[ad_1]
Google and Apple strengthen data protection precautions for your planned infrastructure for Corona warning applications. The improvements, which were described in a frequently asked questions document (such as PDF), should make monitoring of individual users even more difficult. On Friday, the two companies explained that additional data, such as the signal strength associated with the Bluetooth radio, was also encrypted. This should make it impossible to identify individual device models based on such characteristics.
Key exchange
Corona applications are designed to help contain contagion if exit restrictions are relaxed. They are supposed to record which smartphones have gotten close to each other and warn users if they later turn out to be next to infected people.
With the concept of Apple and Google measured using the Bluetooth signal strength. Smartphones must also exchange cryptographic keys via Bluetooth, which change every 10 to 20 minutes. This should allow you to understand the encounters without an individual being traceable. These keys must now be generated completely at random to improve security. The maximum measured meeting time is limited to 30 minutes and is determined in 5 minute steps.
Disputes in implementation
Of Google comes the dominant smartphone system Android; Apple develops its iOS software iPhones. This means that American corporations are the only ones in a position to install the necessary interfaces directly on operating systems and therefore provide an efficient foundation for warning applications.
At the same time, it can be difficult to implement other concepts without your cooperation. Then call France of Apple, to ease the restrictions for background Bluetooth operation introduced for data protection reasons, so that the government The planned Corona app works.
Unknown identity
A key point of the concept of Apple and Google is that the determination of whether you are close to an infected user should only be done on the smartphone. To do this, they download cryptographic key lists that belong to infected people at least once a day. Your identity remains for Apple, Google and the other users of the application are unknown.
The changes announced on Friday also aim to give developers and authorities more scope in the design of the Corona app. They can use a new interface to set limit values for signal strength and the time devices spend next to each other. In other words: Google and Apple provide the technical tools, but the health authorities decide when they expect to become infected.
From Android 6
Apple want interfaces for everyone first iPhones expose that with the operating system version iOS 13 run to Google is Android 6. One of the most recent changes is the exchange of the encryption algorithm; This should improve battery life.
CCC criticizes PEPP-PT
Currently there are also in Germany Controversy among Corona application developers because some take a centralized data storage approach. So warned on Friday Chaos Computer Club before that The concept of the PEPP-PT initiative (Pan-European proximity tracking to preserve privacy), whose participants Robert Koch Institute Listened to, was not able to “quickly deliver a reasonably functional and data protection solution,” wrote the network in German. Federal Chancellery. Previously, the “Frankfurter Allgemeine Zeitung“reported on it.
The German “federal government has great confidence in the system, which is currently being tested at Fraunhofer, “said the deputy government spokeswoman. Ulrike Demmer. The Fraunhofer Institute is preparing a feasibility study for Chaos Computer Club criticized the PEPP-PT concept. In the end it will Federal Office for Information Security make a recommendation here he said Demmer. “With a central server, you must trust the person who maintains it, in this case possibly a government agency. With a decentralized system, you must Apple and Google trust who grows it. “
