Apple and Google update joint coronavirus tracing tech to improve user privacy and developer flexibility

Apple and Google have provided a number of updates about the technical details of their joint contact tracing system, which they’re now exclusively referring to as an “exposure notification” technology, since the companies say this is a better way to describe what they’re offering. The system is just one part of a contact tracing system, they note, not the entire thing. Changes include modifications made to the API that the companies say provide stronger privacy protections for individual users, and changes to how the API works that they claim will enable health authorities building apps that make use of it to develop more effective software.

The additional measures being implemented to protect privacy include changing the cryptography mechanism for generating the keys used to trace potential contacts. They’re no longer specifically bound to a 24-hour period, and they’re now randomly generated instead of derived from a so-called “tracing key” that was permanently attached to a device. In theory, with the old system, an advanced enough attack with direct access to the device could potentially be used to figure out how individual rotating keys were generated from the tracing key, though that would be very, very difficult. Apple and Google clarified that it was included for the sake of efficiency originally, but they later realized they didn’t actually need this to ensure the system worked as intended, so they eliminated it altogether.

The new method makes it even more difficult for a would-be bad actor to determine how the keys are derived, and then attempt to use that information to use them to track specific individuals. Apple and Google’s goal is to ensure this system does not link contact tracing information to any individual’s identity (except for the individual’s own use) and this should help further ensure that’s the case.

The companies will now also be encrypting any metadata associated with specific Bluetooth signals, including the strength of signal and other info. This metadata can theoretically be used in sophisticated reverse identification attempts, by comparing the metadata associated with a specific Bluetooth signal with known profiles of Bluetooth radio signal types as broken down by device and device generation. Taken alone, it’s not much of a risk in terms of exposure, but this additional step means it’s even harder to use that as one of a number of vectors for potential identification for malicious use.

It’s worth noting that Google and Apple say this is intended as a fixed length service, and so it has a built-in way to disable the feature at a time to be determined by regional authorities, on a case-by-case basis.

Finally on the privacy front, any apps built using the API will now be provided exposure time in five-minute intervals, with a maximum total exposure time reported of 30 minutes. Rounding these to specific five-minute duration blocks and capping the overall limit across the board helps ensure this info, too, is harder to link to any specific individual when paired with other metadata.

On the developer and health authority side, Apple and Google will now be providing signal strength information in the form of Bluetooth radio power output data, which will provide a more accurate measure of distance between two devices in the case of contact, particularly when used with existing received signal strength info from the corresponding device that the API already provides access to.

Individual developers can also set their own parameters in terms of how strong a signal is and what duration will trigger an exposure event. This is better for public health authorities because it allows them to be specific about what level of contact actually defines a potential contact, as it varies depending on geography in terms of the official guidance from health agencies. Similarly, developers can now determine how many days have passed since an individual contact event, which might alter their guidance to a user (i.e. if it’s already been 14 days, measures would be very different from if it’s been two).

Apple and Google are also changing the encryption algorithm used to AES, from the HMAC system they were previously using. The reason for this switch is that the companies have found that by using AES encryption, which can be accelerated locally using on-board hardware in many mobile devices, the API will be more energy efficiency and have less of a performance impact on smartphones.

As we reported Thursday, Apple and Google also confirmed that they’re aiming to distribute next week the beta seed version of the OS update that will support these devices. On Apple’s side, the update will support any iOS hardware released over the course of the past four years running iOS 13. On the Android side, it would cover around 2 billion devices globally, Android said.

Coronavirus tracing: Platforms versus governments

One key outstanding question is what will happen in the case of governments that choose to use centralized protocols for COVID-19 contact tracing apps, with proximity data uploaded to a central server — rather than opting for a decentralized approach, which Apple and Google are supporting with an API.

In Europe, the two major EU economies, France and Germany, are both developing contact tracing apps based on centralized protocols — the latter planning deep links to labs to support digital notification of COVID-19 test results. The U.K. is also building a tracing app that will reportedly centralize data with the local health authority.

