Pepp-PT, Apple and Google: Separated in code, united in cause and concept.

As Bluetooth experts, we are pleased that Apple and Google are joining in the fight against the Corona pandemic. Here we explain why.

Something truly extraordinary must have happened for tech giants like Google and Apple to work together. The Corona crisis is without any doubt something that extraordinary, with serious consequences for our health, our economic system and our society as a whole. A highly contagious virus is changing the world we know. And it is also changing the marketplace coordinates that we are accustomed to. When two US giants decide to cooperate, the alarm bells ring – especially in Europe.

Uncover chains of infection with Pepp-PT

In this case, however, in our view, the cooperation means an adaptation of the original Google Code of Conduct “Don’t be evil” to “be good”. And this is why: All over the world, researchers and tech developers are working on techniques to uncover chains of infection. For example, 130 researchers from eight countries have developed a privacy-friendly technique called Pepp-PT. The aim of the work, which will not produce a product of its own, is to uncover chains of infection and to be able to interrupt them as quickly and efficiently as possible. Instead of developing their own app, the project developers provide an open source code that can be integrated into existing apps or apps newly developed by public authorities and government organizations.

In theory, an app can use Bluetooth technology to measure the physical distance between two devices, as well as the time spent together within the critical radius. The apps contact each other via Bluetooth and exchange temporarily generated, anonymized and locally stored IDs. There is a “Bluetooth handshake” between the devices so that we don’t have to do it.

In this way, each app creates a contact list with IDs that were in critical proximity to the device. If a user is diagnosed with an infection, this user transfers the contact list to a central server based on his diagnosis. To do this, he only needs to log on to the server with a personal code. The IDs in his list are uploaded and marked as positively diagnosed. Subsequently the app of each person on the contact list knows to inform the user and ask them to take certain measures, such as seeking immediate medical help and/or isolating himself immediately. No information is given about which person was infected and when and where exactly the contact took place. The personal code is a TAN code provided by the informing health authority that ensures potential malware cannot inject incorrect infection information into the system.

The app-based approach

This app-based approach is one or even the only useful approach to protect broad sections of the population while complying with the strict privacy guidelines of a free society. Because there are other approaches. It is not necessary to talk about non-anonymous data collections of authoritarian regimes at this point. In free societies, participation must be based on an understanding of one’s own responsibility for the well-being of society as a whole. This principle excludes coercive measures. But approaches are also conceivable in which the role of the smartphone is taken over by wearables such as beacon bracelets. Of course, it is not possible to equip broad sections of society with the appropriate technology, especially since this would also require the establishment of a nationwide infrastructure of gateways that transport the data generated by the bracelets to a central server. And here we are talking about countries or continents. These isolated applications are suitable at most for small, closed environments.

But what do Apple and Google and their current initiative have to do with this? In practice, the Pepp PT system also faces a number of challenges that we already know from other systems, such as the BlueTrace protocol that has been used in Singapore since March: For example, iOS users have so far been asked to run the app in the foreground when in public spaces or situations with potential contact to others. But a similar problem also arises with Android systems: As is well known, apps that run in the background for a long time are deactivated by this operating system to save resources. This means that although the system would work well in theory, in practice it would require maintenance by the user, who would have to actively activate the corresponding app and keep it in the foreground. Wake-up mechanisms or “dead man’s circuits” would therefore have to keep the app alive.

The weakest link in the system would again be the single human being, who would have to actively compensate for the technical weakness of the operating systems. This would theoretically be possible for the individual citizen when for example shopping, but especially when it comes to protecting system-relevant occupational groups or, in a further step, key employees or teams critical to the operation of a company, this method has reached its limits.

To protect key employees or teams critical to the operation, this method reached its limits: It will hardly be realistic for air traffic controllers or paramedics to maintain a tracing system on their mobile phones in addition to their exposed activities. Especially since the system is designed to continue working even after the climax of the corona crisis. After all, it goes without saying that the system should not only help to cope with the current crisis, but should also provide assistance in the event of a second wave of infection or a new epidemic or pandemic. 

Apple and Google joining in

In order to overcome these challenges, Apple and Google want to jointly integrate dedicated support for contact tracing into their operating systems and bring a parts of the contact-tracing mechanisms to them natively in the medium term. Although the published technological information is still very vague, this is good news for Pepp-pt and all other initiatives dealing with contact tracing (a list of initiatives can be found here). This is what they say: „First, in May, both companies will release APIs that enable interoperability between Android and iOS devices using apps from public health  authorities.

These official apps will be available for users to download via their respective app stores. Second, in the coming months, Apple and Google will work to enable a broader Bluetooth-based contact tracing platform by building this functionality into the underlying platforms. This is a more robust solution than an API and would allow more individuals to participate, if they choose to opt in, as well as enable interaction with a broader ecosystem of apps and government health authorities”. We understand this announcement to mean that external developers will also be able to work with these new capabilities, eliminating the previous weaknesses of open trace initiatives like Pepp-PT or BlueTrace.

Collaboration provides experts with the most suitable tools

Preventing misuse of the APIs by advertising trackers is good and important, but it is equally essential that these APIs are also available to German or European corporations for contact tracing in their companies. The industry is facing huge challenges not only to restart production, but also to implement new security measures such as effective contact tracing in the shortest possible time. This will not be possible without the help of qualified experts. The new collaboration of the two tech giants will effectively help in these circumstances to provide Bluetooth experts with the most suitable tools.

Experience in some Asian countries has shown that broad-based testing, combined with isolation of confirmed cases and quarantining of their contacts, is an important part of a successful control strategy. The current bottlenecks in testing capacity should be overcome in the coming weeks. The challenge will then be to isolate confirmed cases and their contacts in a way that is compatible with our common understanding of privacy in European democracies and within companies operating in Europe.


Meet Favendo

Favendo is the trusted partner for superior Real Time Location Services. Our Team is committed to providing timely and cost effective solutions for cruise industry, large shopping malls, public venues, industrial surroundings and more. To offer our customers the most suitable system we partner with Quuppa and Abeeway. Come and meet Favendo.