(no title)

I might not understand methods to achieve privacy, but here are some thoughts. 1. The data could be stored more safely with something like Intel SGX, where only the application can access the data. In this scenario, the carrier (or healthcare worker), uploads the carrier’s path into SGX-based database. Then, individual users that are concerned about their risk could use the app to upload their location paths into the SGX-based system and learn if they are at risk as a simple yes/no. (I have never built an SGX application, so I might be mistaken on its abilities.) 2. I don’t think this is possible: “The solution is a ‘pull’ model where users can download encrypted location information about carriers” If the application is on my device, I can decompile it and get the decryption key or use other methods to dump the carriers’ location data to disk. 3. It seems that the user’s data is also stored on the device. This data is then at risk of being stolen by malicious applications. Instead, the location data can be encrypted with a public key that can only be decrypted on the SGX-protected servers.