This week Bloomberg reported that the French government is pressuring Apple to remove technical restrictions on Bluetooth access in iOS, with the digital minister, Cedric O, saying in an interview Monday: “We’re asking Apple to lift the technical hurdle to allow us to develop a sovereign European health solution that will be tied our health system.”

While a German-led standardization push around COVID-19 contact tracing apps, called PEPP-PT — that’s so far only given public backing to a centralized protocol, despite claiming it will support both approaches — said last week that it wants to see changes to be made to the Google-Apple API to accommodate centralized protocols.

Asked about this issue an Apple spokesman told us it’s not commenting on the apps/plans of specific countries. But the spokesman pointed back to a position on Bluetooth it set out in an earlier statement with Google — in which the companies write that user privacy and security are “central” to their design.

Judging by the updates to Apple and Google’s technical specifications and API framework, as detailed above, the answer to whether the tech giants will bow to government pressure to support state centralization of proximity social graph data looks to be a strong “no.”

The latest tweaks look intended to reinforce individual privacy and further shrink the ability of outside entities to repurpose the system to track people and/or harvest a map of all their contacts.

The sharpening of the Apple and Google’s nomenclature is also interesting in this regard — with the pair now talking about “exposure notification” rather than “contact tracing” as preferred terminology for the digital intervention. This shift of emphasis suggests they’re keen to avoid any risk of their role being (mis)interpreted as supporting broader state surveillance of citizens’ social graphs, under the guise of a coronavirus response.

Backers of decentralized protocols for COVID-19 contact tracing — such as DP-3T, a key influence for the Apple-Google joint effort that’s being developed by a coalition of European academics — have warned consistently of the risk of surveillance creep if proximity data is pooled on a central server.

Apple and Google’s change of terminology doesn’t bode well for governments with ambitions to build what they’re counter-branding as “sovereign” fixes — aka data grabs that do involve centralizing exposure data. Although whether this means we’re headed for a big standoff between certain governments and Apple over iOS security restrictions — à la Apple vs the FBI — remains to be seen.

Earlier today, Apple and Google’s EU privacy chiefs also took part in a panel discussion organized by a group of European parliamentarians, which specifically considered the question of centralized versus decentralized models for contact tracing.

Asked about supporting centralized models for contact tracing, the tech giants offered a dodge, rather than a clear “no.”

“Our goal is to really provide an API to accelerate applications. We’re not obliging anyone to use it as a solution. It’s a component to help make it easier to build applications,” said Google’s Dave Burke, VP of Android engineering.

“When we build something we have to pick an architecture that works,” he went on. “And it has to work globally, for all countries around the world. And when we did the analysis and looked at different approaches we were very heavily inspired by the DP-3T group and their approach — and that’s what we have adopted as a solution. We think that gives the best privacy preserving aspects of the contacts tracing service. We think it’s also quite rich in epidemiological data that we think can be derived from it. And we also think it’s very flexible in what it could do. [The choice of approach is] really up to every member state — that’s not the part that we’re doing. We’re just operating system providers and we’re trying to provide a thin layer of an API that we think can help accelerate these apps but keep the phone in a secure, private mode of operation.”

“That’s really important for the expectations of users,” Burke added. “They expect the devices to keep their data private and safe. And then they expect their devices to also work well.”

DP-3T’s Michael Veale was also on the panel — busting what he described as some of the “myths” about decentralized contacts tracing versus centralized approaches.

“The [decentralized] system is designed to provide data to epidemiologists to help them refine and improve the risk score — even daily,” he said. “This is totally possible. We can do this using advanced methods. People can even choose to provide additional data if they want to epidemiologists — which is not really required for improving the risk score but might help.”

“Some people think a decentralized model means you can’t have a health authority do that first call [to a person exposed to a risk of infection]. That’s not true. What we don’t do is we don’t tag phone numbers and identities like a centralized model can to the social network. Because that allows misuse,” he added. “All we allow is that at the end of the day the health authority receives a list separate from the network of whose phone number they can call.”

