iOS 14 Beta 4 Enables Exposure Notification API, Virginia Rolls out First U.S. COVID-19 ENS App

Although Apple first enabled its new COVID-19 Exposure Notification API in iOS 13.5 back in May, the feature has actually been conspicuously missing from its iOS 14 betas, leaving those participating in the developer and public beta programs unable to take advantage of the COVID-19 exposure notification system (ENS) apps being deployed by various health authorities around the world.

While COVID-19 ENS apps are becoming increasingly popular in Europe, this hasn’t been a big problem for users in North America until just recently, with Canada rolling out its COVID Alert app late last month. Following the launch, Health Canada made it clear that iOS 14 Beta was not supported, with a link to Apple’s release notes and the suggestion that it might not be enabled until the fall when iOS 14 “moves out of Beta,” leading many public beta users to believe that they were out of luck.

While reverting to iOS 13 is of course always an option, it’s not an easy process since it involves restoring from an older backup that was made with iOS 13, so users would understandably be reluctant to do this unless they were having serious issues with iOS 14, and for most the lack of support from the ENS API wouldn’t constitute a serious issue.

Fortunately, however, with at least 20 U.S. states planning their own Apple-Google ENS COVID apps, Apple has obviously decided that it’s important to get the API up and running for all of those who are already using the iOS 14 betas, and with yesterday’s release of iOS 14 beta 4 to developers — and a public beta that could arrive as soon as today — the ENS API has now been fully enabled.

COVIDWISE

It’s a timely development, as Virginia also debuted the first U.S. Exposure Notification application, COVIDWISE, paving the way for other U.S. states to soon follow suit.

As the Virginia Department of Health explains, the new app uses the Apple-Google Exposure Notification System, which prohibits the use of location services or the collection of any personal information that isn’t strictly necessary. Like Canada’s COVID Alert app, only randomized and anonymous Bluetooth identifiers will be exchanged between mobile devices that are in close proximity to each other.

These identifiers are stored solely on each individual iPhone or Android phone that receives them, and never transmitted to any centralized servers. Instead, what happens is that when somebody receives a positive diagnosis for COVID-19, they have the option of sharing that diagnosis through the app, which will store their random ID — again, entirely anonymously — on a central server.

All devices simply check in on a regular basis to see if any of the IDs that they’ve stored locally match any of those that have been reported as positive tests, and if a match is found, the iPhone or Android smartphone generates an alert from the Exposure Notification API on the device itself. No other data is ever transmitted to the remote servers, and these are local notifications, like you would see for an alarm or calendar alert, not “push notifications” like you normally see for things like social media networks and email services.

The Virginia Department of Health offers some additional specifics about exactly how the app works:

“If someone reports to the app that they tested positive, the signals from their app will search for other app users who shared that signal. The BLE signals are date-stamped and the app estimates how close the two devices were based on signal strength. If the timeframe was at least 15 minutes and the estimated distance was within six feet, then the other user receives a notification of a possible exposure. No names! No location!”

Further, like COVID ENS apps in other countries, users will be required to enter a PIN issued by a public health agency in order to report a positive diagnosis, preventing users from mistakenly or maliciously reporting themselves positive when this hasn’t actually been confirmed by a medical professional.

Virginia was one of the first four U.S. states to publicly endorse the Apple-Google API, along with Oklahoma, Alabama, and South Carolina. However, a report earlier this week from Google suggested that a total of 20 U.S. states and territories are now on board. This number presumably includes these initial four, but it’s unclear who the other 16 are at this point. As of last month, North Dakota, South Dakota, Wyoming, Rhode Island, and Utah were still going in a totally different direction, while California, Colorado, Connecticut, Delaware, Georgia, Idaho, Indiana, Iowa, Louisiana, Maryland, Montana, New Hampshire, New Mexico, Tennessee, Texas, and Vermont have explicitly stated that they do not plan to build any kind of contact tracing or exposure notification apps at all. Of course, that still leaves half of the U.S. states unaccounted for, including significant COVID hotspots such as New York, Florida, and Arizona.

This week Google also announced improvements to the Exposure Notification API that it has developed with Apple, most significantly introducing the ability for the system to work across multiple regions and countries, and the Association of Public Health Laboratories will also be hosting a centralized reporting server for all U.S. states, which will allow exposure notifications to work across state boundaries.

This means that once COVID-19 ENS apps are available in multiple states, somebody in Virginia could be notified of a potential COVID-19 exposure even if the patient was diagnosed positive in another state such as South Carolina. Up until now, this hasn’t been possible, since each public health agency has had to run its own reporting server which only communicates with that specific agency’s COVID ENS app.