- Apple and Google are now referring to "contact tracing" as "exposure notification," which the companies believe better describes the functionality of their upcoming API. The system is intended to notify a person of potential exposure, augmenting broader contact tracing efforts that public health authorities are undertaking.
- Keys will now be randomly generated rather than derived from a temporary tracing key, making it more difficult for someone to guess how the keys are derived and use that information to try and track people.
- Bluetooth metadata will be encrypted, making it more difficult for someone to try and use that information to identify a person.
- Exposure time will be recorded in five minute intervals, with the maximum reported exposure time capped at 30 minutes.
- The API will include information about the power level of the Bluetooth signal in the data that is exchanged between phones. This can be used in conjunction with the RSSI ("Received Signal Strength Indication") to more accurately estimate the distance between two phones when contact was made.
- Apple and Google will allow developers to specify signal strength and duration thresholds for exposure events.
- The API will now allow for determining the number of days since the last exposure event to better determine what actions the user should take next.
- The API's encryption algorithm is switching from HMAC to AES. Many devices have built-in hardware for accelerating AES encryption, so this change should help performance and efficiency on phones.
Readit News
- Keys will now be randomly generated rather than derived from a temporary tracing key, making it more difficult for someone to guess how the keys are derived and use that information to try and track people.
- Bluetooth metadata will be encrypted, making it more difficult for someone to try and use that information to identify a person.
- Exposure time will be recorded in five minute intervals, with the maximum reported exposure time capped at 30 minutes.
- The API will include information about the power level of the Bluetooth signal in the data that is exchanged between phones. This can be used in conjunction with the RSSI ("Received Signal Strength Indication") to more accurately estimate the distance between two phones when contact was made.
- Apple and Google will allow developers to specify signal strength and duration thresholds for exposure events.
- The API will now allow for determining the number of days since the last exposure event to better determine what actions the user should take next.
- The API's encryption algorithm is switching from HMAC to AES. Many devices have built-in hardware for accelerating AES encryption, so this change should help performance and efficiency on phones.