MEP Sophie in ‘t Veld, who organzied the online event, noted at the top of the discussion they had also invited PEPP-PT to join the call but said no one from the coalition had been able to attend the video conference.

from Android – TechCrunch https://ift.tt/3aCfpyI
via IFTTT

Apple and Google update joint coronavirus tracing tech to improve user privacy and developer flexibility

Apple and Google have provided a number of updates about the technical details of their joint contact tracing system, which they’re now exclusively referring to as an “exposure notification” technology, since the companies say this is a better way to describe what they’re offering. The system is just one part of a contact tracing system, they note, not the entire thing. Changes include modifications made to the API that the companies say provide stronger privacy protections for individual users, and changes to how the API works that they claim will enable health authorities building apps that make use of it to develop more effective software.

The additional measures being implemented to protect privacy include changing the cryptography mechanism for generating the keys used to trace potential contacts. They’re no longer specifically bound to a 24-hour period, and they’re now randomly generated instead of derived from a so-called “tracing key” that was permanently attached to a device. In theory, with the old system, an advanced enough attack with direct access to the device could potentially be used to figure out how individual rotating keys were generated from the tracing key, though that would be very, very difficult. Apple and Google clarified that it was included for the sake of efficiency originally, but they later realized they didn’t actually need this to ensure the system worked as intended, so they eliminated it altogether.

The new method makes it even more difficult for a would-be bad actor to determine how the keys are derived, and then attempt to use that information to use them to track specific individuals. Apple and Google’s goal is to ensure this system does not link contact tracing information to any individual’s identity (except for the individual’s own use) and this should help further ensure that’s the case.

The companies will now also be encrypting any metadata associated with specific Bluetooth signals, including the strength of signal and other info. This metadata can theoretically be used in sophisticated reverse identification attempts, by comparing the metadata associated with a specific Bluetooth signal with known profiles of Bluetooth radio signal types as broken down by device and device generation. Taken alone, it’s not much of a risk in terms of exposure, but this additional step means it’s even harder to use that as one of a number of vectors for potential identification for malicious use.

It’s worth noting that Google and Apple say this is intended as a fixed length service, and so it has a built-in way to disable the feature at a time to be determined by regional authorities, on a case-by-case basis.

Finally on the privacy front, any apps built using the API will now be provided exposure time in five-minute intervals, with a maximum total exposure time reported of 30 minutes. Rounding these to specific five-minute duration blocks and capping the overall limit across the board helps ensure this info, too, is harder to link to any specific individual when paired with other metadata.

On the developer and health authority side, Apple and Google will now be providing signal strength information in the form of Bluetooth radio power output data, which will provide a more accurate measure of distance between two devices in the case of contact, particularly when used with existing received signal strength info from the corresponding device that the API already provides access to.

Individual developers can also set their own parameters in terms of how strong a signal is and what duration will trigger an exposure event. This is better for public health authorities because it allows them to be specific about what level of contact actually defines a potential contact, as it varies depending on geography in terms of the official guidance from health agencies. Similarly, developers can now determine how many days have passed since an individual contact event, which might alter their guidance to a user (i.e. if it’s already been 14 days, measures would be very different from if it’s been two).

Apple and Google are also changing the encryption algorithm used to AES, from the HMAC system they were previously using. The reason for this switch is that the companies have found that by using AES encryption, which can be accelerated locally using on-board hardware in many mobile devices, the API will be more energy efficiency and have less of a performance impact on smartphones.

As we reported Thursday, Apple and Google also confirmed that they’re aiming to distribute next week the beta seed version of the OS update that will support these devices. On Apple’s side, the update will support any iOS hardware released over the course of the past four years running iOS 13. On the Android side, it would cover around 2 billion devices globally, Android said.

Coronavirus tracing: Platforms versus governments

One key outstanding question is what will happen in the case of governments that choose to use centralized protocols for COVID-19 contact tracing apps, with proximity data uploaded to a central server — rather than opting for a decentralized approach, which Apple and Google are supporting with an API.

In Europe, the two major EU economies, France and Germany, are both developing contact tracing apps based on centralized protocols — the latter planning deep links to labs to support digital notification of COVID-19 test results. The U.K. is also building a tracing app that will reportedly centralize data with the local health authority.

