Google and Apple are going to adjust their API for corona apps to better protect the data of users. The companies are changing the encryption algorithm and the way IDs are generated. Ways are also added to measure the distance between two devices.
Google and Apple are making the changes to the API they announced two weeks ago . The changes are made to make it easier for other parties to integrate them into their apps. New features are also being added, and security is being improved.
One of the changes is that the keys in the app are generated differently. The initial plan was to generate an ID key from a private key on the device. That is now being changed. The key is now randomly generated.
Google and Apple are also going to encrypt the metadata around the Bluetooth signal. This concerns, for example, the type of telephone. There is also a limit on the time when apps can request Bluetooth information. This will soon be possible in five-minute intervals, with a maximum of half an hour. The companies are also changing the encryption standard. In the old api that was hmac, but that becomes aes. The companies say that improves the speed of the api.
In addition, there will be an important new function for the api. The signal strength of the bluetooth connections is added to it. This is done by means of the Received Signal Strength Indication or RSSI protocol. In this way, the apps can estimate the distance from which two users have come together. App makers can also process this in their applications, for example by having the app only send a warning when contact is made from a certain time and distance. “This will help health authorities better define what an exposure event is,” said an Apple spokesperson.
The possibility of clarifying the definition of contamination risk was a major lack in the first proposal for the api. In the initial plan, only the range of the bluetooth signal could be taken as a starting point. Finally, app builders can also determine the number of days from the moment of contamination. “That way, health organizations can determine what actions a user should take next.”
Apple and Google have been working on the API for two weeks. Health organizations can let their contact tracing apps use it. This increases the scope of the research. The API also solves a major problem on iOS. Apps that want to use BlueTooth can normally only do that when the screen is on. This makes contact tracing research difficult for third parties.