of all location tracking. Google Android requires more than one setting be turned off unlike Apple which offers a "master off" switch if you really REALLY want to entirely stop location tracking. Just consider what you lose as a result. 

    Note that like on Apple if you were to do so some Android services will also become hobbled and some basic features will not be available. 
    edited May 2020
  • Reply 4 of 12
    cpsrocpsro Posts: 3,192member
    gatorguy said:
    cpsro said:
    The data resides on Twenty's servers for just 30 days... but is harvested by the state and other interested 3rd parties before deletion.

    Only Android reports device location almost continuously, many times per hour (to Google), whether or not the user even touches their device. iOS users demand better, and the Apple-Google collaboration delivers.
    You can do the same thing on both platforms: Opt out of all location tracking. Google Android requires more than one setting be turned off unlike Apple which offers a "master off" switch if you really REALLY want to entirely stop location tracking. Just consider what you lose as a result. 

    Note that like on Apple if you were to do so some Android services will also become hobbled and some basic features will not be available. 
    False and misinformation. https://www.techspot.com/news/76092-study-shows-google-tracking-practices-go-way-beyond.html
    https://digitalcontentnext.org/wp-content/uploads/2018/08/DCN-Google-Data-Collection-Paper.pdf

    iOS users do not need to disable location tracking completely in order to avoid being tracked all the time. Each app has its own settings.

    You and Google would like everyone to believe Apple is no better (so just give in to the devil already!) but it's simply not the case.
    edited May 2020 pscooter63mwhitelkruppdewmewatto_cobra
  • Reply 5 of 12
    gatorguygatorguy Posts: 24,176member
    cpsro said:
    gatorguy said:
    cpsro said:
    The data resides on Twenty's servers for just 30 days... but is harvested by the state and other interested 3rd parties before deletion.

    Only Android reports device location almost continuously, many times per hour (to Google), whether or not the user even touches their device. iOS users demand better, and the Apple-Google collaboration delivers.
    You can do the same thing on both platforms: Opt out of all location tracking. Google Android requires more than one setting be turned off unlike Apple which offers a "master off" switch if you really REALLY want to entirely stop location tracking. Just consider what you lose as a result. 

    Note that like on Apple if you were to do so some Android services will also become hobbled and some basic features will not be available. 
    False and misinformation. https://www.techspot.com/news/76092-study-shows-google-tracking-practices-go-way-beyond.html
    https://digitalcontentnext.org/wp-content/uploads/2018/08/DCN-Google-Data-Collection-Paper.pdf

    iOS users do not need to disable location tracking completely in order to avoid being tracked all the time. Each app has its own settings.

    You and Google would like everyone to believe Apple is no better (so just give in the devil already!) but it's simply not the case.
    Android also has settings PER APP. Look it up.

    And what the heck CPSPRO? I've generally considered you to be honest. I never claimed Google and Apple are the same. Read my post again. To accomplish the same "opt out entirely" on Google Android requires more than one setting be visited. Apple handles it more directly. But you CAN do the same thing on Android which has granular permissions PER APP along the same lines as Apple. 

    Read more, something more current than two years ago, then come back and claim I'm serving up misinformation. I won't bother waiting because you won't be able to.  I don't and never intentionally. Never.
    https://developer.android.com/preview/privacy/permissions
    https://support.google.com/nexus/answer/6179507?hl=en
    edited May 2020
  • Reply 6 of 12
    stompystompy Posts: 408member
    The state of Utah has rejected the Apple-Google Exposure Notification framework in favor of a less private contact tracing app created by social media startup Twenty.

    Healthy Together is currently in beta testing and no data is being used for contact tracing. Twenty eventually hopes to sell the app and back-end to other states, as well as private companies, CNBC reported.

    The state of Utah isn't the only government to reject Apple's and Google's framework. In the UK, the National Health Service has also decided to forego the API in favor of its own contact tracing app.
    While most of what's claimed in this post seems true, a quick search on the app store says this is available now, not that it's in beta.

    It appears it may have been available since April 22. If that's actually the correct date, I'd think it highly unlikely that Utah would have "rejected" the Apple/Google APIs but that they contracted with Twenty before those efforts were public. After the API announcement, the spin began -- Utah gov. to people or Twenty to Utah gov (or both).
    gatorguy
  • Reply 7 of 12
    chadbagchadbag Posts: 1,999member
    Living in Utah, today was the first day I’d heard of this app.  Good luck getting anyone to download and use it.   This has fail written all over it. 

    Luckily the virus has been relatively mild here and the “quarantine” not really strict, with just inside sit down restaurants, bars, and personal services (hair, nails, massage and that sort of thing) closed for the most part. Plus schools.  And with a partial re-open since the beginning of May.  My wife (only have one) is an ICU nurse at the largest local hospital system and their Covid unit has been busy but not abnormally so and has not gotten worse.  
    watto_cobra
  • Reply 8 of 12
    xbitxbit Posts: 390member
    No-one seems to be talking about why apps like the NHS one aren’t using Apple’s API.