This week Bloomberg reported that the French government is pressuring Apple to remove technical restrictions on Bluetooth access in iOS, with the digital minister, Cedric O, saying in an interview Monday: “We’re asking Apple to lift the technical hurdle to allow us to develop a sovereign European health solution that will be tied our health system.”

While a German-led standardization push around COVID-19 contact tracing apps, called PEPP-PT — that’s so far only given public backing to a centralized protocol, despite claiming it will support both approaches — said last week that it wants to see changes to be made to the Google-Apple API to accommodate centralized protocols.

Asked about this issue an Apple spokesman told us it’s not commenting on the apps/plans of specific countries. But the spokesman pointed back to a position on Bluetooth it set out in an earlier statement with Google — in which the companies write that user privacy and security are “central” to their design.

Judging by the updates to Apple and Google’s technical specifications and API framework, as detailed above, the answer to whether the tech giants will bow to government pressure to support state centralization of proximity social graph data looks to be a strong “no.”

The latest tweaks look intended to reinforce individual privacy and further shrink the ability of outside entities to repurpose the system to track people and/or harvest a map of all their contacts.

The sharpening of the Apple and Google’s nomenclature is also interesting in this regard — with the pair now talking about “exposure notification” rather than “contact tracing” as preferred terminology for the digital intervention. This shift of emphasis suggests they’re keen to avoid any risk of their role being (mis)interpreted as supporting broader state surveillance of citizens’ social graphs, under the guise of a coronavirus response.

Backers of decentralized protocols for COVID-19 contact tracing — such as DP-3T, a key influence for the Apple-Google joint effort that’s being developed by a coalition of European academics — have warned consistently of the risk of surveillance creep if proximity data is pooled on a central server.

Apple and Google’s change of terminology doesn’t bode well for governments with ambitions to build what they’re counter-branding as “sovereign” fixes — aka data grabs that do involve centralizing exposure data. Although whether this means we’re headed for a big standoff between certain governments and Apple over iOS security restrictions — à la Apple vs the FBI — remains to be seen.

Earlier today, Apple and Google’s EU privacy chiefs also took part in a panel discussion organized by a group of European parliamentarians, which specifically considered the question of centralized versus decentralized models for contact tracing.

Asked about supporting centralized models for contact tracing, the tech giants offered a dodge, rather than a clear “no.”

“Our goal is to really provide an API to accelerate applications. We’re not obliging anyone to use it as a solution. It’s a component to help make it easier to build applications,” said Google’s Dave Burke, VP of Android engineering.

“When we build something we have to pick an architecture that works,” he went on. “And it has to work globally, for all countries around the world. And when we did the analysis and looked at different approaches we were very heavily inspired by the DP-3T group and their approach — and that’s what we have adopted as a solution. We think that gives the best privacy preserving aspects of the contacts tracing service. We think it’s also quite rich in epidemiological data that we think can be derived from it. And we also think it’s very flexible in what it could do. [The choice of approach is] really up to every member state — that’s not the part that we’re doing. We’re just operating system providers and we’re trying to provide a thin layer of an API that we think can help accelerate these apps but keep the phone in a secure, private mode of operation.”

“That’s really important for the expectations of users,” Burke added. “They expect the devices to keep their data private and safe. And then they expect their devices to also work well.”

DP-3T’s Michael Veale was also on the panel — busting what he described as some of the “myths” about decentralized contacts tracing versus centralized approaches.

“The [decentralized] system is designed to provide data to epidemiologists to help them refine and improve the risk score — even daily,” he said. “This is totally possible. We can do this using advanced methods. People can even choose to provide additional data if they want to epidemiologists — which is not really required for improving the risk score but might help.”

“Some people think a decentralized model means you can’t have a health authority do that first call [to a person exposed to a risk of infection]. That’s not true. What we don’t do is we don’t tag phone numbers and identities like a centralized model can to the social network. Because that allows misuse,” he added. “All we allow is that at the end of the day the health authority receives a list separate from the network of whose phone number they can call.”

