From what I understood, Covid Apps for Apple would not be able to send out the bluetooth packets while running in the background because the iOS design prohibits this (probably for good reasons? battery consumption?).
All Apple did was opening up an API to allow for exceptions of the old behaviour. That plus a cooperation with Google to make sure the tracing would work across iOS and Android (while Apple usually keeps their users in a golden cage not easily left for other systems). You make it almost sound as if common standards/protocols were a bad thing in general.
How much help would it be that anyone could implement their - potentially incompatible - solutions on their own? Ultimately failing because the OS wouldn’t let that happen (like Apps not being allowed to access the camera when permission is not granted, or not allowing Apps to read all data of all other Apps).
Well, both wishful thinking and some technical knowledge.
But I’m not sure I understood what you meant.
First of all I make two different cases between Android and iOS. While Android has some degree of flexibility and part of it is Open Source, iOS is completely closed, so there’s no way of controlling it.
You make it almost sound as if common standards/protocols were a bad thing in general.
Nono! All the opposite. I’m just analysing the situation we have here. For what regards Google they could simply not wrap the API in Google Play Services, but distribute it in other ways that could make it available to most devices, whitout the need of the Services Framework.
While for what concern Apple, since they are completely closed source, I guess they could simply put some more effort and make the API available also for older versions of iOS.
Of course they have interest in doing it this way, but it should be our governments (and the EU) that should force them to follow different guidelines, they are the only entitled to do that and should have done that.
Then of course I am completely against this approach, from the point of view that a common open standard should have been developed to be used by any developer who wanted to develop such an app for whatever platform they wanted to. I thought the PEPPT-PT initiative’s goal was exactly that, and that’s what the European Commission is advising gonvernments to do. A Open Source, interoperable framework to be used cross-border by european citizens.
But now we have this shitty situation where the most compatible, cross device and cross platform framework is the A/G API, which is going to be the most widely used, but keeps people who either doesn’t have Google Play Services or an updated version of iOS out. While the ones who try to develop one that could work without the limitations decided by A/G, are locked out from communicating with the A/G API.
Thanks carallo for clearing that up, now I understand better what you mean. I have to admit I still need to look into exactly what the Exposure Notification API does. From my current knowledge at least some changes were necessary in the OS to make whatever solution work reliably (having to constantly run Covid Apps in the foreground is something I guess is not very practical). So there was no way to completely leave Apple and Google out. But sure, A/G might have done more than strictly necessary which could have been left for others to design/implement.
Yes, I agree with you. Writing from home while not actually being involved in the developing process is always easier.
Unfortunatly Apple’s and Google’s reputation for what concerns the respect of their users is not great (being sarcastic). That’s what brings me, and most of us, being very skeptical in these cases. And I get especially mad when it is a case of health and national interest.
I always think that you must earn the trust of the others.
If Google had always been very transparent and respectful I would more easily believe that this was actually the best and fastest way to implement such a protocol. So they should only blame themselves if no one trusts them anymore.
The same goes for Apple of course. If you are known to push updates to your functioning devices and make them then sluggish, always trying to put barriers so people with old software cannot download new apps, not permitting downgranding of your software and so on… how can I believe that the need of a specific new version of your OS is strictly needed to “save human lives”, from a technological point of view, and they are not simply using people’s scare of the virus to push even more their programmed obsolescence policies?
Thoses apps will not work as they need to be installaled and used on more than 60% of the people phones. As south Corea talled, the digital surveillance could not impeached a new wave of contamination,that is juste a new test to control the people. And stop covid is not anonimized. It ask you if you are real human with a capchat. Some JavaScript app that create a finrgerprint with your browser parameters and can identify you. Whatch all parameter by yourself (http://amiunique.org/FP )
The best way to protect your family is to wash your hand.
Citacion.
La Commission émet toutefois de nouvelles recommandations pour rehausser encore le niveau de sécurité, notamment sur les entités qui se verront confier les fragments des clés, sur les modalités d’authentification des individus habilités à accéder aux données enregistrées sur le serveur central ou encore sur l’usage d’un captcha lors de l’initialisation de l’application. Ce captcha sera assuré par un service tiers qui se trouve hors de l’Union européenne ; la CNIL souhaite une solution maison.
