After releasing a new beta of iOS 13.5 last week, Apple today has provided new information on its Exposure Notification API for COVID-19. The company continues to underscore the privacy-first design of this API and is releasing new resources to public health authority developers.
Apple and Google say that the new resources are designed to help public health authority developers build their exposure notification applications. This includes design concepts of onboarding in Exposure Notification API applications, as well as concepts of positive test results consent interfaces and exposure notifications themselves.
In addition to the design concepts, Apple and Google are also releasing sample app code, which can be used in the development of contact tracing applications. The sample code aims to show developers the best practices for building their own exposure notification applications.
In the screenshots, public health authority developers can see how to best welcome users to their exposure notifications applications. This includes context on the purpose of the application and the process of allowing users to manually opt-in to exposure logging and notifications.
From there, the screenshots show the process of having a user report a positive result of COVID-19. These screenshots show public health authority developers how to walk users through the process of reporting that they tested positive for coronavirus, including a unique test identifier. The screens could explain why someone might want to share their result.
The third set of screenshots shows sending the actual exposure notification to someone who interacted with someone else who tested positive. This could include a breakdown of exposures over the last 14 days and even details on the length of the exposure.
Finally, screenshots show how users will be able to manage exposure notifications in their system settings. In last week’s beta of iOS 13.5, there is a new toggle in the Settings app that manages COVID-19 exposure notifications. Apple representatives emphasize that in addition to this toggle, users will have to choose explicitly to enable the feature in the public health authority application. The system is completely opt-in.
Apple and Google emphasize that much of the control is in the hands of the public health authorities themselves. Apple and Google are providing the Exposure Notification API, and developers can adjust the details as-needed while preserving the privacy and requirements of the API.
Apple continues to emphasize that this technology can only be created by or for public health authorities, and can only be used for COVID-19 purposes. In line with this, the applications developed must require user consent before enabling the Exposure Notification API. The applications must also require that users consent before sharing that they tested positive.
Privacy is a tentpole of the Exposure Notification API. The applications developed by public health authorities will not be able to use the Location Services framework. Apple representatives say that applications should collect as little data as possible, and location data is not needed for this Bluetooth-based approach. Unsurprisingly, the companies say targeted advertising will not be allowed in these applications.
The companies are also taking steps to prevent fragmentation. For this reason, the use of the Exposure Notification API will be limited to one app per country. The idea, according to Apple and Google representatives, that this will promote high adoption rates among users. That being said, Apple and Google are also able to support countries if they decide to take a more regional, such as state-by-state.
Apple and Google also note that they will continue to release updates to their software and SDK. Apple released new betas of iOS 13.5 and Xcode 11.5 last week containing the groundwork for the Exposure Notification API, and the updates are expected to continue.
Apple and Google say the API will be available to all public health authority developers by mid-May. In the long-term, the companies say they are still exploring the possibility of allowing health authorities to send exposure notifications without requiring an app.
Apple and Google are continuing to publish resources for privacy-preserving contact tracing. You can find the details, with revision history, here. The sample code is available on Apple’s developer website.
- Other applications for contact tracing will be allowed in the App Stores; they can adopt Apple and Google’s API, but they must remove all Location Services features and adopt the privacy frameworks of the Apple and Google API
- Applications can specify and update matching criteria as time progresses, based on findings
- No news to announce yet on whether Apple will promote these applications, such as in the App Stores
- Apple continues to be open to guidance from public health authorities on best practices
- API includes a minimum of 5 minutes interaction for it to be considered a match