MEP Sophie in ‘t Veld, who organzied the online event, noted at the top of the discussion they had also invited PEPP-PT to join the call but said no one from the coalition had been able to attend the video conference.

from Apple – TechCrunch https://ift.tt/3aCfpyI

Indian smartphone market grew by 4% in Q1, but projected to decline by 10% this year

India has emerged as one of the fastest growing smartphone markets in the last decade, reporting growth each quarter even as handset shipments slowed or declined elsewhere globally. But the world’s second largest smartphone is beginning to feel the coronavirus heat, too.

The Indian smartphone market grew by a modest 4% year-over-year in the quarter that ended on March 31, research firm Counterpoint said Friday evening. The shipment grew annually in January and February, when several firms launched their smartphones and unveiled aggressive promotional plans.

But in March, the shipment saw a 19% year-over-year dip, the firm said. Counterpoint estimated that the smartphone shipments in India will decline by 10% this year, compared to a 8.9% growth in 2019 and 10% growth in 2018.

The research firm also cautioned that India’s lockdown, ordered last month, has severely slowed down the local smartphone industry and it may take seven to eight months to get back on track. Currently, only select items such as grocery products are permitted to be sold in India.

Prachir Singh, Senior Research Analyst at Counterpoint Research, said the Covid-19 impact on India was relatively mild until mid-March. “However, economic activities declined as people save money in expectation of an extended period of uncertainty and an almost complete lockdown. Almost all smartphone manufacturing has been suspended. Further, with the social distancing norms, factories will be running at lower capacities even after the lockdown is lifted,” he said.

Overall, 31 million smartphone units shipped in India in Q1 2020. Chinese smartphone maker Xiaomi, which has held the tentpole position in what has become its biggest market globally for more than two years, widened its lead to command 30% of the market.

Vivo’s share grew to 17%, up from 12% during the same period last year. Samsung, which once led the Indian market, now sits at the third spot with 16% market share, down from 24% in Q1 2019. Apple maintained its recent momentum and grew by a strong 78% year-over-year in Q1 this year. It now commands 55% of the premium smartphone segment (handsets priced at $600 or above.).

More than 100 smartphone plants in India assemble or produce about 700,000 to 800,000 handsets a day, some of which are exported outside of the country. But the lockdown has halted the production and could cost the industry more than $3 billion to $4 billion in direct loss this year.

“We often draw parallels between India and China. But in China, their factories have adopted automation at various levels, something that is not the case in India,” said Tarun Pathak, a senior analyst at Counterpoint, earlier this week.

China, where smartphone sales declined by 38% annually in February this year, has already started to see recovery. Xiaomi said last month that its phone factories were already operating at more than 80% of their capacity. Globally, smartphone shipment declined by 14% in February, according to Counterpoint.

from Apple – TechCrunch https://ift.tt/3cKXYxz

Telegram hits 400 million monthly active users

Instant messaging service Telegram has amassed 400 million monthly active users, up from 300 million active users the seven-year-old service disclosed to the SEC last October.

The service — founded by Pavel Durov, who also created Russian social networking site VK — said today it adds about 1.5 million users each day and is the most downloaded social media app in over 20 nations.

Telegram said today it is working on bringing secure video call feature to its users this year in response to the growing popularity of Zoom and Houseparty. The company, headquartered in London and Dubai, did not talk about the future of its Gram cryptocurrency wallet and TON Blockchain that it had revealed in 2018, but put on hold early this year.

“As the gap in popularity between Telegram and its older competitors narrows, we find more and more validity in that original assumption,” the firm said in a blog post.

Telegram competes with dozens of instant messaging services including WhatsApp that has amassed over 2 billion users globally. Telegram often sees a surge in its user base when Facebook-owned service is facing an outage. Durov is one of the most vocal critics of WhatsApp.

Telegram today revealed a sticker directory that lists over 20,000 stickers, and detailed a handful of improvements such as a new attachment menu on Android. The firm also said it was creating a database of educational tests for students, and plans to distribute 400,000 Euro to creators for creating those tests.

