About Canada's COVID Alert application

About Canada's COVID Alert application

Disclaimer: First of all, I'm not writing on behalf of any entities involved in the development of the COVID Alert application. This is my take as a software engineer with some experience in mobile development.

This post is aimed to people with some questions about this application but might not know how or where to get the information they need about mobile technologies and the Exposure Notification framework, therefore it might be a bit boring for more advanced users. My goal is to shed some light for the general population about this complicated topic so that they can make informed decisions and not based them in assumptions.

On Friday, July 31st, the federal government released the COVID Alert app. The mobile application is referred to as an exposure-notification app because when a user voluntarily enters a code given by provincial health agencies to people who tested positive for COVID19, the application notifies everyone who was close to that person (within 2mts) for at least 15min in the past 14 days.

Within a few hours of the announcement, on Twitter the terms iOS 13.5 and iPhone 6 were trending in Canada:

Out of curiosity I started reading the tweets and many (if not most) of them were users complaining that they, a family member or a friend couldn't download the application because it required iOS 13.5 or a newer version. The oldest iPhone that supports iOS 13 is the iPhone 6S, this means users with the iPhone 6 or older won't be able to install the COVID Alert application. Even thought this is true, many people are jumping to conclusions that are wrong because they are based in misinformation or not having the right context.

Why is iOS 13.5 or newer needed?

The COVID Alert application is based on COVID Shield, a mobile application created by a group of volunteers from Shopify. This application uses a framework called Exposure Notification which was released as part of the iOS 13.5 release.
Besides the Exposure Notification framework itself, there were changes needed in the Bluetooth and Cryptography frameworks to make the whole protocol work.

In other words, the COVID Alert application requires users to update to iOS 13.5 or newer to be able to use the new iOS features to get the exposure notifications.

Why is a good idea for the COVID Alert application to use the Exposure Notification framework?

The Exposure Notification was built to preserve the privacy of the users while providing helpful information in the event someone was in close proximity to a person that tests positive. By using this framework the users benefit from optimizations at the platform level because the protocol was designed to preserve battery on the devices and not track the location of the users, the devices communicate to each other using random numbers that are not identifiable, meaning they don't reveal any information about the user.

In the stream of tweets with the trending iOS 13.5 term, also saw some people asking "why couldn't the government just release a version for older devices? If small companies do it, why can't the government do it?"

Although I understand the logic behind "Company X, who built a simple QR Scanner app, can support all the way down to iOS 10; why the government, with all of it resources, can't do the same?", that's not really the way to see it. This has nothing to do with what the government can do with its resources, the functionality and features of the Exposure Notification framework are simply not present in any iOS version previous to iOS 13.5. In other words, no developer can add support to an application for the Exposure Notification to older iOS versions, regardless of how small or big they are or how many resources they have.

Why don't just backport the Exposure Notification framework to older iOS versions?

Some people were asking this question mentioning that there have been instances where security patches were released for very old versions of iOS. This is a great question and I don't know the real answer here but Apple definitely has its reasons. However, my best bet is that it would be very complicated to backport the Bluetooth and/or Cryptography frameworks’ functionality and maintain the same optimizations on the hardware. In other words, it might be very difficult to backport the entire functionality without affecting the performance of the device and/or change a lot of code to accommodate the Exposure Notification framework.

What happens to all users with the iPhone 6 or older?

Some people might read all this and say, "yes, this is all great and makes sense but at the end of the day users with iPhones older than 5 years won't be able to use the application". This is a good point and yes, unfortunately, these users won't be able to use the COVID Alert application. Yet, this is because the limitations with the current technology.

Conclusions

Maybe we'll have a solution that works for older devices in the future, however at the moment the Exposure Notification framework is a solution that provides all the benefits of a great exposure application while protecting the privacy of all of its users.

As always, if you see anything that's incorrect/inaccurate please let me know.