To me, the most interesting piece of the puzzle is how much trust we place in the phone operating system vs. the app, and the role of the phone's operating system in protecting your privacy *from apps*.
reuters.com/article/us-hea…
- phones broadcast identifiers over Bluetooth, rotated every 15 min, not linkable to one another.
- phones read broadcasts from others, recording which identifiers they've come in contact with.
- there's a server, run by a health department.
- Apple+Google: server learns only identifiers of infected. Germany+France: server learns all identifiers & identifier pairs where exposure.
- Germany+France: exposed people learn only that they've been exposed. Apple+Google: exposed learn when & where.
I much prefer Apple+Google, especially because they mitigate the infected-individual privacy risk at API level.
In an API update 2 days ago, Google+Apple added that capability to their API without changing privacy model.
This is where it's worth understanding that Apple especially, but also Google, have done a LOT to protect your privacy from apps that want to do questionable things.
At the API level, however, the exact time of the encounter is hidden. On purpose.
It genuinely reflects the very different trust users place in Apple/Google vs. an app they just downloaded.
They pushed back. And won.
The API/protocol separation, though, is Apple+Google's. And it's a critical piece of the puzzle.