Italy and Latvia Launch Apps That Use Apple's Exposure Notification API

[MacRumors]

European countries have begun to roll out COVID-19 contact tracing apps that take advantage of the Exposure Notification API designed by Apple and Google, with Italy and Latvia both launching new apps over the course of the last few days.

As noted by MacStories' Federico Vittici, Italy today released Immuni, a privacy-focused contact tracing app that's designed to alert users if they've been exposed to COVID-19 through the Exposure Notification API.

https://twitter.com/i/web/status/1267515127210872841

The app requires express user consent to operate, letting users know that it uses Bluetooth Low Energy to log random ID contact with other users, with date, duration, and signal strength of an exposure shared with the app.

Latvia last week also released Apturi, its own privacy-forward contact tracing app that also takes advantage of the Apple/Google Exposure Notification API.

It is based on a methodology developed by European scientists, including those from Latvia, and the new Bluetooth signal exchange algorithm developed by Google and Apple. Using it is voluntary. The app uses Bluetooth to anonymously detect nearby smartphones (within ~2 m proximity, present for longer than 15 minutes) that also have this app installed. This information is only kept on user's device, and automatically deleted after 14 days.

SPKC gets in touch with those individuals who have been confirmed to be a COVID-19 case - regardless of whether they use the app or not. SPKC receives this information from health institutions, not from the app. If the patient uses this app, SPKC will send them a code. When entered in the app, an anonymous notification will be sent to detected contacts that have been at risk to be infected. Sender's identity is not disclosed to recipients. Likewise, the infected individual does not know who the recipients are.

Latvia and Italy are the second and third countries, respectively, to introduce an app that uses Apple's API. Early last week, Switzerland released its "SwissCovid" app for members of the Swiss army, hospital workers, and civil servants. After testing, Switzerland is planning a wider rollout.

Apple released the Exposure Notification API as part of iOS 13.5. When it was released, Apple said that several U.S. states and 22 countries had requested and received access to the API, with more expected to join.

In the United States, there are no apps that use the Exposure Notification API at this time, but Alabama, South Carolina, and North Dakota have apps in the works that may soon see a release. It is not clear if other states will be on board, as some, such as Utah, have developed their own less private solution.

The Exposure Notification feature in iOS 13.5 is disabled by default and doesn't work without an app created by a public health authority and explicit user permission. The API is privacy-focused and collects no personally identifiable data or location information, with additional details available in our Exposure Notification guide.

Article Link: Italy and Latvia Launch Apps That Use Apple's Exposure Notification API

 

[682904]

Selling privacy for free to the Governments.

 

[recoil80]

The source code of the Italian app can be found here on GitHub https://github.com/immuni-app/immuni-app-ios

 

[Sandstorm]

I'm from Latvia and I'm very happy how successfully our government (and society in general) has reacted to this pandemic. Early action, support and trust in scientists, no stupid protests or riots - and we are literally down to zero new cases since yesterday. And we've been gradually reopening for some time already (cautiously monitoring situation, of course).

The app "Apturi Covid" ("Stop Covid") also looks good, installed day one. I have zero problems to trust this Apple/Google based temporary solution and, frankly, I trust our government too.

Facing Pandemic, Latvia Follows the Lead of Its Experts

The country has taken a unified, middle-of-the-road approach to the coronavirus, rooted in respect for science. It’s working.

foreignpolicy.com

No new cases of COVID-19 confirmed in Latvia

Latvia recorded no more cases of COVID-19 on June 1, the total number being 1066 on Monday.

eng.lsm.lv

 

[centauratlas]

The source code of the Italian app can be found here on GitHub https://github.com/immuni-app/immuni-app-ios

This is key for a number of reasons, including (1) verifying it does what it says it does, (2) improving it, (3) finding bugs, and (4) applying it in other countries.

 

[Secondempire]

Downloaded the Italian app. No dark mode. Deleted.

(I don't live in Italy)

 

[djcerla]

As far as I know, Immuni (the Italian app) was initially not based on Google/Apple's API.

Glad to see sanity prevailing.
[automerge]1591041774[/automerge]

Downloaded the Italian app. No dark mode. Deleted.

You may prefer the intubation room, which is darker.

 

[nutmac]

Selling privacy for free to the Governments.

Can you cite an example or explain how one's privacy is affected by using Exposure Notification API?

 

[TheOldChevy]

Maybe I missed where it was indicated, but will these applications be able to interact ? Can I know if I met a positive person when I travel in Italy if I have the Swiss application ? I understand it is decentralised, so could it work beyond the borders ?

 

[User 6502]

Selling privacy for free to the Governments.

I think it’s time to remove your aluminium foil hat. Exposure notification api is very privacy focused, the government can’t get any data from it. And if you don’t believe it you can always read the code on GitHub… assuming you can read code.

 

[Bandit27]

So what is to stop some nefarious (teenagers) to download the app, put their status as positive, and go walk around as many malls / streets / other populated areas to send a whole bunch of false positive contacts? That sounds like something my friends definitely would have done when we were teenagers.

 

[TheOldChevy]

So what is to stop some nefarious (teenagers) to download the app, put their status as positive, and go walk around as many malls / streets / other populated areas to send a whole bunch of false positive contacts? That sounds like something my friends definitely would have done when we were teenagers.

You need a specific code, available to medical personal only, to record a positive.

 

[Rigby]

Maybe I missed where it was indicated, but will these applications be able to interact ? Can I know if I met a positive person when I travel in Italy if I have the Swiss application ? I understand it is decentralised, so could it work beyond the borders ?