    Apple’s API hasn’t been released yet and will only be compatible with devices running the very latest iOS version. It’s a similar story on Android. These apps require mass adoption to work effectively and that’s not going to happen if they require the very latest OS version to work.

    The NHS’s app has been released under a MIT license and is available on GitHub if anyone wants to take a look at the code (https://github.com/nhsx/COVID-19-app-iOS-BETA). It’s got a pretty clever workaround for the the lack of true background functionality, relying on nearby devices to wake the app up.
    williamlondondewme
  • Reply 9 of 12
    cpsrocpsro Posts: 3,192member
    gatorguy said:
    Read more, something more current than two years ago, then come back and claim I'm serving up misinformation. I won't bother waiting because you won't be able to.  I don't and never intentionally. Never.
    https://developer.android.com/preview/privacy/permissions
    https://support.google.com/nexus/answer/6179507?hl=en
    The Vanderbilt study from August 2018 is not outdated and remains highly relevant. Google is (overly) zealous in its information gathering. Android and Chrome platforms, AdSense, AdMob, AdWords, Search, YouTube, Maps, Google Analytics. Data collection hundreds of times per day even from an unused device. "Free" photos service that gives Google a perpetual, world-wide, royalty-free right to use the user's data for any profitable purpose, even after the user closes their account and deletes their data. The company is pathetic.
    watto_cobra
  • Reply 10 of 12
    smiffy31smiffy31 Posts: 202member
    xbit said:
    No-one seems to be talking about why apps like the NHS one aren’t using Apple’s API.

    Apple’s API hasn’t been released yet and will only be compatible with devices running the very latest iOS version. It’s a similar story on Android. These apps require mass adoption to work effectively and that’s not going to happen if they require the very latest OS version to work.

    The NHS’s app has been released under a MIT license and is available on GitHub if anyone wants to take a look at the code (https://github.com/nhsx/COVID-19-app-iOS-BETA). It’s got a pretty clever workaround for the the lack of true background functionality, relying on nearby devices to wake the app up.

    The API has been released as a beta so it is possible to test, there is even example code, available, the big advantage is that apple/google will use a lot less battery, there are no 'clever' workarounds, what's more they will even work if you have not installed the app so even more chance of mass adoption, and if you change state/country they will even work cross border as well.

    The biggest WHY the don't want to use these APIs is that they are not allowed to use GPS to tract the whereabouts of the user, which if you think about it is not much uses where you are most likely to have transmission of the virus, i.e; INDOORS
  • Reply 11 of 12
    gatorguygatorguy Posts: 24,176member
    cpsro said:
    gatorguy said:
    Read more, something more current than two years ago, then come back and claim I'm serving up misinformation. I won't bother waiting because you won't be able to.  I don't and never intentionally. Never.
    https://developer.android.com/preview/privacy/permissions
    https://support.google.com/nexus/answer/6179507?hl=en
    The Vanderbilt study from August 2018 is not outdated and remains highly relevant. Google is (overly) zealous in its information gathering. Android and Chrome platforms, AdSense, AdMob, AdWords, Search, YouTube, Maps, Google Analytics. Data collection hundreds of times per day even from an unused device. "Free" photos service that gives Google a perpetual, world-wide, royalty-free right to use the user's data for any profitable purpose, even after the user closes their account and deletes their data. The company is pathetic.
    I believe we're talking about your claims about Android smartphones and whether you can opt out of location on a granular basis per app basis (Like with iOS it's "Always/Never/While in use") or even entirely for all apps and services. You can do either or both. The "opt out of all" is just not as direct as it is in iOS and TBH it really should be.

    That's a 100% accurate and factual statement. Your followup is simply intended to obfuscate.
    I'm beginning to waver on my opinion of your honesty. 

    By the way you're not helping yourself by making up stories about Google seizing and profiting from your photos for ads etc. You're not curious why 5 years into it there's not one single instance of them ever doing so? They cannot, no more than Apple can do so. Both company's privacy policies prevent it (even ignoring Google's statement from 2015 that "your photos remain yours" and are private), but does allow them to modify, store, and access them according to your wishes. Those photos fall under the personally identifiable data sections. YOU control what is done with them, not Apple and not Google.

    And no that doesn't mean "Apple is just like Google" LOL. 
    edited May 2020
  • Reply 12 of 12
    GeorgeBMacGeorgeBMac Posts: 11,421member
    The Apple-Google thingee is not a public health tracing app -- it was even renamed because of that.

    As the country reopens -- which it must do at some point -- we need a replacement for social distancing / stay at home orders.   And, knowing that there are tens of thousands of Typhoid Mary's roaming our streets and businesses, there are only two ways to prevent a massive resurgence of the virus:   Either Prayer  Or, effective testing and tracing to find and remove those Typhoid Mary's from our streets & businesses.

    Any advocate of limiting tracing due to privacy concerns is really saying they value their personal privacy over the economic well being of the nation and the lives of its citizens.
Sign In or Register to comment.