Connect with us

Tech

Apple and Google update joint coronavirus tracing tech to improve user privacy and developer flexibility – TechCrunch

Published

on


Apple and Google have provided a number of updates about the technical details of their joint contact tracing system, which they’re now exclusively referring to as an “exposure notification” technology, since the companies say this is a better way to describe what they’re offering. The system is just one part of a contact tracing system, they note, not the entire thing. Changes include modifications made to the API that the companies say provide stronger privacy protections for individual users, and changes to how the API works that they claim will enable health authorities building apps that make use of it to develop more effective software.

The additional measures being implemented to protect privacy include changing the cryptography mechanism for generating the keys used to trace potential contacts. They’re no longer specifically bound to a 24-hour period, and they’re now randomly generated instead of derived from a so-called “tracing key” that was permanently attached to a device. In theory, with the old system, an advanced enough attack with direct access to the device could potentially be used to figure out how individual rotating keys were generated from the tracing key, though that would be very, very difficult. Apple and Google clarified that it was included for the sake of efficiency originally, but they later realized they didn’t actually need this to ensure the system worked as intended, so they eliminated it altogether.

The new method makes it even more difficult for a would-be bad actor to determine how the keys are derived, and then attempt to use that information to use them to track specific individuals. Apple and Google’s goal is to ensure this system does not link contact tracing information to any individual’s identity (except for the individual’s own use) and this should help further ensure that’s the case.

The companies will now also be encrypting any metadata associated with specific Bluetooth signals, including the strength of signal and other info. This metadata can theoretically be used in sophisticated reverse identification attempts, by comparing the metadata associated with a specific Bluetooth signal with known profiles of Bluetooth radio signal types as broken down by device and device generation. Taken alone, it’s not much of a risk in terms of exposure, but this additional step means it’s even harder to use that as one of a number of vectors for potential identification for malicious use.

It’s worth noting that Google and Apple say this is intended as a fixed length service, and so it has a built-in way to disable the feature at a time to be determined by regional authorities, on a case-by-case basis.

Finally on the privacy front, any apps built using the API will now be provided exposure time in five-minute intervals, with a maximum total exposure time reported of 30 minutes. Rounding these to specific five-minute duration blocks and capping the overall limit across the board helps ensure this info, too, is harder to link to any specific individual when paired with other metadata.

On the developer and health authority side, Apple and Google will now be providing signal strength information in the form of Bluetooth radio power output data, which will provide a more accurate measure of distance between two devices in the case of contact, particularly when used with existing received signal strength info from the corresponding device that the API already provides access to.

Individual developers can also set their own parameters in terms of how strong a signal is and what duration will trigger an exposure event. This is better for public health authorities because it allows them to be specific about what level of contact actually defines a potential contact, as it varies depending on geography in terms of the official guidance from health agencies. Similarly, developers can now determine how many days have passed since an individual contact event, which might alter their guidance to a user (i.e. if it’s already been 14 days, measures would be very different from if it’s been two).

Apple and Google are also changing the encryption algorithm used to AES, from the HMAC system they were previously using. The reason for this switch is that the companies have found that by using AES encryption, which can be accelerated locally using on-board hardware in many mobile devices, the API will be more energy efficiency and have less of a performance impact on smartphones.

As we reported Thursday, Apple and Google also confirmed that they’re aiming to distribute next week the beta seed version of the OS update that will support these devices. On Apple’s side, the update will support any iOS hardware released over the course of the past four years running iOS 13. On the Android side, it would cover around 2 billion devices globally, Android said.

Coronavirus tracing: Platforms versus governments

One key outstanding question is what will happen in the case of governments that choose to use centralized protocols for COVID-19 contact tracing apps, with proximity data uploaded to a central server — rather than opting for a decentralized approach, which Apple and Google are supporting with an API.

In Europe, the two major EU economies, France and Germany, are both developing contact tracing apps based on centralized protocols — the latter planning deep links to labs to support digital notification of COVID-19 test results. The U.K. is also building a tracing app that will reportedly centralize data with the local health authority.

This week Bloomberg reported that the French government is pressuring Apple to remove technical restrictions on Bluetooth access in iOS, with the digital minister, Cedric O, saying in an interview Monday: “We’re asking Apple to lift the technical hurdle to allow us to develop a sovereign European health solution that will be tied our health system.”

While a German-led standardization push around COVID-19 contact tracing apps, called PEPP-PT — that’s so far only given public backing to a centralized protocol, despite claiming it will support both approaches — said last week that it wants to see changes to be made to the Google-Apple API to accommodate centralized protocols.