TechCrunch learned last week that the service had reached the 400 million users milestone, but at the time Telegram did not respond to a request for comment.

from Android – TechCrunch https://ift.tt/3cKe1vv
via IFTTT

Germany’s COVID-19 contacts tracing app to link to labs for test result notification

A German research institute that’s involved in developing a COVID-19 contacts tracing app with the backing of the national government has released some new details about the work which suggests the app is being designed as more of a ‘one-stop shop’ to manage coronavirus impacts at an individual level, rather than having a sole function of alerting users to potential infection risk.

Work on the German app began at the start of March, per the Fraunhofer-Gesellschaft institute, with initial funding from the Federal Ministry of Education and Research and the Federal Ministry of Health funding a feasibility study.

In a PDF published today, the research organization reveals the government-backed app will include functionality for health authorities to directly notify users about a COVID-19 test result if they’ve opted in to get results this way.

It says the system must ensure only people who test positive for the virus make their measurement data available to avoid incorrect data being inputed. For the purposes of “this validation process”, it envisages “a digital connection to the existing diagnostic laboratories is implemented in the technical implementation”.

“App users can thus voluntarily activate this notification function and thus be informed more quickly and directly about their test results,” it writes in the press release (which we’ve translated from German with Google Translate) — arguing that such direct digital notification of tests results will mean that no “valuable time” is lost to curb the spread of the virus.

Governments across Europe are scrambling to get Bluetooth-powered contacts tracing apps off the ground, with apps also in the works from a number of other countries, including the UK and France, despite ongoing questions over the efficacy of digital contacts tracing vs such an infectious virus.

The great hope is that digital tools will offer a route out of economically crippling population lockdowns by providing a way to automate at least some contacts tracing — based on widespread smartphone penetration and the use of Bluetooth-powered device proximity as a proxy for coronavirus exposure.

Preventing a new wave of infections as lockdown restrictions are lifted is the near-term goal. Although — in line with Europe’s rights frameworks — use of contacts tracing apps looks set to be voluntary across most of the region, with governments wary about being seen to impose ‘health surveillance’ on citizens, as has essentially happened in China.

However if contacts tracing apps end up larded with features that are deep linking into national health systems that raises questions about how optional their use will really be.

An earlier proposal by a German consortium of medical device manufacturers, laboratories, clinics, clinical data management systems and blockchain solution providers — proposing a blockchain-based Digital Corona Health Certificate, which was touted as being able to generate “verifiable, certified test results that can be fed into any tracing app” to cut down on false positives — claimed to have backing from the City of Cologne’s public health department, as one example of potential function creep.

In March, Der Spiegel also reported on a large-scale study being coordinated by the Helmholtz Center for Infection Research in Braunschweig, to examine antibody levels to try to determine immunity across the population. Germany’s Robert Koch Institute (RKI) was reportedly involved in that study — and has been a key operator in the national contacts tracing push.

Both RKI and the Fraunhofer-Gesellschaft institute are also involved in parallel German-led pan-EU standardization effort for COVID-19 contacts tracing apps (called PEPP-PT) that’s been the leading voice for apps to centralize proximity data with governments/health authorities, rather than storing it on users’ device and performing risk processing locally.

As we reported earlier, PEPP-PT and its government backers appear to be squaring up for a battle with Apple over iOS restrictions on Bluetooth.

PEPP-PT bases its claim of being a “privacy-preserving” standard on not backing protocols or apps that use location data or mobile phone numbers — with only arbitrary (but pseudonymized) proximity IDs shared for the purpose of tracking close encounters between devices and potential coronavirus infections.

It has claimed it’s agnostic between centralization of proximity data vs decentralization, though so far the only protocol it’s publicly committed to is a centralized one.

Yet, at the same time, regional privacy experts, the EU parliament and even the European Commission have urged national governments to practice data minimization and decentralized when it comes to COVID-19 contacts tracing in order to boost citizen trust by shrinking associated privacy risks.

If apps are voluntary citizens’ trust must be earned not assumed, is the key argument. Without substantial uptake the utility of digital contacts tracing seems doubtful.

Apple and Google have also come down on the decentralized side of this debate — outting a joint effort last week for an API and later opt-in system-wide contacts tracing. The first version of their API is slated to be in developers’ hands next week.

