Tech giants Apple and Google in April; collaborated to develop a COVID-19 monitoring solution. This solution automatically uses people’s own smartphones to track proximity to other phones and alerts users if someone nearby has a confirmed diagnosis.
However, in this project, a problem was discovered that could fuel fears about Apple and Google phones, which automatically track a person’s proximity to others.
Serge Vaudenay (EPFL) and Martin Vuagnoux (base23) posted a video on Vimeo.
The creators of the video discovered that the Bluetooth LE-based system leaves little data that can be used to track someone’s movements and potentially identify them.
“In this way, these applications can continuously monitor the user of the SwissCovid application. This shouldn’t be more than 15 minutes. ”
When they first discovered the problem in the SwissCovid app, they confirmed that this is working with other apps built using the Apple / Google framework. With SwissCovid, the attack worked on five of the eight compatible phones they tested.
The SwissCovid app is open source, but the Google Apple Exposure Notification (GAEN) framework behind it and many other such apps are closed source and outsiders have no way of fixing it. In the video, even though Apple and Google have released an unfinished snippet of code for the framework, it means that it’s not really an open source project, meaning that the community can’t control the code and address potential concerns like this.
Some developers have tried using blockchain to secure COVID-19 symptom monitoring applications. There are smaller-scale apps like CoronaTracker made to try and assist users, and California lawmakers have proposed a statewide blockchain-focused monitoring system.
However, both the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) opposed a blockchain-based system, citing potential privacy issues. “In short, this bill is a blockchain solution and COVID-19 is a problem that cannot be solved so easily,” said Adam Schwartz, EFF senior personnel lawyer, in August.