The promise of privacy is not enough. That’s why verification of privacy being preserved through open source is a must.
OpenCovidTrace is an open-source platform integrating all popular BLE (Bluetooth Low Energy) contact tracing protocols ( DP-3T, Google & Apple, BlueTrace, etc.) with an additional set of features for iOS and Android platforms.
Our vision is to provide a trustworthy contact tracing tool with universal interoperability, that empowers people and communities to fight Coronavirus.
Our mission is to develop an open-source implementation for proprietary protocols (such as Apple & Google and BlueTrace backends) which addresses privacy concerns in terms of preservation of individual privacy, and integrates with all popular open-source protocols (such as DP-3T).
More than a million Australians have downloaded a coronavirus contact tracing app within hours of it being released by the government.BBC - Apr 26 2020
Bloomberg Philanthropies has committed $10.5 million, along with organizational support and technical assistance, to help build and execute this new program.The Official Website Of New York State - Apr 22 2020
On april 10th Apple and Google did something unusual: they announced plans to work together.
Their plan is to combine their assets to assist the tracking of the covid-19 pandemic.The Economist - Apr 16 2020
Extensive, aggressive and timely contact tracing is so far the only alternative to full lockdowns to control the spread of the SARS-CoV-2 virus causing the COVID-19 disease.The Straits Times - Mar 20, 2020
OpenCovidTrace has an open-source implementation of the Apple & Google Contact Tracing Cryptography protocol, but it is different in terms of Rolling Proximity Identifiers exchange.
Currently, access to background BLE advertisement on the iOS
platform is limited, this is why OpenCovidTrace uses the Bluetooth
connection for key exchange.
This is expected to change in the next iOS update, according the documentation
In case it won’t, and it will not be possible to be fully interoperable with the Apple & Google protocol without using their API, OpenCovidTrace will use their API in the next released version of OpenCovidTrace.
Compared to Apple & Google’s solution, OpenCovidTrace is
open-source, hence, the community can verify privacy.
Also we provide GPS & QR-code based contacts and more information about bluetooth contacts, such as: time, geo-position and distance, not just ‘yes-’ or ‘no contact’.
The OpenCovidTrace app generates a 32-byte random
Private key once installed on the user’s
Private key will under no circumstances
leave the device.
Every 24 hours the app generates a so-called
Tracing Key using 16 bytes HKDF
sha-256 hash of the
Private key and day
Daily Tracing Keys will be shared to
the public server in case the user reports Covid-19
related symptoms. Of course at this point, the user’s
privacy is kept at all times.
Every 10 minutes the app generates a
Proximity Identifier using the first 16 bytes of
the HMAC sha-256 hash of the
Key and daily time interval number.
That identifier broadcasts via the Bluetooth Low Energy Service to other devices on which the OpenCovidTrace app is used, as well as other apps that function based on the Apple & Google Contact Tracing protocol
In case a user reports Covid-19 related symptoms, the app sends a message to the public server. This message will contain:
Daily Tracing Keysfrom the past 14 days
For every user, the app regularly pulls new
Daily Tracing Keys
of the user's who reported symptoms from the public server.
It sends a random rect (area created based on the user’s movements and potential contact places as explained above) and receives the new infected
Daily Tracing Keys with the user’s
coordinates and representing potential points of contact
The app searches for the locally stored
Rolling Proximity Identifiers matching the infected
Daily Tracing Keys.
If a match is found, the app sends the user notifies the user accordingly.
Original cryptography Apple & Google protocol specification can be found by this link
Rolling identifiers - change every 10 min
Contact matching on your device. 100% anonymous.
Compared to Apple & Google’s protocol, DP-3T uses a different cryptography and different Rolling Proximity Identifiers exchange method, the same as in OpenCovidTrace’s implementation of the Apple & Google protocol.
The DP-3T Contact Tracing protocol has an open-source SDK for both iOS and Android platforms, and it will be implemented in the next OpenCovidTrace release.
Daily Keyusing the sha-256 hash of the previous
Private keyfor the first key.
Rolling Proximity Identifiers) for each minute, using AES CTR encryption of the 24*60*16 zeros-bytes data array by
HMAC("broadcast key" || DailyKey)key
EphIDfor the BLE contact exchange in the same way as described in the Apple & Google protocol implementation above.
Daily keysof the last 14 days to the public server.
Daily Keysof the users who reported symptoms from the public server, generates 24*60
Daily Keyand compares it to locally stored
The original DP-3T Contact Tracing protocol specification can be found by this link
BlueTrace is the protocol which was implemented by the government-sponsored mobile app in Singapore.
The Government of Singapore released its specification to the public, and it is one of the candidates to become a global contact-tracing standard.
However, it has various shortcomings when compared to Apple & Google and DP-3T approach, but OpenCovidTrace will add support for it for interoperability reasons in the next release.
The BlueTrace Contact Tracing protocol specification can be found by this link