Meanwhile, a coalition of nearly 300 academics signed an open letter at the start of this week warning that centralized systems risked surveillance creep — voicing support for decentralized protocols, such as DP-3T: Another contact tracing protocol that’s being developed by a separate European coalition which has been highly critical of PEPP-PT.

And while PEPP-PT claimed recently to have seven governments signed up to its approach, and 40 more in the pipeline, at least two of the claimed EU supporters (Switzerland and Spain) had actually said they will use a decentralized approach.

The coalition has also been losing support from a number of key research institutions which had initially backed its push for a “privacy-preserving” standard, as controversy around its intent and lack of transparency has grown.

Nonetheless the two biggest EU economies, Germany and France, appear to be digging in behind a push to centralize proximity data — putting Apple in their sights.

Bloomberg reported earlier this week that the French government is pressurizing Apple to remove Bluetooth restrictions for its COVID-19 contacts tracing app which also relies on a ‘trusted authority’ running a central server (we’ve covered the French ROBERT protocol in detail here).

It’s possible Germany and France are sticking to their centralized guns because of wider plans to pack more into these contacts tracing apps than simply Bluetooth-powered alerts — as suggested by the Fraunhofer document.

Access to data is another likely motivator.

“Only if research can access sufficiently valid data it is possible to create forecasts that are the basis for planning further steps against are the spread of the virus,” the institute goes on. (Though, as we’ve written before, the DP-3T decentralized protocol sets out a path for users to opt in to share proximity data for research purposes.)

Another strand that’s evident from the Fraunhofer PDF is sovereignty.

“Overall, the approach is based on the conviction that the state healthcare system must have sovereignty over which criteria, risk calculations, recommendations for action and feedback are in one such system,” it writes, adding: “In order to achieve the greatest possible usability on end devices on the market, technical cooperation with the targeted operating system providers, Google and Apple, is necessary.”

Apple and Google did not respond to requests for comment on whether they will be making any changes to their API as result of French and German pressure.

Fraunhofer further notes that “full compatibility” between the German app and the centralized one being developed by French research institutes Inria and Inserm was achieved in the “past few weeks” — underlining that the two nations are leading this particular contacts tracing push.

In related news this week, Europe’s Data Protection Board (EDPB) put out guidance for developers of contacts tracing apps which stressed an EU legal principle related to processing personal data that’s known as purpose limitation — warning that apps need to have purposes “specific enough to exclude further processing for purposes unrelated to the management of the COVID-19 health crisis (e.g., commercial or law enforcement purposes)”.

Which sounds a bit like the regulator drawing a line in the sand to warn states that might be tempted to turn contacts tracing apps into coronavirus immunity passports.

The EDPB also urged that “careful consideration” be given to data minimisation and data protection by design and by default — two other key legal principles baked into Europe’s General Data Protection Regulation, albeit with some flex during a public health emergency.

However the regulatory body took a pragmatic view on the centralization vs decentralization debate — saying both approaches are “viable” in a contacts tracing context, with the key caveat that “adequate security measures” must be in place.

from Apple – TechCrunch https://ift.tt/3bJouXO

Polestar’s first all-electric vehicle will start at $59,900 in the US

Polestar, the electric performance brand spun out of Volvo, said the base price of its first all-electric vehicle will be $59,900 in the United States, lower than originally targeted.

The 2021 Polestar 2, an electric performance fastback, is the first EV to come out of a brand that was relaunched three years ago. Polestar, once a high-performance brand under Volvo Cars, was recast as an electric performance brand in 2017. The aim was to produce exciting and fun-to-drive electric vehicles — a niche that Tesla was the first to fill and has dominated ever since.

The company believes the vehicle is well-positioned for a successful entry into the U.S. market thanks to its lower pricing, tax incentives and the ability for customers to buy it online, said Gregor Hembrough, who heads up Polestar USA. The U.S. prices are also below incentive thresholds in a few critical markets such as California and New York.

Polestar has been trickling out announcements around the upcoming Polestar 2 for months now, including pricing for Europe, which starts at €58,800. On Thursday, the company revealed a few more pricing details for the various options customers can buy, including a $5,000 performance pack, a $4,000 upgrade of Nappa leather interior and $1,200 for 20-inch alloy wheels.