I do not think it’s possible nor do I think the core foundation for the creation of /e/ would want a tracking app like that. Hopefully microG will never implement any part of that. To be honest you might want to replace /e/ with lineage and put the full Google apps store on it. It should work after you do that.
What google/apple implemented isn’t even an app, it’s an API, which does NOTHING without an app using it.
Even if you are against this, even if it would make its way into microG, NOTHING CHANGES EXCEPT YOU INSTALL one of the tracing apps.
Secondly, the type of tracing we are talking about isn’t tracking. If we want to go there, we shouldn’t use phones at all.
An app is a tool, smart usage will help, dumb usage will not.
An api ask for data and return datas the answer which datas ? if that data is owned by a trusted entity at your eyes you should go in.
Neither phones, neither internet, should be used in some particular cases.
A mobile with no tracker can be tracked by the national ISP if conected to the mobile network, the other problem is that stopcovid permits that foreigner track french peoples.
Giving whatever seeds to mass surveillance will feed mass surveillance, which will not give you back the food or their fruits, just because it’s not working in this case.
The API returns a pseudonymous token which changes frequently and is used to find matches with people you were in a somewhat close distance with. The tokens get saved for a while, locally.
If an infected person now uploads their positive - with the app the user had to install themselves - everyone who got any of their tokens STILL SAVED gets notified.
THATS IT.
It’s not even close to tracking or surveillance.
I was already following /e/ for quite a long time, but hearing about the new Google/Apple framework API being implemented so quickly in android phones and all this covid tracking apps was kind of the spark that made me buy the /e/ FP3, precisely in order to avoid this kind of tracking technology. Wouldnt like to see it in /e/ in the future (of course im speaking from a country where its not mandatory to have this app. I think that is a topic for another discussion)
You should be proud to have an operating system where this crap doesn’t work, where they can’t track you.
An app won’t help you with Corona, the only thing that helps is (if you believe in Corona at all!!!) keeping your distance, washing your hands, done.
If you want to be followed unconditionally, just use another ROM where the evilGoogle services are all installed. Done.
/e/ Android is supposed to protect your data, but it can’t do it when such bullshit is installed.
Personally I don’t think much of the Corona and I don’t go to restaurants, but if I should go there for any reason, I would give a wrong address. As soon as it would become mandatory to use such an app, I would not use a mobile phone anymore.
An app doesn’t protect, washing your hands does.
An installed api can also be a gateway for other things. So it’s ok that /e/ Android doesn’t install this crap.
Now I had to turn on the laptop to answer here, that’s how upset I am… But now it’s time to go to work, I’m already late…
Today the official tracing (not tacking!) App for Germany got a soft release. It does not work on EOS. There should be a workaround, the private enough for me to use it.
TheScrabi, a known android developer (he should be involved in the development of NewPipe, correct me if I’m wrong), is trying do make a FOSS implementation of the German app here, this is the discussion if you wanna follow. He use to write about some update there.
The German app already is FOSS (Apache 2.0 License: https://github.com/corona-warn-app/cwa-app-android#licensing).
I think, his SDK is more important in this case, because from what I understood it’s supposed to replace the Google/Apple Exposure Notification API.
The german app relies on PPCP which is not open source. Read about the issue here in the official github.
However, I would like to stress that a FOSS implementation is on the way: https://github.com/theScrabi/CoraLibre-android-sdk
I would also install the app asap if it would work and be FOSS.
Just to make it explicit: I never questioned that. In fact I think you’re proving my point “I think, his SDK is more important in this case, because from what I understood it’s supposed to replace the Google/Apple Exposure Notification API.”
Maybe the question is if the official Corona-Warn-App would be extended to use either the Google/Apple API or this new API. That would be really cool, then the user would have a choice.
Well, that was exactly my point…
Would you install the official app if you could select the “backend”?
For me, an app on Github under Apache License plus the CoraLibre-android-sdk is “FOSS enough”.
Yes sorry, I wrote in a hurry. It’s what I meant when I said “implementation”. He is developing a FOSS PPCP-compatible SDK. So we could use that even without Google Services and still interact with all other apps which use the Google Exposure Notification API.