Asked about this issue an Apple spokesman told us it’s not commenting on the apps/plans of specific countries. But the spokesman pointed back to a position on Bluetooth it set out in an earlier statement with Google — in which the companies write that user privacy and security are “central” to their design.

Judging by the updates to Apple and Google’s technical specifications and API framework, as detailed above, the answer to whether the tech giants will bow to government pressure to support state centralization of proximity social graph data looks to be a strong “no.”

The latest tweaks look intended to reinforce individual privacy and further shrink the ability of outside entities to repurpose the system to track people and/or harvest a map of all their contacts.

The sharpening of the Apple and Google’s nomenclature is also interesting in this regard — with the pair now talking about “exposure notification” rather than “contact tracing” as preferred terminology for the digital intervention. This shift of emphasis suggests they’re keen to avoid any risk of their role being (mis)interpreted as supporting broader state surveillance of citizens’ social graphs, under the guise of a coronavirus response.

Backers of decentralized protocols for COVID-19 contact tracing — such as DP-3T, a key influence for the Apple-Google joint effort that’s being developed by a coalition of European academics — have warned consistently of the risk of surveillance creep if proximity data is pooled on a central server.

Apple and Google’s change of terminology doesn’t bode well for governments with ambitions to build what they’re counter-branding as “sovereign” fixes — aka data grabs that do involve centralizing exposure data. Although whether this means we’re headed for a big standoff between certain governments and Apple over iOS security restrictions — à la Apple vs the FBI — remains to be seen.

Earlier today, Apple and Google’s EU privacy chiefs also took part in a panel discussion organized by a group of European parliamentarians, which specifically considered the question of centralized versus decentralized models for contact tracing.

Asked about supporting centralized models for contact tracing, the tech giants offered a dodge, rather than a clear “no.”

“Our goal is to really provide an API to accelerate applications. We’re not obliging anyone to use it as a solution. It’s a component to help make it easier to build applications,” said Google’s Dave Burke, VP of Android engineering.

“When we build something we have to pick an architecture that works,” he went on. “And it has to work globally, for all countries around the world. And when we did the analysis and looked at different approaches we were very heavily inspired by the DP-3T group and their approach — and that’s what we have adopted as a solution. We think that gives the best privacy preserving aspects of the contacts tracing service. We think it’s also quite rich in epidemiological data that we think can be derived from it. And we also think it’s very flexible in what it could do. [The choice of approach is] really up to every member state — that’s not the part that we’re doing. We’re just operating system providers and we’re trying to provide a thin layer of an API that we think can help accelerate these apps but keep the phone in a secure, private mode of operation.”

“That’s really important for the expectations of users,” Burke added. “They expect the devices to keep their data private and safe. And then they expect their devices to also work well.”

DP-3T’s Michael Veale was also on the panel — busting what he described as some of the “myths” about decentralized contacts tracing versus centralized approaches.

“The [decentralized] system is designed to provide data to epidemiologists to help them refine and improve the risk score — even daily,” he said. “This is totally possible. We can do this using advanced methods. People can even choose to provide additional data if they want to epidemiologists — which is not really required for improving the risk score but might help.”

“Some people think a decentralized model means you can’t have a health authority do that first call [to a person exposed to a risk of infection]. That’s not true. What we don’t do is we don’t tag phone numbers and identities like a centralized model can to the social network. Because that allows misuse,” he added. “All we allow is that at the end of the day the health authority receives a list separate from the network of whose phone number they can call.”

MEP Sophie in ‘t Veld, who organzied the online event, noted at the top of the discussion they had also invited PEPP-PT to join the call but said no one from the coalition had been able to attend the video conference.

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

Apple parts supplier Broadcom says 2020 iPhone launch will be delayed – MobileSyrup

Published

on


While there’s no official statement from Apple regarding a possible delay of the tech giant’s 2020 iPhone, Bloomberg has reported that Broadcom CEO Hock Tan’s comments during the company’s recent quarterly earnings call indicate that the Cupertino, California-based tech giant’s next smartphone will be pushed back by a few weeks.

Apple typically releases its new iPhone in early September. Delaying the 2020 iPhone’s release date by even a few weeks would result in a significant financial impact on Apple and its various parts suppliers.

During the earnings call, Tan referenced that a “large North American mobile phone customer” that normally contributes “double-digit” revenue towards Broadcom’s bottom line is not expected to contribute to an “uptick in revenue until our fourth fiscal quarter.” Tan indicated during the call that Broadcom is still providing parts for the upcoming iPhone, but stated that the timing of the smartphone’s launch is still up in the air.

It’s likely that the ongoing COVID-19 pandemic has caused supply line delays for Apple. The fact that travel has been disrupted and many Apple employees are working from home could also contribute to a delay.

