One of the more unusual and unexpected developments in the fight against the coronavirus pandemic was the partnership between Apple and Google to create a common standard for contact-tracing and exposure-notification apps. The two tech giants set aside their rivalry to create a way for public health officials to build apps that would assist in notifying people who may have been exposed to Covid-19.

Even more unexpected is the fact that many governments are choosing not to use Apple's and Google's tools, and are opting for other apps. Take Utah, for example. The state is bypassing the Bluetooth tracing that Apple and Google have pushed to developers in favor of an app that instead uploads user information, including GPS location data, to a central server.

That is expressly prohibited with the API created under the standard from the iOS and Android makers, which shares encrypted keys using Bluetooth only, and doesn't allow centralized storage of user data. 

One of the reasons is that state health officials, like those in Utah and South Dakota, are looking for digital apps to compliment the very analog process of manual contact tracing. That effort involves armies of workers who interview individuals who test positive, make a list of their whereabouts and contacts, and reach out personally to each of them. 

The technology from the Apple and Google partnership doesn't help with this at all. Instead, it simply provides a notification to anyone who came into proximity with someone who has confirmed with an app that they tested positive. The tech companies even changed the language around the technology to clarify that it was really an "exposure notification" tool, and not for contact tracing. 

The interesting thing is that states are instead opting for apps that are far less protective of privacy. The Healthy Together app, which the state of Utah paid $2.75 million to have developed, and for which it will pay $300,000 per month in maintenance fees, uses both Bluetooth and GPS to track exposure. It will also provide the Utah Department of Health with the name, telephone number, and location of anyone who opts to share that data through the app.

 inline image

Utah says it went ahead with its own solution because Apple's and Google's "gives a less accurate picture" than by capturing GPS data along with personal information. Certainly, public health officials have an interest in using technology to help them prevent the spread of Covid-19. And, while it's tempting to believe that right now there is no bigger problem than fighting a virus, this sort of thinking is a slippery slope. 

The reason is quite simple--once you give up your privacy, even a little, it's very difficult to claw it back. Never mind that it's not exactly unheard of for hackers to try to get access to your personal information.

Utah says the personal information it collects will be available only to public health officials and will be used only "for the purpose of fighting Covid-19." It also says it will be protected by firewalls and encryption, but it doesn't say how or to what extent. 

It's not hard to imagine that ad-hoc apps built by smaller developers that collect your name, location, and phone number are far more likely to be targeted than apps that don't collect any of that delicate information.

Ultimately, the challenge is figuring out how to use technology to fight a public health crisis in a way that protects user privacy. Apple and Google have figured out a way to do that. The fact that states are choosing a different route means that it's up to you to make a fully informed decision based on how their apps treat your data.