Categories
Blog Link

COVID Alert is now publicly available! [Links]

You can download the COVID Alert exposure notification app in Canada now! It’s available on the iOS App Store as well as the Google Play Store.

See more details of how it works and what it looks like in my older post when I started using the beta:

Categories
Blog Link

Here’s What Canada’s ‘COVID Alert’ app (beta) Looks Like

[UPDATE – July 31]: The app is now publicly available. Go get it!

On Wednesday, Health Canada finally released a beta (test) version of the Canadian ‘COVID Alert’ exposure notification app.

I have been waiting for a couple of months to finally be able to get this set up once Apple and Google announced they would be building exposure notifications in to their operating systems, and it’s finally here (if you are willing to jump through some hoops and help test it out).

Let’s take a look!

When you first launch the app, you’re given a bunch of info right off the top. You’ll also have to accept exchanging exposure tokens with other phones, as well as receipt of exposure notifications, and then standard iOS app notifications as well. Here’s what the setup screens look like:

Once you’ve got everything activated, there’s not a whole lot to do besides look at the menus and edit your information.

I was informed via email they will be testing what an ‘exposure’ looks like in the app over the next 2-4 days, so if that happens, I will definitely share that information!

There’s not much to the app to be honest (which is a good thing), but there is a little more information to go over.

In the meantime, here’s some information provided under ‘How it works’:

These exposure notification apps (one per country, by rule) are meant to be for public health reasons only, so they’re very minimal, and outside of use in conjunction with your doctor, you won’t really notice it on your phone.

The only information the app collects and is able to use is a set of randomly generated ‘codes’ from the phones of others you interact with, and your phone sends out a similar set of ‘codes’ to people around you. No private information is stored or sent anywhere, like location or your personal details.

If you test positive, your doctor will give you a one-time use code which you enter in to the app, and this (if you choose to do it) will notify anybody else who has the app that you were nearby them and may have exposed them to the virus, because their phone has stored your ‘code’ from while you were near each other.

It’s a pretty incredible, secure system, and I’m really eager to have it see wide use in Canada and around the world, on Android and on iOS, over the coming months and possibly years.

When I hear more about the public release, I will post updates here!

Categories
Blog Editorial

FaceTime Isn’t Broken

Update: Update is out. iOS 12.1.4 addresses this bug as well as another security issue that Apple found while auditing the code for FaceTime.

On Monday night (January 28), talk of a serious Group FaceTime bug hit the internet in a big way.

New in iOS 12: Group FaceTime

If a would-be attacker used a specific set of steps that were not typical for a regular FaceTime call, they could activate the call recipient’s microphone on their iPhone (or, presumably, iPad) without them answering the call. There was an extra privacy concern that if the recipient of the call declined the request, their camera was mistakenly activated as well, even if the phone looked like it was asleep.

There is no indication this bug was exploited maliciously, and it appears to have been reported to Apple at least a week and a half before the explosion of attention on January 28. Moving quickly once this story went public, Apple shut off Group FaceTime (a new feature that was introduced with iOS 12 this fall), effectively blocking this exploit from being used. In all, the bug was active for about 2-3 hours with a large audience, as Apple presumably scrambled to find a way to quickly fix it.

Immediately, Apple put out a press release saying that a permanent fix for this bug would be coming later this week, and shutting off Group FaceTime has mitigated the problems associated with the bug until the fix is released.

Unfortunately, because the news is effectively entertainment now, the following evening (Tuesday), local news, all the way up to late-night comedy shows, all talked breathlessly about the story, and at least from what I heard, none mentioned that the offending problem has been completely disabled until a proper fix is in place. In other words, the window when anybody at any scale could have been harmed by this was exceptionally small, only a few hours at most.

Now, though, the viral story of ‘Turn Off FaceTime’ will circulate for years, even though in my opinion it’s probably one of the very best ways for a group of Apple device users to communicate with audio/video, and even when the feature is fixed, there will be no news stories saying ‘You Can Turn FaceTime Back On Now’, even though after Monday evening, there was no need to turn it off.

There are a few big lessons I take away from this:

  1. Basically every news story is as well-researched as the one you know the intimate details about beforehand (not at all well-researched). Take them with a grain of salt.
  2. Every piece of software has bugs and flaws at some point in its development cycle. Obviously, big flashy bugs like this are a BIG deal, but it’s a reality of software that they will come up. The best thing you can do as a developer is to put systems in place to be able to deal with them quickly, and in my opinion, Apple’s ability to pull the plug on Group FaceTime without taking the entire system down is an example of good design.
  3. Don’t take your privacy for granted. People are going to see this story and turn off FaceTime because this was a huge privacy issue. However, I promise you that there are much bigger and more severe privacy violations going on at huge companies around the world right now, and because it is status quo, we all kind of just give them a pass. You should ‘audit’ the programs you use from time to time, and if you’re able, do some research on the privacy over-reaches of companies like Facebook. You’d be surprised the kinds of things they are caught doing on an ongoing basis, but it’s not a news story for some reason.

So, I didn’t turn FaceTime off, and unless something changes, I don’t think you need to either (if you didn’t already). If you’re paranoid about being watched/heard in your home, FaceTime is far from your biggest concern (this bug is no longer a risk as it stands today).

Humans are flawed, so it stands to reason that the software we create isn’t always perfect either. But writing off technology because of one viral news story is harmful to all of us, because the news can’t, and doesn’t, cover everything.

Please, don’t turn off FaceTime and vow never to trust it again because of this story. Your privacy is, and always will be, at risk, but that doesn’t make this particular piece of software the problem.