In response to the COVID-19 disease that has stormed the world since early 2020, many countries launched initiatives seeking to help contact tracing by leveraging the mobile devices people carry with them. The Federal Office of Public Health (FOPH) commissioned the effort for Switzerland, which resulted in the official SwissCovid application and infrastructure. This document retraces its history and the main contributions from the EPFL.
History
In cooperation with the FOPH, the Federal Office for Information Technology, Systems and Telecommunications (FOITT) led the project to research and develop a solution for Switzerland.
Research
With a major concern for this project being the privacy of its users, over 25 researchers from the Federal Institutes of Technology in Lausanne (EPFL) and Zurich (ETH Zurich), as well as other universities around the world, got together to develop a protocol, under the leadership of Prof. Carmela Troncoso. The main goal was to fulfill the technical requirements for aiding contact tracing, while at the same time minimizing the risk that governments obtain surveillance capabilities which will endanger civil society.
The fruit of this labor, known as DP-3T for Decentralized Privacy-Preserving Proximity Tracing, is an open protocol for COVID-19 proximity tracing using Bluetooth Low Energy functionality on mobile devices. Both scientists and the wider community thoroughly reviewed, analyzed and improved it. The first experiments towards SwissCovid used DP-3T, and as an open protocol, several other country-led initiatives adopted it for their developments.
The researchers worked and lobbied with Apple and Google to have DP-3T implemented on their platforms. As a result, in April 2020, both companies jointly released a specification for their privacy-preserving exposure notification system, known as GAEN. This system, largely based on an early version of DP-3T, became integrated in the companies’ respective operating systems, iOS and Android. The researchers continued to improve DP-3T, encouraging Apple and Google to incorporate their enhancements.
Implementation
The Swiss Company Ubique Innovation AG implemented SwissCovid on top of the GAEN framework, producing apps for the iOS and Android platforms, as well as the backend servers deployed by the FOITT. In addition to the mobile apps being downloadable from their respective app stores, the whole work is Open Source and is available and documented on GitHub.
Later work
DP-3T and GAEN, on which this document focuses, address the task of proximity tracing. Later studies showed the need to go wider by notifying all the people that shared a space with a positive person, known as presence tracing. A subset of the same researchers, still led by Prof. Carmela Troncoso, developed a separate protocol for this purpose called CrowdNotifier, again emphasizing strong privacy and data protection.
The C4DT contributed to this project by implementing the reference library, which shows the different parts and their interactions, and can be used as a basis for other apps. We also led and wrote the code for a pilot program at EPFL to deploy the system in some classrooms. This allowed us to test CrowdNotifier in a practical situation and evaluate its user-friendliness.
The SwissCovid app adopted the CrowdNotifier functionality, under the name “SwissCovid check-in”, starting with version 2.0.0.
The underlying machinery
The mechanisms behind DP-3T, along with its data protection features, are extensively documented on their web site, including a simplified 3-page brief.
The easiest explanation however is provided by this comic:
Challenges with GAEN
As mentioned above, Apple and Google integrated GAEN within their respective operating systems. In particular, on Android, it is part of the proprietary Google Mobile Services (GMS). This framework is a collection of applications and libraries, typically pre-installed on Android devices, which provide services such as push notifications, mapping, etc. Exposure Notification was added as an additional service, and applications access it through the exposed functions. This allows for a smooth experience for users, as the normal Android system update functionality handles the initial installation and the succesive updates. Furthermore, the code in GMS benefits from system privileges, allowing for a more direct interaction with the other parts of the Android system.
One serious limitation, however, is that its source code is proprietary to Google and is not publicly available (it is not part of AOSP – the Android Open Source Project). This prevents the community from examining what the code does and how, which brings an unfortunate obscurity over a feature that has raised many questions from the public due to privacy concerns. In addition, in order to legally install GMS on an Android device, manufacturers must obtain a license from Google. This leaves Android devices that run free systems (such as the common LineageOS), as well as some commercial manufacturers like Huawei (who are banned from working with US companies), unable to run apps that depend on GAEN.
An open alternative
In order to remedy this, the C4DT has been working with Prof. Mathias Payer’s HexHive lab since September 2020 on an open-source implementation of the underlying framework. The goal of the project was to provide a fully open implementation of SwissCovid.
Development
After analyzing the various ways to achieve this, the C4DT decided to collaborate on the open tracing framework API as part of microG. microG is a Free Software project, whose development started in 2015, dedicated to replacing all GMS functionalities with open-source code. Their approach aims to be a transparent reimplementation: all the function calls and parameters that applications use when communicating with GMS work as expected. (In technical terms, it is API-compatible.) Consequently, applications can run without modifications, as they are not even aware that they use microG instead of GMS. This property, as well as the maturity of the microG project in general, convinced us that this was the best approach to follow, as it minimizes the changes needed in the SwissCovid app itself. Additionally, unlike using a separate codebase, once the GAEN code is integrated into microG it does not require continuous maintenance on our end.
While collaborating on the reimplementation of GAEN, we focused on making the code easy to use and to integrate. Normally, microG needs to be installed system-wide on an Android device, separately from the applications that use it. Furthermore, in order to successfully replace GMS in the eyes of the apps, it requires a non-trivial setup. As we wished to make the installation of a non-GAEN SwissCovid as easy as possible for users, we worked on a client library in microG. With minimal changes, developers can bundle an application such as SwissCovid along with the relevant microG GAEN libraries. The result is a single app to install, without any other dependencies. To clearly distinguish our alternate work from the official SwissCovid app, we named our version LibreCHovid. We also included disclaimers at startup to avoid confusion with the official app.
Ensuring compatibility
We conducted extensive tests to validate the effectiveness and interoperability of LibreCHovid. First, we checked scenarios involving various combinations of devices running the standard SwissCovid app and our LibreCHovid, making sure that exposure notification was working across versions. This allowed us to uncover a bug in the backend implementation that was quickly fixed by the developers. We also analyzed in detail the Bluetooth traffic and its timings during advertisements and scans, ensuring it conforms to the GAEN specification. Finally, we monitored the behavior of the application in Doze Mode, employed by Android devices to reduce battery usage. This mode can affect applications running in the background, and its effect varies between device manufacturers. We checked both devices with an open system, and a Huawei device, and did not find significant issues.
Results
Since our work with microG is not specific to SwissCovid, other contact tracing apps have benefited from it, as illustrated by the release of Corona Contact Tracing Germany, a non-GAEN version of the German Corona Warn App, in early December 2020. The C4DT released the first version of LibreCHovid in May 2021. All the modifications to the DP-3T Android SDK and SwissCovid are available on GitHub.
Further information
SwissCovid information at FOPH
— Christian