The exposure-notifications-internals GitHub repository contains snippets of code that show how the Exposure Notifications API works inside the Google Play services layer. For an explanation of how the layers of the app work together, see the Architecture section of the API documentation.
For explanations of the code in the repository, start with the README.
To better understand the design decisions behind the Google Play services layer of the system, read the snippets and the rest of this page.
App allowlisting and permissions
Only app developers that are chosen by the government of each region or country can create Exposure Notifications-based apps for listing on Google Play. We work with those developers to ensure that the apps meet the requirements described in the Terms of Service before approving the apps for publishing on Google Play.
Additional requirements surrounding the specific permissions that are required, allowed, and disallowed are covered in the Google Play services section of the API documentation.
The Exposure Notifications framework collects telemetry data to verify that basic functionality is working and to provide an early warning signal about any technical issues. This data does not include any user-identifying information.
For more information on how the system's telemetry was designed, see Exposure Notifications telemetry design.