Apple iPhone Contact Tracking: How It Was Done


Singapore’s new contact tracking application, TraceTogether, which is used as a preventive measure against the Covid-19 coronavirus in the city-state.

Catherine Lai | AFP via Getty Images

One of the most ambitious projects in Apple’s history was launched in less than a month and was carried out by only a handful of employees.

In mid-March, with the release of Covid-19 in almost every country in the world, a small team from Apple began to think about how it could help. They knew that smartphones would be the key to the global response to coronaviruses, particularly when countries began to ease their orders for shelters on the spot. To prepare for this, governments and private companies were building so-called “contact tracing” applications to monitor citizens’ movements and determine if they had come into contact with someone infected with the virus.

Within weeks, the Apple project – named “Bubble” – had dozens of employees working on it with the support of senior executives from two sponsors: Craig Federighi, executive vice president of software engineering, and Jeff Williams, chief of the operation of the company and de facto head of health care. By the end of the month, Google had officially entered on board, and about a week later, the two company CEOs, Tim Cook and Sundar Pichai, met virtually to give their final vote of approval for the project.

This speed of development was very unusual for Apple, a company obsessed with the perfection of its products before releasing them to the world. The Bubble project also required that Apple partner with its historic rival, Google, to jointly develop a technology that could be used by health authorities in countries around the world.

The software, to which Apple and Google now refer by the softer-sounding term “exposure notification” instead of “contact search”, is expected to be released on May 1. In recent weeks, employees have worked nights and weekends to incorporate external feedback. Companies still have their critics, but transparency has helped them win unlikely supporters, including in countries like Germany where officials were initially reluctant to work with Big Tech.

CNBC interviewed five people familiar with the project to find out how it went, from the earliest incarnations to the present day. The insiders refused to be named because they were not allowed by their companies to speak openly about the project.

Two approaches: Bluetooth vs GPS

Edouard Bugnion, Swiss IT architect

Edouard Bugnion

Traditional contact tracing has been used for years to slow the spread of pandemics. It starts when public health hears about an infected person and checks with them to find out where they have been and who they may have come into contact with. A health official will then find these people and offer them to be screened or socially isolated.

Personal technology such as cell phones can be used to facilitate the search for digital contacts. A phone has different technologies that can be used to locate where a user is and what other phones have approached, without having to remember exactly where he was and who was nearby.

As the coronavirus pandemic took off, authorities turned to digital contact tracing as a possible way to track and slow the spread of the disease without having to hire a large number of human tracers.

Some early contact tracing applications like Trace Together in Singapore have used a phone’s Bluetooth signal, which has a range of about 30 feet, to find out when two phones are close to each other. Strong signals suggest that two people are very close, while the weak signals suggest that they are too far apart for potential exposure (although experts like Ashkan Soltani, former technical director of the Federal Trade Commission warned that this was by no means a perfect system).

If a person were identified with a coronavirus, they could let the Singaporean Ministry of Health consult the data in the application and inform other people who had recently approached them.

But there was a big problem with usability.

On an iPhone, the application had to be running in the foreground all the time, or it stopped working. That meant the phones had to stay unlocked – a nightmare scenario if stolen – and quickly burn down battery life. Critics of the Apple App Store for Trace Together included complaints from users that the app prevented them from receiving notifications while on the go.

The alternative was to use GPS, which countries like China and South Korea had already used to track the exposure. But apps that track location are of immediate concern to privacy advocates. A human rights group has gone so far as to describe localization applications in China as “automated tyranny.”

Involve Apple

On March 21, a Swiss engineering professor Edouard Bugnion contacted the Apple developer relations team to express some of these concerns. Bugnion, the founding CTO of VMWare, then recognized that digital contact tracking applications would need help from Apple to function properly and maintain user privacy.

He was not the only one. Within a day or two, these issues were brought to the attention of Apple’s Myoung Cha, who is responsible for the business side of the company’s growing health care team. Cha, a senior strategist in the company’s health care division, reports to the company’s chief operating officer, Jeff Williams.

Cha and a small team from Apple were already exploring methods of using smartphones to track contacts. The first team included Ron Huang, who heads the Apple location services group, and Dr. Guy “Bud” Tribble, a veteran vice president of Apple software, internally known as the “Privacy Czar”. Tribble, who is also a doctor, is known outside of Apple for speaking out in favor of federal privacy law, noting in a Senate hearing that in 2018 privacy should be a right of the man.

Huang agreed to loop with a group of engineers who were willing to volunteer their time for the project. They included some of the company’s in-house cryptography experts, Yannick Sierra and Frederic Jacobs (Jacobs was credited for helping create the secure Signal messaging app). The team began researching some of the electronic contact tracing protocols already underway at the Massachusetts Institute of Techology and EPFL, a reputable research university in Switzerland.

Their idea would be to use Bluetooth to track the proximity of phones without detailed location data, like the Singapore app – but in a way that wouldn’t require the apps to run all the time.

