Almost two months after tech giants Google and Apple teamed up to create a contact-tracing technology to contain the spread of coronavirus, the Exposure Notification tool has been rolled out for iOS and Android users in India. The solution, which is an API, or an application program interface, enables contact-tracing apps developed by governments and public health agencies to function reliably.
However, the API will not function in India as the Centre's COVID app—Aarogya Setu—is not compatible with the ‘Exposure Notification’ solution. The API functions only in a phone that has downloaded an application that it works with. “What we have built is not an app — rather public health agencies will incorporate the API into their own apple that people install,” the companies said in a release.
According to the companies' policies, the API should have been incorporated into the Aarogya Setu app. However, Aarogya Setu has not linked up to the Apple-Google API. This is because the Indian app has to undergo a few tweaks in terms of the underlying tech and privacy to be compatible with the API.
Even during the developing phase of the API, both Google and Apple had emphasised on the privacy standards the Exposure Notification tool would follow. As they released the tool on May 20, the companies said that the Exposure Notification does not collect location details of its users. However, Aarogya Setu does collect location details of its users. “The public health authority app is not allowed to use your phone’s location,” a Google blog states.
Further, the API does not allow public authorities to collect phone numbers from their users. Aarogya Setu collects such information during registration.
The “Exposure Notification API” in Aarogya Setu is off by default and requires users to opt in. Since Indian users cannot opt in anyway, the API is not collecting data from their phones.
Hence, there are a few tweaks and requirements that Aarogya Setu needs to fulfill so that it is compatible with Google's API. Google is stringent to the fact that its API will only work with the public health authority apps.
How does Exposure Notification work?
It utilises Bluetooth radios within smartphones. Ideally, when a user turns on the Exposure Notifications on his\her phone via Aarogya Setu, it will send random IDs to nearby phones (given that they have also turned on this setting). This way, your phone will exchange and store a lot of IDs throughout the day. If anyone from those stored IDs tests positive for COVID-19, the user will be notified accordingly. Notably, these random IDs change every 10-20 minutes to maintain user privacy and are stored for 14 days.
Under the notifications system, someone exposed to a person who tests positive for COVID-19 will receive an alert on their phone. The system will share "the day that contact happened", "how long the contact lasted" and "the Bluetooth signal strength of that contact". This way, all the contacts will be notified of the next steps.
In case you report that you have tested positive, you can choose to share those random IDs so that the users who have come in contact can be alerted. Google assures that your identity will not be shared with other users. “All of the Exposure Notification matchings happen on your device, which means only you and your app know if you report having Covid-19 or been exposed to someone who has reported having COVID-19. Your identity is never shared with other users, Apple, or Google,” as per the information on Google’s support page.
The solution has been adopted by several countries such as Australia, Austria, Brazil, Canada, Croatia, Denmark, Germany, Ghana, Ireland, Italy, Japan, Kenya, Latvia, Philippines, Poland, Saudi Arabia, Switzerland, the UK, and Uruguay, with many of them developing their contact-tracing apps on the basis of the Exposure Notification protocols.
