VERA FILES FACT CHECK: Google and Apple’s COVID-19 notifications system is OPTIONAL

Several Facebook (FB) posts are alerting netizens about a “COVID-19 sensor” that has supposedly been “inserted” in all mobile phones, instructing them to check the “trackers” in their phone’s settings.

This is misleading.

The system, which appears as “COVID-19 Exposure Notifications” in Android devices and “COVID-19 Exposure Logging” in Apple devices, does not track or “sense” potential COVID-19 carriers automatically, unlike what the posts suggest.

It is an opt-in system built jointly by Google and Apple. In technical terms, it is an application programming interface (API) designed to help local contact tracing apps “work better” by allowing them to send notifications to a person if he or she has likely been exposed to COVID-19, according to an explainer.

Its use is completely optional, and will only work if a person has installed a contact tracing app developed by his or her local public health authority.

The partnership between the two tech companies allows for the system to be used across Apple and Android devices.

The circulating FB posts even made misleading insinuations that the system was “inserted” secretly during “phone (service) disruptions” earlier in the week. The system was announced in April and launched on May 20.

A look at the comments section of the local FB posts, which have been circulating since June 29, shows some netizens being confused about how the Exposure Notifications API works while a few others expressed concern over privacy issues.

Google and Apple clarified at least three points about the API in a joint statement: “Each user gets to decide whether or not to opt-in to Exposure Notifications; the system does not collect or use location from the device; and if a person is diagnosed with COVID-19, it is up to them whether or not to report that in the public health app.”

If a person has installed a local contact tracing app and he or she has opted to use the API, the Exposure Notifications system will generate a random ID specific to his or her phone, which changes every 10 to 20 minutes to avoid tracking.

Using Bluetooth, one’s phone exchanges random IDs with other phones that also have Exposure Notifications API enabled. The IDs are then recorded and stored in one’s device.

The API asks a person to turn on his or her Location service to allow Bluetooth to detect nearby Bluetooth signals, but Google and Apple clarify in their news releases and FAQs that the system does not collect location data.

“If someone reports having COVID-19 (via their public health authority’s contact tracing app) and their ID is stored on your phone, the app will notify you of next steps to take,” a how-to guide on the Exposure Notifications system read.

A person’s identity is not revealed to Google, Apple, nor to other users. Additionally, the API can also be turned off, and the contact tracing app uninstalled, anytime.

Use of the API is limited to one contact tracing app per country, “unless the country has a regional approach, or as otherwise permitted by Google,” according to the terms of the Exposure Notification set by Google.

The Duterte administration has backed as the country’s official contact tracing app, but several experts, including former Information and Communications Technology Undersecretary Eliseo Rio, have sounded the alarm over the application for its weak privacy features and the potential for its collected data to be used for surveillance.

Social media tool CrowdTangle showed that the earliest retrievable FB posts carrying the misleading claim started circulating on June 24 among social media users in Nigeria. The claim was also shared in India through private chatting platform WhatsApp, a June 29 fact check article by website Republic World suggests.

In the Philippines, the claim started circulating on June 29 — the same day the recorded number of COVID-19 cases in the country surpassed the 36,000-mark, with over 1,200 reported deaths.

The most widely shared post bearing the misleading claim was published by a netizen on June 29. Despite initially claiming “a COVID -19 sensor has been inserted into every phone,” the netizen later made an edit on her initial post to include a disclaimer saying the supposed COVID-19 tracker “doesn’t sense or detect COVID-19” but only “relies on data submitted” by local government units and application users.

The post received over 8,400 reactions, 7,600 comments, and 23,000 shares before it was taken down. It has been republished as a new FB status at least 13 times.

(Editor’s Note: VERA Files has partnered with Facebook to fight the spread of disinformation. Find out more about this partnership and our methodology.)