The promise of privacy is not enough. That’s why verification of privacy being preserved through open source is a must.
OpenCovidTrace is an open-source platform integrating all popular BLE (Bluetooth Low Energy) contact tracing protocols ( DP-3T, Google & Apple, BlueTrace, etc.) with an additional set of features for iOS and Android platforms.
Our vision is to provide a trustworthy contact tracing tool with universal interoperability, that empowers people and communities to fight Coronavirus.
Our mission is to develop an open-source implementation for proprietary protocols (such as Apple & Google and BlueTrace backends) which addresses privacy concerns in terms of preservation of individual privacy, and integrates with all popular open-source protocols (such as DP-3T).
More than a million Australians have downloaded a coronavirus contact tracing app within hours of it being released by the government.
BBC - Apr 26 2020Bloomberg Philanthropies has committed $10.5 million, along with organizational support and technical assistance, to help build and execute this new program.
The Official Website Of New York State - Apr 22 2020On april 10th Apple and Google did something unusual: they announced plans to work together.
Their plan is to combine their assets to assist the tracking of the covid-19 pandemic.
The Economist - Apr 16 2020Extensive, aggressive and timely contact tracing is so far the only alternative to full lockdowns to control the spread of the SARS-CoV-2 virus causing the COVID-19 disease.
The Straits Times - Mar 20, 2020OpenCovidTrace has an open-source implementation of the Apple & Google Contact Tracing Cryptography protocol, but it is different in terms of Rolling Proximity Identifiers exchange.
Currently, access to background BLE advertisement on the iOS
platform is limited, this is why OpenCovidTrace uses the Bluetooth
connection for key exchange.
This is expected to change in the next iOS update, according
the documentation
In case it won’t, and it will not be possible to be fully interoperable with the Apple & Google protocol without using their API, OpenCovidTrace will use their API in the next released version of OpenCovidTrace.
Compared to Apple & Google’s solution, OpenCovidTrace is
open-source, hence, the community can verify privacy.
Also we provide GPS & QR-code based contacts and more information
about bluetooth contacts, such as: time, geo-position and distance,
not just ‘yes-’ or ‘no contact’.
The OpenCovidTrace app generates a 32-byte random
Private key
once installed on the user’s
phone. That Private key
will under no circumstances
leave the device.
Every 24 hours the app generates a so-called Daily
Tracing Key
using 16 bytes HKDF
sha-256 hash of the Private key
and day
number.
Those Daily Tracing Keys
will be shared to
the public server in case the user reports Covid-19
related symptoms. Of course at this point, the user’s
privacy is kept at all times.
Every 10 minutes the app generates a Rolling
Proximity Identifier
using the first 16 bytes of
the HMAC sha-256 hash of the Daily Tracing
Key
and daily time interval number.
That identifier broadcasts via the Bluetooth Low Energy
Service to other devices on which the OpenCovidTrace app
is used, as well as other apps that function based on
the Apple & Google Contact Tracing protocol
In case a user reports Covid-19 related symptoms, the app sends a message to the public server. This message will contain:
Daily Tracing Keys
from the past 14 days
For every user, the app regularly pulls new Daily Tracing Keys
of the user's who reported symptoms from the public server.
It sends a random rect (area
created based on the user’s movements and potential
contact places as explained above) and receives the new
infected Daily Tracing Keys
with the user’s
coordinates and representing potential points of contact
with infection.
The app searches for the locally stored
Rolling Proximity Identifiers
matching the infected
Daily Tracing Keys
.
If a match is found, the app sends the user notifies the user accordingly.
Original cryptography Apple & Google protocol specification can be found by this link
100% anonymous
Rolling identifiers - change every 10 min
Contact matching on your device. 100% anonymous.
Compared to Apple & Google’s protocol, DP-3T uses a different cryptography and different Rolling Proximity Identifiers exchange method, the same as in OpenCovidTrace’s implementation of the Apple & Google protocol.
The DP-3T Contact Tracing protocol has an open-source SDK for both iOS and Android platforms, and it will be implemented in the next OpenCovidTrace release.
Private key
.
Daily Key
using the sha-256 hash of the previous
Daily key
or Private key
for the first key.
EphID's
(so-called
Rolling Proximity Identifiers
) for each minute,
using AES CTR encryption of the 24*60*16 zeros-bytes data array
by HMAC("broadcast key" || DailyKey)
key
EphID
for the BLE contact exchange in the same way as described
in the Apple & Google protocol implementation above.
Daily keys
of the last 14 days
to the public server.
Daily Keys
of the users who reported symptoms from
the public server, generates 24*60 EphID's
for each Daily Key
and compares it to locally stored EphID's
.
The original DP-3T Contact Tracing protocol specification can be found by this link
BlueTrace is the protocol which was implemented by the government-sponsored mobile app in Singapore.
The Government of Singapore released its specification to the public, and it is one of the candidates to become a global contact-tracing standard.
However, it has various shortcomings when compared to Apple & Google and DP-3T approach, but OpenCovidTrace will add support for it for interoperability reasons in the next release.
The BlueTrace Contact Tracing protocol specification can be found by this link
We are in communication with COVID-19 medical labs and authorities like the WHO.
We are welcoming public health organizations wanting to brand and distribute our white-label app in different app stores.
Both Google and Apple restricted the distribution of COVID-19 related apps via their app stores, unless such applications are filed for release by public health organizations or governmental organizations.
Any professional advice is welcome and will be helpful. please, contact us at info@opencovidtrace.org.
We welcome governmental organizations and related organizations wanting to brand and distribute our white-label app in different app stores.
Both Google and Apple restricted the distribution of COVID-19 related apps via their app stores, unless such applications are filed for release by public health organizations or governmental organizations.
Any professional advice is welcome and will be helpful, please, contact us at info@opencovidtrace.org.