Apple employees have also favored decentralized approaches. The idea was that a phone belonging to a user who had tested positive would send anonymous alerts directly to other phones in their vicinity, instead of downloading all of this information to a government or other authority. central. This would prevent governments from creating a database containing detailed information on location or proximity.

The Apple team also believed that any system should be “opt-in”, where the individual gives consent to share information with other phones.

Cha shared this thought on a call with Bugnion on April 6. “It was very clear to me from day one that Apple wanted to ensure the highest level of privacy,” said Bugnion.

The team knew they had to do it quickly. At that time, public health officials in many countries were taking contact tracing very seriously to help end the blockages quickly and safely.

A group of researchers from the University of Oxford had already seen promising results in a first study: “Our models show that we can stop the epidemic if approximately 60% of the population uses the application, and even with a number lower than users of the application, we estimate the reduction in the number of coronavirus cases and deaths, “noted Christophe Fraser, lead author of the latest report from the Department of Medicine at Oxford Nuffield University.

Bring in Google

Dave Burke, vice president of engineering at Google, talks about the new Google Nexus 6P at an event on Tuesday September 29, 2015 in San Francisco.

Tony Avelar | AP

Google employees were pondering similar ideas.

Key employees taking the lead on Google’s side included Yul Kwon, a senior director of the company and a former assistant privacy director at Facebook (by the way, Kwon is well known outside of Google as the winner from the 2006 show “Survivor: Cook Islands.”) Ronald Ho, senior product manager, who works on Bluetooth and connectivity efforts, was also heavily involved from the start. Google had its own code name for the project, separate from Apple: “Apollo”.

Finally, the team presented their ideas to Google’s vice president of Android, Dave Burke, who shared them via Apple’s Cha.

It was not a given that the two companies, which have a long history of fierce competition in smartphones, would cooperate. Apple co-founder Steve Jobs believed that Android was designed to mimic Apple’s iOS, and the two companies fought hard before settling their differences in 2014. Although they coexist more peacefully now, they are still tough rivals, with the two dominant smartphone platforms in the world.

But in this case, they knew they had to meet. An exposure notification system had to be interoperable, otherwise there would be huge gaps in coverage.

The two companies were unable to formally announce their intention to work together until they received the green light from their CEOs. Apple CEO Tim Cook and Alphabet CEO Sundar Pichai looked into a virtual meeting days before the official announcement on April 10.

“Tracking contacts can help slow the spread of COVID-19 and can be done without compromising user privacy, “Apple CEO Tim Cook triumphantly tweeted to announce the initiative.

The position of confidentiality

The common solution is not an application. Instead, companies have released an application programming interface – API – which is a set of specifications that public health organizations can use to build their own contact finder applications.

Here’s how it works. Once Bluetooth is enabled and the user is enabled, the phone sends anonymous small beeps that other phones can listen to. Critically, Apple’s API means that the app can continue to send those tweaks even if it’s not running in the foreground at the time.

To ensure user privacy, companies have drawn ideas from various open source efforts such as MIT PACT and DP-3T in Europe. Burke of Google acknowledged that his team was specifically inspired by the work of the DP-3T, nothing that he said “gives the best aspects preserving the confidentiality of the contact tracking service”.

A specific example inspired by the DP-3T is the idea of ​​using rotary codes, which implies that applications broadcast a cryptographic key that changes randomly, while monitoring other nearby phones. Once the user reports a Covid-19 diagnostic, the application downloads the cryptographic keys that were used to generate the codes for the past few weeks to a server. Everyone’s application downloads these keys and searches for a match with one of the stored codes. If found, the app will notify users that they may have been exposed.

This allows the app to notify people who may have been exposed, without having to know their identity – or to allow those identities to be stored and tracked by a central authority.

“We are developing an application and a system that could be deployed in Europe and around the world,” said Carmela Truncoso, privacy researcher at EPFL and one of the main developers of DP-3T. “It’s a lot of people. And we owe it to them to be transparent. “

Companies are making it increasingly clear to the outside world that their API is not a form of automated contact tracing that must be relied upon completely. Instead, it is intended to support humans working in public health services. Some countries are already participating, including Germany, Estonia, Singapore and Switzerland. Others, such as the UK and France, are still considering a more centralized approach. In the United States, states are still largely adopting their own approaches.

In the future, there are still major question marks about the potential for fraud and abuse. And companies will need to determine how they plan to control the applications embedded in these APIs to ensure that these developers do not exploit any privacy vulnerabilities.

But Marcel Salathé, a prominent Swiss researcher and epidemiologist, noted last week on Twitter that he was surprised to see two tech companies take privacy so seriously, while some governments are advocating more intrusive approaches.

“I made some correct predictions about Covid,” he tweeted. “But I wouldn’t have predicted that in 100 years: US tech companies are providing a privacy-friendly framework for tracing digital contacts, and some European countries are pushing to lower standards. “


Please enter your comment!
Please enter your name here