Apple has released iOS 13.5, which includes support for the Exposure Notification API that it co-created with Google to support public health authorities in their contact-tracing efforts to combat COVID-19. The API requires third-party apps developed by public health authorities for use, and none have yet been released, but iOS device users already have access to COVID-19 Exposure Logging global settings.
As previewed in the beta release, you can access the Exposure Logging settings under the Settings app, then navigate to the Privacy subsection. From there, you can select the Health submenu and find the COVID-19 Exposure Logging setting, which will be off be default. It can’t be turned on at all until you actually get an authorized app to enable them, at which point you’ll receive a pop-up asking you to authorize Exposure Notifications access. Once you do, you can return here to toggle notifications off, and also manually delete your device’s exposure log should you choose to opt out.
Apple and Google both have emphasized that they want as much user control and visibility into the Exposure Notification API as possible. They’re using randomized, temporary identifiers that are not centrally stored to do the exposure notification, and are also forbidding the simultaneous use of geolocation services and the Exposure Notification API within the same app. This manual control is another step to ensure that users have full control over what info they share to participate in the system, and when.
Contact tracing is a time-tested strategy for combating the spread of infectious disease, and has traditionally worked by attempting to trace potential exposure by interviewing infected individuals and learning as much as possible about their movements during their infectious period. Modern connected devices mean that we can potentially make this far more efficient and accurate, but Google and Apple have worked with privacy experts to try to determine a way to make this happen without exposing users to privacy risks. Matching also happens locally on a user’s device, not in any centralized database.
Apple and Google are currently working with public health authorities who are building apps based on this API, and the companies also have noted that this is a temporary measure that has been designed from the beginning to be disabled once the threat of COVID-19 has passed.