Under a document published by Apple, the company has explained how they will roll back the tracking once the pandemic is taken under control. The company claims that “Google and Apple can disable the exposure notification system on a regional basis when it is no longer needed.”
Even if the contact tracing app is functioning in a certain region, the control to let the apps use location and Bluetooth data lies with the owner of the phone. The app can also be uninstalled or the exposure notification can be turned off as well.
In terms of security, the app will now be using Advanced Encryption Standard instead of the earlier Hashed Message Authentication Code (HMAC). “Many devices have built-in hardware for accelerating AES encryption. This change will help performance and efficiency to avoid slowing down the phones, as we’ve determined that AES performs better for this application,” the companies said.
The metadata attached to the Bluetooth will also be encrypted which will make it tougher for an app to use that data to identify the person using the app. The data about a user who has been near a positive contact will be retained for a maximum period of 14 days.
The document published by Apple on the FAQs are subject to modification and extension.
Both the companies will release the APIs of the app in May which will enable interoperability between Android and iOS devices using apps from public health authorities. These official applications will be available for users to download via their respective app stores.