Experts refute misleading claims about Apple and Google’s coronavirus contact tracing interface

Copyright AFP 2017-2020. All rights reserved.

A screenshot showing the COVID-19 Exposure Notification System, a contact tracing programme developed by Apple and Google, has been viewed thousands of times on Facebook, Twitter, Telegram, and Instagram alongside a claim that the interface has been secretly inserted onto phones and tracks user’s location. The claim is misleading: the interface does not track location, users must choose to activate exposure notifications and the system can be turned off at any time, according to Google, Apple and independent experts.

The screenshot was published on Facebook here on August 20, 2020. The post has been shared more than 1,000 times.

A screenshot, taken on August 20, 2020, of the misleading post.

Part of the post’s traditional Chinese caption translates to English as: “Kind reminder, Google has secretly installed on all of its smart phones a notification system that alerts users when they come into contact with COVID-19 patients, remember to turn it off./ P.S. Fact-checked./ It was secretly installed on my smart phone as well.” 

The caption adds that the system will "track everywhere you go" and will automatically turn on once users update their phones.

In the comment section, the Facebook user that posted the screenshot published another screenshot of the COVID-19 Exposure Notification System in Japanese on an Android phone. The user said the second screenshot proved that the claims were fact-checked. 

A screenshot, taken on August 24, 2020, of the comment from the author in the misleading post.

Other Facebook users appeared to be misled by the claim, posting comments such as: “That is true, but mine should be turned off the whole time”, “Does that only apply to Hong Kong or the rest of the world as well (confirmed, applies to the whole world)” and “Can’t we delete this?”

A screenshot taken on August 24, 2020, of a selection of comments on the misleading post.

Similar claims were also shared in traditional Chinese and English. For example here, here, here and here on Facebook; here, here, here and here on Twitter; here and here on Telegram; here, here and here on Instagram. 

The claim, however, is misleading. 

In an effort to help governments curb the spread of the novel coronavirus, Apple and Google announced the COVID-19 Exposure Notification System application programming interface (API) on April 10, 2020.

Both companies explained that the system is optional and that the technology uses Bluetooth to pair with official contact tracing apps that users must download and activate. 

The interface allows “more individuals to participate, if they choose to opt in, as well as enable interaction with a broader ecosystem of apps and government health authorities,” Apple said in this press release. 

Apple also confirmed to AFP that the partnered apps are prohibited from seeking permission to access location data and must require the users to consent to the use of Exposure Notifications API. 

Google also explicitly states here that Exposure Notification “does not collect or use the location from your device. It uses Bluetooth, which can be used to detect if two devices are near each other — without revealing where the devices are.”

Google adds that “neither Google, Apple, nor other users can see your identity” and that the “technology only works if you decide to opt-in.”

The company also confirmed to AFP that the interface can be turned off at any time, as noted here on Google Play. 

Meng Wei, an assistant professor in the Department of Computer Science & Engineering at the Chinese University of Hong Kong, also refuted the misleading claims about the COVID-19 Exposure Notification System.

“The public should not panic about this feature. There is no evidence that this mechanism has been, is being, or will be abused to compromise a user’s privacy.,” he told AFP by email on August 21, 2020. 

Meng added that the technology is designed to only support official government contact tracing apps. “Unauthorized apps shall not be able to use such a technology according to the documents,” he explained. 

Charles Mok, an industry veteran and the Hong Kong Legislative Councillor representing the Information Technology Functional Constituency, also commented on the misleading post on Facebook here on August 19, 2020. 

Part of Mok’s traditional Chinese post translates in English as: “The above information is inaccurate unless you have downloaded another app to authorize/opt-in, your phone will not have a COVID sensor, it will only have an API. An API will not be activated, and it will not be activated automatically."

The misleading claim was also debunked by an Indian fact-checker, Republic World, and Hong Kong fact-checker, Factcheck Lab