The Polestar 2 will likely be held up as a possible competitor to the Tesla Model 3. The pricing on the two vehicles don’t quite match up unless the $7,500 federal tax incentive, for which Polestar still qualifies, is considered. Tesla no longer qualifies for the federal tax credit because it has sold more than 200,000 electric vehicles.

Stripping out the incentives, the base price of the Polestar 2 is slightly more expensive than the performance version of the Model 3, which starts at $56,990.

Until the automaker begins delivery to the U.S., which is expected this summer, it won’t be clear how it stacks up against the Model 3.

Polestar is aiming to attract customers with tech and the performance specs of the fastback, which produces 408 horsepower, 487 pound feet of torque and has a 78 kWh battery pack that delivers an estimated range of 292 miles under Europe’s WLTP. Polestar hasn’t released the EPA estimates for the Polestar 2.

The interior of the Polestar 2, which features Google’s Android Automotive operating system.

The Polestar 2’s infotainment system will be powered by Android OS and, as a result, bring into the car embedded Google services such as Google Assistant, Google Maps and the Google Play Store. This shouldn’t be confused with Android Auto, which is a secondary interface that lies on top of an operating system. Android OS is modeled after its open-source mobile operating system that runs on Linux. But instead of running smartphones and tablets, Google modified it so it could be used in cars.

Polestar, which is jointly owned by Volvo Car Group and Zhejiang Geely Holding of China, plans to open physical retail showrooms called Polestar Spaces once stay-at-home orders prompted by the COVID-19 pandemic are lifted. The first of these locations will open on the West Coast of the United States and New
York in late summer 2020, the company said. The Polestar 2 will be available in all 50 states to buy or lease.

from Android – TechCrunch https://ift.tt/2ShpSJV
via IFTTT

First version of Apple and Google’s contact tracing API should be available to developers next week

The first version of Apple and Google’s jointly developed, cross-platform contact tracing API should be available to developers as of next week, according to a conversation between Apple CEO Tim Cook and European Commission for internal market Thierry Breton. Bretton shared a photo from his office which shows him having a video conversation with Cook, and told Les Echos that the Apple chief executive told him April 28 would be the day the contact tracing API will be available to software developers building apps that employ it on behalf of public health agencies.

Apple and Google announced that they were working on the contract tracing system, which works across iOS and Android mobile device, on April 10, and detailed how the opt-in network would use randomized IDs not tied to a user’s actual identify information to communicate potential contacts with individuals with a confirmed positive COVID-19 diagnosis. It’s a decentralized system that never collects any geographic data in order to preserve individual privacy, and Apple and Google chose to collaborate on the project so that any apps built to use it will have the furthest potential reach possible in terms of user base.

The rollout of the contact tracing system is happening in two parts: First, the API is being made available to developers – that’s the part that’s happening next week. This phase was originally set for a mid-May release, but it sounds like the companies have stepped up their timeline (at least on the Apple side) based on this conversation between Thierry and Cook. That makes sense, given the urgency of the need for contact tracing in order to better understand how and when to alter or relax social distancing measures.

The second part of the plan is issuing a system update to build in contact tracing at the OS level. Opt-in would be managed on the device, and both Android and iOS smartphones with this toggle enabled would automatically be able to participate in local contact tracing efforts –whether or not they had any specific health agency apps installed. Apple and Google clarified in a follow-up Q&A session about the system that users would still be prompted to download and install a public health app from their local authority should their phone notify them of a possible contact, so that they could get additional info about next steps from a trusted source.

Note that the second phase isn’t expected until sometime later this year, but the early arrival of the first version of the API for developers is a promising sign that suggests both companies are focusing considerable effort and resources on getting this to market.

There are myriad contact tracing systems either in development or already being implemented, but a common technological backbone that makes it possible for them to cross-communicate, and that opens up broad participation across the most popular mobile devices currently in use has the greatest chance of actually being effective.

from Android – TechCrunch https://ift.tt/3eMc3wA
via IFTTT