France is pressing Apple to let its forthcoming coronavirus contact-tracing app work in the background on iPhones without building in the privacy measures the US company wants. The country’s digital minister confirmed the request in an interview given to Bloomberg. France’s system would let it glean more information about participating smartphone owners than Apple and its partner Google want to allow.
Privacy experts view it as a test case. “Apple has no reason to agree to this demand and it would open the door to many other requests from other countries and entities,” Prof. Olivier Blazy from the country’s University of Limoges, told BBC News. “As a Frenchman, I think it would be useful to avoid being dependent on the Google-Apple solution but I think it’s strange that the government strategy relies on trying to convince Apple to do something that is against its interest, with no incentive to do so.”
Apple and Google announced on 10 April they were working together to provide a software building-block – known as an Application Programming Interface (API) – that will let authorised Covid-19 contact-tracing apps work more efficiently. Contact-tracing apps work by logging every time two or more users are close to each other for a substantial period of time.
If one device owner is subsequently diagnosed as being likely to have the virus, an alert can be sent to those they could have infected, who might be asked to self-isolate. By using such an app in conjunction with other measures, it would in theory be possible to end wider lockdowns and still suppress the disease, so long as enough people take part. Apple and Google’s method relies on using Bluetooth signals to detect matches.
But they have deliberately designed it so neither they nor the apps’ creators can see who has been given a warning. The companies have said this is to guarantee “strong protections around user privacy”, which in turn should encourage adoption. By contrast, Inria – the French institute developing its StopCovid app – has developed a system of its own, called Robert (robust and privacy-preserving proximity tracing protocol).
And although the French government has promised adoption of the app will be voluntary and involve anonymised data, the document reveals there would be ways to “re-identify users or to infer their contact graphs” if desired. “It’s a misnomer to call it a privacy-preserving protocol,” said University of Oxford computer scientist Prof. Max van Kleek, who prefers the Apple-Google design.
“It does preserve privacy between users but not between the user and the government.” And that leads to the risk that the government later repurposes the system to make sure that people obey quarantine or other kinds of things the state might want to know.” The problem for Inria – and other countries developing their own contact-tracing apps – is Apple currently will not allow Bluetooth-based track-and-tracing to be carried out in the background.
So to work, the apps would have to remain active and on screen, limiting what else owners could do with their handsets and taking an extra toll on battery life. The developers of Singapore’s TraceTogether app attempted to get round this problem by offering a Power Save mode, which dims the display. But users have still complained of being unable to make calls or use other apps at the same time and having accidentally bumped the app into the background when their handset was in their pocket.
And this has discouraged people from using it. “We’re asking Apple to lift the technical hurdle to allow us to develop a sovereign European health solution that will be tied to our health system,” France’s Digital Minister, Cedric O, told Bloomberg.