How does the app work?
The Pennsylvania and Delaware apps use a Bluetooth platform from Apple and Google that sends out random strings of numbers, called chirps, that other smartphones with the app can hear and record. Those numbers change every 10 to 20 minutes.
If someone tests positive, the app on that person’s phone can upload all the random numbers the phone has sent out to other phones in the past 14 days. Another person with the app can download that list of numbers, and that person’s phone can match the list against the numbers it has come into contact with. Because the matching is done on the user’s phone, not a government database, only the user knows if the phone has matched with another one.
If there’s a match showing you have been in close contact with someone who tested positive, you can choose to get tested. If you get a positive result, you can put that into the app to alert the other app users you have been close to. Close contact means being within 6 feet of another phone for at least 15 minutes.
By design, all those steps require someone using the app to actively do something, said Marc Zissman, who worked on the app. He’s the associate head of the cybersecurity and information sciences division at the Lincoln Laboratory at MIT.
“Let’s look at how private that is,” Zissman said. “I was a sick person, what did I do? I uploaded all the chirps that I sent over the past two weeks, but those chirps, they had nothing about me in them.
“You, as the person who is the contact, all you did was you downloaded all those chirps and you compared them to find that you were close to somebody who was sick. It didn’t tell you it was me that you were close to, it just told you that, ‘Hey, you’ve been near somebody who was sick.’
“It’s up to you whether or not you even want to call your public health authority and let them know you have gotten one of these warnings or not,” he said. “I suppose you can just quarantine yourself for two weeks … it would be better if you let the public health authority know, but you don’t have to do that.”
Zissman said the team behind the app chose to focus on privacy because they wanted a system that could work in other countries.
“Not every country is a liberal democracy … we wanted to be sure that it protected the privacy of people around the world, not just in places where we have a good Bill of Rights.”
He added that the source code for the app, from the Irish developer NearForm, is available online, so people can see exactly what it does.