Keeping track of what you can't see

CoviTracker is a COVID-19 contact tracker application for both Android and iOS that respects your privacy.

About CoviTracker

CoviTracker is an open-source, 100% private and anonymous, GPS based, contact tracing application. It uses a sliding window of contact intersection timing to account for potentially contaminated surfaces and atmosphere.

CoviTracker was conceived during a Zoom social meeting on the evening of Friday, April 3 with development work starting on the morning of Saturday, April 4. As of yesterday, Friday, April 11, CoviTracker is about 80% complete. We are were aiming to submit the application to Google and Apple’s stores for review on Monday, April 13.

How It Works

CoviTracker is installed on the user’s smartphone just like any other native application. After prompting the user for permission to access their GPS and permission to send them push notifications, it is relegated to running innocuously in the background. Similar to a step tracker or health app, CoviTracker samples and saves the user’s GPS location on regular intervals. The data that is saved contains ZERO personally-identifying information (PII). A typical location record looks like: 

{
  latitude: 43.651070,
  longitude: -79.347015,
  timestamp: “2020-04-11T13:12:23.431Z”,
}

Approximately once every 6 hours, or 4x daily, the application connects to our database and retrieves the latest location records that have been voluntarily submitted by users who have tested positive for, or are suspected of, COVID-19. The application sends no data. The application compares the latest retrieved records to all the records the user has stored on their device and if two records compare for time and location, the application notifies the user.

Users, who have either tested positive for COVID-19, or believe they are positive after self-evaluating are encouraged to volunteer their 100% anonymous tracking records to our database for the benefit of all CoviTracker users. The following illustrates what such a record would look like: 

{
  latitude: 43.651070,
  longitude: -79.347015,
  timestamp: “2020-04-11T13:12:23.431Z”,
  status: “SUSPECTED”
}

In fact, it is identical to the previous example with just the addition of a status indicating whether the user has tested positive or self-evaluated as suspected.

Why Are We Shutting Down?

Yesterday, Friday, April 11, exactly one week after we started developing CoviTracker, Google and Apple announced their partnership to bring contact tracing to their respective platforms. Simply put, Google and Apple have infinitely greater resources and reach than the five volunteers that are working on CoviTracker. For contact tracing to be successful, there needs to be a single unified database of contact information. Unlike a commercial product, we do not believe that users will benefit from competing applications with segmented data stores of contacts and interactions. There is no value to public health and wellbeing if two users come into contact, but the contact cannot be resolved because each user has employed a different application.

We feel that while Google and Apple’s implementation is not as private as ours, their intentions are similar and their ability to attract users far exceeds ours.

Our Technological Solution vs Google/Apple

There are similarities and differences between our approach and that of Google/Apple. The most notable difference is the source of location data. We chose to use the device GPS whereas Google/Apple are opting for BlueTooth Low Energy (BLE).

CoviTracker

Our solution logs the physical locations on the user’s device. If it determines there was a potential contact, not only does it notify the user, but it also tells the user when and where the potential interaction happened. We believe that offering this location-based information is important for a number of reasons, not least of which is that the user can then know if anyone was with them. This is especially important if the user was travelling with young children that may not have smartphones of their own.

Pros

  • 100% private and anonymous: All contact rationalisation takes place on the user’s device. We do not process any locations, intersections of contacts, etc. Our servers have no real logic and just implement a remote database.
  • 100% open source: Anyone is free to review our entire codebase and verify for themselves what data we do and do not manage.
  • Voluntary sharing of information: Users who have tested positive are not required to upload their data.

Cons

  • Less accurate indoors: GPS signals can be weak or non-existent indoors or in the shadow of big buildings.
  • Increased risk of false positives: Our sliding time window algorithm is intended to account for users that have come into proximity within a few minutes of each other. While this is no guarantee of infection, as we learn more about the lifespan of airborne coronavirus droplets, it is of concern.
  • Voluntary sharing of information: Users who have tested positive are not required to upload their data. However, as Canadians, we believe strongly in the Canadian spirit and that at least in this country positive-testing users will be happy to volunteer their anonymous tracks to benefit their friends and neighbours.

Google/Apple

The following pros and cons are based on early and limited exposure to their proposed API and protocol.

Pros

  • Built into the OS
  • Single protocol shared by both major platform vendors
  • Works indoors

Cons

  • Lack of privacy: While Google/Apple claim that they will not receive PII, it is up to the application developers incorporating their APIs as to what additional information they choose to track and store.
  • Uses have to occupy the same space simultaneously: There is no accountability for someone potentially being infected from a previous person's sneeze or cough.
  • Will be around long after Coronavirus: The contact tracing APIs will be open to developers to use for other purposes leading to potential privacy risks in the future.
  • Does not work on older devices that do not support BLE: Many older smartphones do not support the newer standard for BlueTooth known as BLE, which the Google/Apple solution depends upon.

About the Team

Anirudh (Ani) Swaminathan - @simpleimpulse
(Senior Software Engineer)
Not only is Ani the developer behind the mobile applications but he is also our team member that came up with the method that would help ensure 100% privacy and anonymity.

Erika Maginn - @erikamaginn
(Senior Strategic Brand Leader)
Erika is a leading senior strategic brand leader that helped validate the initial idea and was instrumental in guiding the marketing language and direction.

Jake Edwards - @webdivelement
(Hack of All Trades)
Jake is the seasoned UX engineer responsible for the mapping and visualisations that appear in both the application and the CoviTracker website.

Lindsay Hutchison - @llarc
(User Experience Design Specialist)
As an expert in user experience design (UXD), Lindsay produced our wireframes and UX guidelines in record time.

Troy Forster - @tforster
(Consulting Technology Director)
Troy designed and implemented the scalable, serverless architecture that supports the mobile applications.

About TechSmarts

TechSmarts was started by Troy Forster in April of 2010 as a Tumblr blog whose primary purpose was to share breaking news related to software and development. It later morphed into a private Slack group where members discuss technical challenges within their organisations and projects. And, more recently, a core group of TechSmarts members have been collaborating on various open source and pro bono projects.

While CoviTracker will not be released, the positive experience the team took from the project will be directed into the re-re-rebirth of TechSmarts as a more formal incubator of positive social projects.

Contact Us

If you are interested in learning more about CoviTracker, or the team behind it, please reach out to:
Troy Forster, Consulting Technology Director
troy.forster@gmail.com
@tforster