Contact Tracing: Why Corona Apps Are Complicated
Clara Schneidewind, from the Security and Privacy research unit, explains the challenges of programming a contact tracing app.
The idea sounds simple: Almost everyone carries a smartphone around with them today. If all smartphones constantly register which other smartphones in their vicinity, then when a newly diagnosed COVID-19 disease is detected, all people who have been in contact with the diseased person recently can be automatically warned. However, the matter is a bit more complicated: At present, there are intensive discussions worldwide about different technical solutions—data protection plays just as important a role as protection against the coronavirus. Clara Schneidewind from our research unit Security and Privacy has looked at the security aspects of such contact tracing apps.
Centralized or decentralized?
“If contact tracing is really to work, it has to be operated internationally,” says Clara Schneidewind. “That is why the European consortium PEPP-PT was founded. It is not intended to develop a single app, but to agree on a common interface so that different apps can interact with each other.” When developing such interfaces, a crucial fundamental decision must be made: Should we take a centralized approach, where the essential data is stored on a server, or is a decentralized approach better, where as little data as possible is collected centrally? “With the centralized approach, each user is given an ID on the server. Also, the server repeatedly assigns randomly generated, temporary pseudonyms to the user,” explains Clara Schneidewind. “These pseudonyms are exchanged between smartphones.” If someone tests positive for COVID-19, then all temporary pseudonyms with which contact was registered recently are uploaded to the server. There you can look up which persons belong to these pseudonyms, and these persons will be explicitly notified. With the decentralized approach, the server does not distribute pseudonyms; they are generated locally on the user’s smartphone. If you test positive, you upload all self-generated pseudonyms you have used recently to a server. Other users can then regularly load the list of pseudonyms of infected persons from the server and then check their contact list to see if they have had contact with one of these pseudonym codes.
Risks and Side Effects
“It is not easy to tell which variant is better. Ultimately, it is always a question of weighing functionality and privacy. I assess that privacy is much better preserved with the decentralized approach,” says Clara Schneidewind. “With a decentralized architecture, information about non-infected people is never delivered to the server, and there is no central location to learn about interactions between users.” However, there is also a positive aspect when data is collected: For epidemiological research, it would be helpful to be able to analyze realistic contact networks. “The more data is disclosed, the more can be deduced from it - for better or worse,” says Clara. “That is why there are already considerations about voluntary data donations: You can deliberately make certain information available - not for state-controlled servers, but selected research institutions, for example.”
Support from Google and Apple
One of the big problems in developing contact tracing apps is that you have to get the big software giants Google and Apple on board. “The Stopp Corona App of the Austrian Red Cross was one of the first Contact Tracing Apps in Europe. However, it had to struggle with a major technical challenge,” explains Schneidewind. “This app executes a complicated protocol, the so-called handshake, in case of contact. The smartphone operating systems of Google and Apple, however, does not allow this handshake to run automatically in the background. You have to confirm the handshake explicitly. This makes the app a bit cumbersome.” With simpler protocols, such as those now being proposed by European consortia, things will be a bit simpler. However, there is still the problem that the app should ideally run permanently in the background - even when it is not open. “Especially in the case of iOS, the Apple operating system, this would require special approval for contact tracing apps. If Google and Apple were to make things easier here on their initiative, the development of contact tracing apps could be made considerably easier. Fortunately, the two companies are already working on this”.
For more information check out Clara’s blog post.