Back in late March, a report from Japanese publication Nikkei stated that Apple could delay the release of the iPhone 12 “by months.” That said, at the time, Bloomberg also reported that the next iPhone was still on track to release this fall.

The iPhone 12 is expected to feature 5G for the first time — which won’t mean much in Canada given the limited availability of the next-generation of network technology — a faster A14 processor and a new 3D camera system similar to the liDAR sensor included in the iPad Pro (2020).

Source: Bloomberg

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

Poll: Clubhouse Games: 51 Worldwide Classics Is Out Today On Switch, Are You Getting It? – Nintendo Life

Published

on


Today sees the latest Nintendo-published title, Clubhouse Games: 51 Worldwide Classics (or 51 Worldwide Games as it’s known in Europe) launching on Switch, so we thought it’d be nice to see just how many of you lovely lot are thinking of picking it up.

As you may be aware, the game is actually a successor to Clubhouse Games (known as 42 All-Time Classics in Europe) on Nintendo DS. This new entry includes 51 games, obviously, as well as a piano for some reason, all of which are listed below.

Clubhouse Games 51

In our review, we highlighted the fact that the new game contains such a wide enough variety of board, card and action games that you’re sure to find a number that will appeal to you. The presentation is perhaps the icing on the cake, too, going well above and beyond what you’d usually see in what is essentially a minigame compilation-style release.

So, over to you. Are you planning on buying Clubhouse Games: 51 Worldwide Classics?

If you haven’t yet ordered your copy, you can grab a physical version of the game below. Feel free to expand upon your answer in the comments!

Please note that some links on this page are affiliate links, which means if you click them and make a purchase we may receive a small percentage of the sale. Please read our FTC Disclosure for more information.

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

iPhone 13 design kills the notch and adds USB-C — but don't get too excited – Tom's Guide

Published

on


A iPhone 13 prototype has supposedly been leaked. But while this 5.5-inch device looks interesting, one prominent leaker has already slapped down the report’s accuracy.

The original source is MacOtakara, which published a story about some alleged iPhone 13 3D printed mockups, which allegedly shows what a 2021 iPhone could look like. It’s this story that leaker Jon Prosser responded to on Twitter with the fantastically blunt answer: “lol no.” 

MacOtakara claims that the designs for these 3D prints came from a source at online retailer Alibaba. This particular model has a 5.5-inch display, and is supposedly the successor to this year’s smallest iPhone 12 model, which measures 5.4 inches according to leaks.

The clearest change here is that there is no longer a front camera notch, which has been present from the iPhone X to the iPhone 11, and is likely coming to the iPhone 12, too. MacOtakara suggests that there will be an under-display selfie camera instead, as well as potentially a camera at the bottom of the screen.

(Image credit: MacOtakara)

We know under-display cameras are on their way, with Samsung, Oppo and Xiaomi all looking into the technology for their 2021 phones. But we’d be surprised if Apple immediately adopted this new tech as well.

If Apple was to move its cameras beneath the display, it would have to factor in how it would affect Face ID. The infrared sensor could be located in the bottom camera previously mentioned, or Apple could decide to go for an under-display fingerprint scanner like many of its rivals. But we definitely don’t see Apple abandoning Face ID.

iPhone 13 mockup

(Image credit: MacOtakara)

A shot of the mockup phone’s bottom shows that the Lightning connector has been swapped for a more standard USB-C one. This is in contradiction to other rumors that have claimed that one iPhone 13 will be Apple’s first portless phone, with the company looking to avoid using USB-C on iPhones.

The back of the phone shows a very odd camera bump with five tiny holes. MacOtakara explained that this is likely a modular system to help designers test multiple camera designs more easily. Rumors for the iPhone 13’s camera array seem to be split between whether it will have four cameras – like the iPhone 12 Pro is expected to have – or if Apple will try and add more sensors outside of the main square patch.

iPhone 13 mockup

(Image credit: MacOtakara)

MacOtakara did say that this is only a prototype model and therefore could be very different from the real iPhone 13, if it does indeed exist. However, the fact this prototype differs so widely from other leaks we’ve heard makes it hard to believe.

It’s still over a year until we’ll likely see the iPhone 13 debut in fall 2021. However the iPhone 12 is expected to be revealed around September or October this year. 

We know a lot more about the iPhone 12 than next year’s model, including its four different models, 5G connectivity, OLED displays (with 120Hz refresh rates on the Pro models), new A14 chipsets and camera arrangements – two rear cameras on the iPhone 12 and 12 Max, and four on the iPhone 12 Pro and 12 Pro Max, including a LiDAR sensor like the one seen on the iPad Pro 2020.

Let’s block ads! (Why?)



Source link

Continue Reading

Trending