On May 4, additional information was uploaded regarding location tracking and limitations on the number of apps that can use the Apple and Google systems. This article was originally published on April 30.

The smartphone-based contact tracking systems being developed by Apple and Google pose considerable privacy risks, the Electronic Frontier Foundation (EFF) said in a report last week.

Law enforcement agencies could use the system to uncover meetings between criminal suspects, the EFF said. Criminals themselves might pull temporary bluetooth identification tokens out of the air and use them to create a record of people's movements.

EFF also said that mischievous criminals and crooks could massively re-broadcast these temporary identities, undermining the entire contact tracking system with a flood of misleading data. EFF then called for a "sunset" of this system once the coronavirus crisis is over, as Google and Apple have promised. [EFF staffers Bennett Cyphers and Gennie Gebhart wrote in their report that "apps built on top of Apple and Google's new systems will not be a 'magic bullet' technological solution to the shelter's current situation."

"Its effectiveness will depend on a number of trade-offs and sufficient trust for widespread public adoption. Inadequate privacy protections would diminish that trust and undermine the effectiveness of the app.

To be fair, Apple and Google's contact tracking systems were designed with privacy in mind. These temporary Bluetooth IDs, known as rolling proximity identifiers (RPIDs), are changed several times an hour to minimize the possibility of tracking; the RPIDs are stored only on the phone itself.

Users must first opt-in to the system, and then, if (and only if) they test positive for coronavirus, they must opt-in to data being shared in the form of a "diagnostic key."

The diagnostic key can be used to generate RPIDs that have been used in the past, and other users can check those shared RPIDs to see if they had a close encounter with someone who recently tested positive.

Google and Apple are not developing apps that can use this system. Instead, they are releasing application program interfaces (APIs) for third parties to use the system and make it accessible to the general public; EFF has linked to a half-dozen apps already in development that will use their APIs.

Of course, you can bypass the entire system by turning off Bluetooth on your phone or having an older phone that cannot use the latest Bluetooth Low Energy (BLE) protocol.

In this light, some may find the tone of the EFF report an unnecessary bother, especially since the Google and Apple systems have not been finalized and the apps that can use this system are not fully developed. However, the EFF report makes several good points.

First, since the RPID is not identified as originating from a specific device, one could record an RPID from someone else's cell phone and replay it later to confuse things.

This is definitely a feature, not a bug, as it means that a particular RPID cannot be easily traced to a specific device. However, anonymized systems can be "de-anonymized" if sufficient data is available.

EFF imagines someone placing Bluetooth receivers at fixed points in public spaces, like tracking "beacons" in shopping malls, to harvest RPIDs from passing cell phones. [29] [30] The collected RPIDs could then be matched with publicly available diagnostic keys uploaded to Contact Tracing's central database by people who tested positive for the coronavirus to obtain a map of the movements of the many people who are infected, EFF notes.

A fairly small map of an individual cell phone's daily life can easily identify where its users live and, in many cases, the users themselves.

EFF doesn't mention it, but if public places are not so crowded and it is easy to pick out individual devices, we could correlate RPID movements with the usual Bluetooth and Wi-Fi identifiers that cell phones normally broadcast, aka MAC address movements It would also be possible to do this. It could also use the ad IDs used by the smartphone. Many ad IDs send location information to advertisers.

Second, contact tracking systems can be used by police to prove that two or more suspects have met each other, the EFF said.

Law enforcement needs access to each suspect's cell phone. But the contact tracking system on each device would, in theory, have a log of every RPID it has encountered for the previous two weeks. One imagines that divorce attorneys might also want access to such data to establish evidence of adultery.

Third, if a malicious app gains access to the contact tracing system (which is very likely since the API is public), it could steal the data and upload it to a central server controlled by a criminal or intelligence agency.

Once enough stolen contact tracing data is obtained from a sufficient number of cell phones, there is no need at all to place Bluetooth beacons in public places or to search individual devices.

According to the EFF report, the entire system relies on trust. That is, trust that the underlying Apple/Google system is robust and impervious to attack, trust that the apps being developed to use the system are secure and private, and trust that criminals, police, and ordinary users will not abuse the system.

"There is so much that can go wrong and so much at stake that we cannot afford to create hasty and sloppy software," the report says.

Reuters reported on May 4 that apps that use Apple and Google's contact tracing APIs would not be able to use phone location data, apparently from FAQs posted online by Apple.

Reuters identified it as referring to GPS-based location information, but said Apple's documentation suggests that it is all location tracking, and that tracking via cell towers or Wi-Fi networks is also prohibited.

The Reuters article also states that the API can only be used by one app in each country. The FAQ posted by Apple could not find that information, but the FAQ states that apps will be developed by the public health authorities in each region.

The implication there is that private apps developed without the participation of public health authorities will not be allowed to use Google and Apple APIs.

.