On the device level yes (since it's the same message format everywhere, as defined by Apple and Google), but every country has its own process and database for collecting the random IDs of confirmed infected persons. So the actual exposure notifications will not work across countries. However, the EU has been pushing for a unified system in Europe, so that may still happen in the future.

 

[gnasher729]

So what is to stop some nefarious (teenagers) to download the app, put their status as positive, and go walk around as many malls / streets / other populated areas to send a whole bunch of false positive contacts? That sounds like something my friends definitely would have done when we were teenagers.

Were you’re friends _really_ that stupid? But just read the description of the Italian app. You can’t put in your status as positive unless you have a positive test.

Next time my company hires a developer I’ll ask that as an interview question. Anyone taking more than one minute for a good answer fails.

 

[Tech198]

Some counteries just 'dare' to be different.. It may not be bad, but it's like entering a race for privacy.

 

[fairuz]

Were you’re friends _really_ that stupid? But just read the description of the Italian app. You can’t put in your status as positive unless you have a positive test.

Next time my company hires a developer I’ll ask that as an interview question. Anyone taking more than one minute for a good answer fails.

The app description doesn't say anything about that, and I'm curious how it works. Do only doctors have the keys to marking someone as testing positive? Who hands out the keys?
[automerge]1591060531[/automerge]

This is key for a number of reasons, including (1) verifying it does what it says it does, (2) improving it, (3) finding bugs, and (4) applying it in other countries.

For #1, it's very cumbersome or sometimes impossible to check this, unfortunately. First step is jailbreaking your iPhone (if you can), second is installing macOS in Parallels for some reason, and it's still a long process from there. https://core.telegram.org/reproducible-builds
[automerge]1591060756[/automerge]

Selling privacy for free to the Governments.

Trolling for pay for the Governments? I can make conspiracy theories too.

 

[recoil80]

So what is to stop some nefarious (teenagers) to download the app, put their status as positive, and go walk around as many malls / streets / other populated areas to send a whole bunch of false positive contacts? That sounds like something my friends definitely would have done when we were teenagers.

You can’t put your status as positive on your own, there is a verification code.
[automerge]1591079356[/automerge]

As far as I know, Immuni (the Italian app) was initially not based on Google/Apple's API.

Glad to see sanity prevailing.

they started working in the app before Google and Apple announced they API and eventually they found out it was better to delete their custom Bluetooth implementation and use the API once available

 

[bsolar]

The app description doesn't say anything about that, and I'm curious how it works. Do only doctors have the keys to marking someone as testing positive? Who hands out the keys?

In Italy it will be responsibility of the Minstry of Health, as officially stated in Art. 6 of the relevant Decree (only in Italian). In practice, health operators will be able to request the key from the relevant ASL (local health office, which in Italy provide the National Health Services for a specific territory).

 

[imdropbear]

For #1, it's very cumbersome or sometimes impossible to check this, unfortunately. First step is jailbreaking your iPhone (if you can), second is installing macOS in Parallels for some reason, and it's still a long process from there. https://core.telegram.org/reproducible-builds

Yes, it is cumbersome but the beauty of it that not everyone needs to do this. Just one person checking it is enough. If they release another build than they say and only a single person checks and finds out, it will come out.

 

[GioMala]

You need a specific code, available to medical personal only, to record a positive.

actually you are asked a code by medical authorities (you can find it in the app), but yeah it’s virtually impossible for users to record false positives.

 

[jonwaltermoceyhanton]

here in the united states
i believe that the app called "citizen" is using contact tracing through something called "safetrace"
the app allowed me enable the feature yesterday for the first time

 

[glowplug]

Downloaded the Italian app. No dark mode. Deleted.

Is this the sort of App you lie in bed staring at?

 

[gnasher729]

Is this the sort of App you lie in bed staring at?

You should if you share your bed with a large number of people. Who all have their mobile phones with them.
[automerge]1591115929[/automerge]

Maybe I missed where it was indicated, but will these applications be able to interact ? Can I know if I met a positive person when I travel in Italy if I have the Swiss application ? I understand it is decentralised, so could it work beyond the borders ?

It might. The problem is that each app downloads a list of codes of "infected" phones each day, and downloading say the Swiss "infected" phones is much less data than all the "infected" phones world wide. Especially if a country gets its numbers of infections really low, then the list would be tiny which saves bandwidth. In that case you wouldn't want your phone to download all the US infected phones, which have probably never come near you. You might be able to download two apps; at least _you_ would then informed if you were near somewhere else in say Italy.

On the other hand, Apple/Google might decide that it isn't _that_ much data and collect infected phones worldwide. Or the could say "Switzerland is small, Austria is small, we combine a few countries into one database". Especially where many people cross borders, like Germany / Netherlands / Belgium / Luxembourg. Or combine all continental Europe. Nobody knows yet.

 

[norsay]

Selling privacy for free to the Governments.

Have you read the concept papers? Do you know what kind of „personal“ data are leaving your local device? Guess you don‘t, based on your statement...

 

[bsolar]

here in the united states
i believe that the app called "citizen" is using contact tracing through something called "safetrace"
the app allowed me enable the feature yesterday for the first time

Note that the "Citizen" app is not backed by an official health authority and does not use Apple's privacy-preserving API. As far as I understand it uploads the tracing data to a central server, meaning that they can have access to it and potentially misuse it, whereas with Apple's API this would be prevented by design.