On May 20, 2020, iPhones started to receive iOS 13.5, which includes a COVID‑19 Exposure Notifications API. Despite the contact tracing feature being voluntary, people are already worried that personal information will be misused. Here's why you don't need to worry.
It's Disabled By Default
Apple and Google, the two companies that worked together to create the Exposure Notification API, made sure to put privacy first when creating the coronavirus contract tracing feature. As such, you have to opt-in to use the function, and no personal data is ever transmitted to health authorities.
Despite this, there is already a growing fear on social media that the iOS update for iPhones will automatically start sending data to health authorities. Let's break down the example below and see what they get wrong.
The first highlighted paragraph mentions the Exposure Notification API that supports COVID-19 contact tracing apps from public health authorities. So with this update, there is an API baked into the firmware, but Apple didn't install its own tracking app. You will have to download an official app from your local public health official agency before the Exposure Notification feature works at all.
Plus, not every state in the U.S. plans to release a contact tracing app using the API.
Face ID and Passcode
The second highlight pertains to Face ID, your passcode, and masks. With iOS 13.5, Apple introduced automatic mask detection. The only change is that if your iPhone detects that you're wearing a mask, it automatically drops you into the passcode screen so you can unlock your phone quickly.
Exposure Notification
The third highlight provides more information about the Exposure Notifications feature and its API. We have an entire explainer about how the COVID-19 Exposure Notifications works, but the abbreviated version is that your iPhone, if you have downloaded an official public health app and have turned on the feature, and phones around you that also have the API enabled, send out anonymous Bluetooth beacons.
Each device holds a log of beacons that they have crossed paths with. Whenever someone is diagnosed with the coronavirus, they can enter the verified case into the public health app that they have installed. From there, each person that has the infected patient's Bluetooth beacon stored on their phone from the last 14 days will get a notification along with the next steps for getting tested and treated.
At no point during this process does your personal information get transmitted to public health officials, the government, or others with the Exposure Notification API turned on. Your Bluetooth beacon is an anonymous set of numbers and letters that gets changed every 10 to 20 minutes. The feature is on your phone to inform you in case you ever interact with someone diagnosed with the virus so that you can take steps to get medical attention.
Emergency Services
Finally, this social media post highlighted updates to emergency services. The only change is the option to automatically share health and other information with emergency services when you call 911. You aren't required to turn the feature on. Still, those with allergies, are on certain medicines, or have a medical problem that first responders should know about can enable the option so that dispatchers can relay the information to paramedics and doctors.
After reading this, if you are still worried about the Exposure Logging feature, you can keep it disabled and never install a public health app that uses the data. You can verify that everything remains turned off by opening the "Settings" app on your iPhone and then going to Privacy > Health > COVID-19 Exposure Logging and double-check that the feature is toggled off.