Re: OMG, the privacy implications are apocalyptic...
The difference is the sender's phone sends the list of device IDs and dates it has met them to the central server and the central server sends this list to all phones because it doesn't itself have a list of device IDs. Finally the list is compared on each phone. Also, device IDs are regenerated each day.
So, unlike the NHS approach, the server doesn't know which phone has which device ID. This, coupled with daily device ID randomization limits the possibilities for tracking and deanonymisation.