Apple and Google release sample code, UI and detailed policies for COVID-19 exposure-notification apps

Apple and Google are providing additional resources for developers working with the first version of their Exposure Notification API, the development tools the companies have created and are working on in order to provide a cross-platform way for public health agencies to notify individuals of a potential exposure to a person with a confirmed case of COVID-19.

The first version of the Exposure Notification API, which Apple and Google renamed from the “Contact Tracing API” to more accurately reflect its actual use and purpose, was released to developers last week along with beta updates of iOS and Xcode. Today, Apple and Google are providing new sample resources for developers, including example UI assets, and sample code for both iOS and Android. These are designed as starting points that developers working on behalf of public health agencies can use to jumpstart their app development process.

The two companies have also released new policies that any developers working with the API must adhere to in order to get their apps approved for use. These include the following requirements:

  • They must be made by or for the use of an official government public health authority, and they can only be used for the purpose of responding to COVID-19.
  • They need to ask consent of a user to actually employ the API before it can actually be used.
  • They require a user’s consent to share a positive test result before broadcasting any such info with the public health authority operating the app.
  • They should only gather the minimum amount of info necessary for the purposes of exposure notification, and should use that only for the sake of COVID-19 response. In other words, these apps are explicitly forbidden from using your info for advertising or other purposes.
  • They can’t access or even seek permission to access a device’s Location Services, which provides specific geolocation data. Google and Apple note that apps already available from public health authorities that make use of location data will continue to be offered, but that no apps that make use of that info will also have access to the new Exposure Notification API.
  • There can only be one app per country, which is designed to avoid fragmentation and therefor encourage efficacy, though Apple and Google say that if a country is relying on a regional or state-based approach, they’re willing to work with authorities to support them in the best way possible. That basically means if a country notifies Apple that it’s going state-by-state with different apps, it’ll unlock the ability for multiple apps to appear in that country’s store, and that it can work with them flexibility in terms of whether the exposure notification mechanics within each state work across one another.

The companies say that they’re also going to continue the pace of updates released for their software and software development kits in advance of shipping the public version of the API to consumers starting later this month. Apple and Google had both targeted “mid-May” for the consumer-facing release of the API, with an eventual plan to release exposure notification as a system-level feature by sometime later this year.

You can take a look at the sample UI resources for both platforms below, which provide an idea of what notifications, settings screens and more will look like within the apps once they’re available. Of course, the individual apps will still vary depending on which public health authority (or developer working on their behalf) is creating the software.

[gallery ids="1983325,1983326,1983327,1983328,1983329,1983330,1983331,1983332"]

Apple and Google embarked on this unprecedented joint effort in response to outreach by a number of public health authorities who were embarking on developing their own contact-tracing app, and wanted access to specific aspects of iOS and Android to make those work. The companies decided to collaborate on a standard based on use of Bluetooth identifiers, not geolocation data, as a way to protect user identity, and also ensure the system can work in a variety of environments, including indoors where geolocation satellite services are unavailable.

Health authorities can also require that users input a unique code tied to the test they took, which can help them ensure that positive results are actually coming from verified, authorized tests rather than possibly just self-reported, or reported based on taking a test that hasn’t actually been approved by a health authority for COVID-19 diagnosis.

It’s important to note that the sample reference applications provided by both Google and Apple are not actually ever going to be available to users; they’re strictly for developers, but the companies are making them available in their entirety, including with their full source code, to developers in order to help them with their own efforts to build apps to respond to COVID-19 in a timely manner.