Apple and Google Contract Tracker - Part 2

April 11, 2020

This is part 2 - continuing from yesterday’s post about the implementation choice of bluetooth. This part 2 post is specifically to discuss a breakdown of the encryption implementation.

I thought it was pretty interesting that Google chose to use homomorphic encrpytion. First time I have seen that from them.

Here is a great breakdown of how it works from Moxie Marlinspike - creator of Signal:

The “daily tracing key”

The “daily tracing key” is used to create fingerprints for your device every 15 minutes. That fingerprint is known as a proximity identifier… You will leave your fingerprint wherever you go as you move around throughout your day. You will fingerprint other people’s apps as we all become a distributed data-collection center. If someone tests positive, then they will need to publish their “daily tracing keys” which will now be broadcasted to all other devices to let them know if they came into contact with that unknown person.


As soon as someone tests positive, they are essentially giving up all privacy about where they went and who they saw… Additionally, there will be beacons put up by stores, governments, and even independent researchers to gather fingerprints as people move about public spaces.

Let's keep the internet safe and free?→Donate to the EFF!