Get all the latest news on coronavirus and more delivered daily to your inbox. Sign up here.
The two tech giants announced stronger privacy protections and features to make app-building easier for public health organizations after receiving feedback from key global stakeholders, the companies said in a press release.
The apps that use Apple and Google software are expected to notify people who may have been in contact with those who have been infected with COVID-19.
"It’s worth noting that our principles and privacy assurances remain as strong as ever, and the protections for users have only increased as a result of these updates," Apple and Google said in a joint announcement. "... We view our role as developing technology that assists with these efforts that public health authorities are undertaking."
Changes to privacy protections include randomly generated keys instead of derived from a temporary tracing key, which will help prevent bad actors from tracking app users.
Bluetooth metadata will now be encrypted, which means neither Apple nor Google nor any outside bad actors will be able to identify a specific person by associating Bluetooth transmit power with a specific phone. The Apple-Google software relies on Bluetooth data to trace people who have been potentially exposed to COVID-19.
Additionally, Apple and Google have limited the maximum exposure time reported at 30 minutes, meaning when users are prompted to share their potential virus exposure time, an app will record that exposure time in five-minute intervals for up to 30 minutes. Apps using the Apple-Google software will consider contact between users of more than five minutes potentially dangerous.
Apple and Google have also made it easier for health authorities to develop these contact-tracing apps in several ways.
The companies' software will now include information about Bluetooth signal power when data is exchanged between phones using a contact-tracing app to better estimate the distance between those devices. They are also allowing developers to specify signal strengths and exposure duration thresholds to "help public health authorities individually define what constitutes an exposure event," the tech firms said.
Additionally, Apple and Google are updating their software to estimate the number of days since a user's last potential exposure to the virus and adapting a more widely used encryption algorithm called AES to prevent phone activity from slowing while people use the app.
The companies added in their joint announcement that they will continue to release updates as they receive more feedback. In a joint April 10 statement, they said user privacy and security are baked into the design of their contact-tracing plan.
Russia, China, South Korea and a number of European counties have deployed the use of contact-tracing apps.
In Russia and China, for example, people are required to use apps or electric passes that indicate whether they have tested positive or negative for COVID-19 if they want to use public transportation or take part in public activities. Law enforcement has taken an active role in both countries to ensure people are using the apps correctly.