Last month Apple and Google announced a joint effort to enable APIs and operating system-level technology to assist in enabling contact tracing using Bluetooth in the phones. The companies also announced they will release APIs that enable interoperability between Android and iOS devices using apps from public health authorities.
Apple recently released Beta 3 of iOS 13.5 with code needed to run apps built using the exposure notification API and Google delivered its beta Google Play Services update with the exposure notification API and the accompanying SDK privately to select developers for testing.
Today both Google and Apple have released sample code, UI screenshots and detailed policies for COVID-19 exposure notification apps and also said that they will be prohibiting location data collection. These companies have also released new policies that any developers working with the API must adhere to in order to get their apps approved for use. These include:
- Apps must be created by or for a government public health authority and they can only be used for COVID-19 response efforts.
- Apps must require users to consent before the app can use the Exposure Notifications API.
- Apps must require users to consent before sharing a positive test result, and the “Diagnosis Keys” associated with their devices, with the public health authority.
- Apps should only collect the minimum amount of data necessary and can only use that data for COVID-19 response efforts. All other uses of user data, including targeting advertising, is not permitted.
- Apps are prohibited from seeking permission to access Location Services.