About Covid-19 apps

There is much attention for the role of apps in fighting the Covid-19 pandemic. This website focuses on the role of such apps for contact- and source-tracing. The general idea is that apps on phones locally collect information about contacts with other people. Only when a particular person is found to be infected, their phone releases this contact information to health authorities, for the purpose of warning other people and for trying to find the source of the infection.

Problems with Bluetooth

This website describes a very simple privacy-friendly approach that is not based on Bluetooth. Almost all current approaches that try to be privacy-friendly are based on locally broadcasting short radio-messages via Bluetooth. It is not clear at all whether this approach adequately distinguishes relevant and non-relevant contacts. Also, its security and privacy guarantees and implications are problematic, certainly when adopted globally.

Avoiding Bluetooth

The alternative approach described here is based on actively scanning QR-codes, of people that you engage with and of spaces that you enter. In this way you build up a very precise trail, exclusively in your own app, consisting of random numbers only. At the same time it reminds you to maintain a safe distance in general. A key feature is thus that people actively engage with the technology and thus remain aware of the dangers. In contrast, Bluetooth-based approaches can lead to passive attitudes because people may (falsely) think that the technology protects them.


A research prototype zwaai app

Some details about how the system works are sketched below. A research prototype app has been developed, called zwaai (wave, in Dutch). It can be turned relatively easily into a professional app, since the whole approach is so simple. When a community emerges to elaborate this approach further, the team (at Radboud University's iHub) is happy to collaborate and contribute (including the existing software, as open source). The approach can then be tested and evaluated in field trials.

How it works (main lines)

A user of the zwaai app can establish links in two ways:

  1. In a personal meeting, where one person's phone scans a QR-code shown on the phone of others. In doing so two completely random numbers are exchanged between the phones. These randoms are stored locally, for a limited period, together with the time of the exchange.
  2. Upon entering a space, like a shop, work floor, train coupe or bus a QR-code is scanned. The zwaai app then connects to a server and exchanges random numbers, as before. Upon leaving the space, the zwaai user can check out on their phone. The check-out also happens automatically, after a certain period, or upon entering another space.

Health authorities can request an infected person to read the random numbers from their phone. The emitted numbers are published by the health autorities. Other apps regularly check these published numbers, and can warn their user about a possible contact with this infected person.

The health authorities publish subtly different information about spaces. They publish the numbers that a space, visited by an infected person, has emitted during that visit. In this way users of the zwaai app are warned that they have been at a space during a time period in which an infected person was also there.

More information

Are you interested to learn more about this approach, or do you wish to contribute to develop and evaluate a professional version of the zwaai app, please send an email to info@zwaai.app, with relevant details about yourself and the role that you wish to play.