covid19cz / erouska-android Goto Github PK

Our biggest crash at the moment. And specific to this one lenovo device. 🙂

Caused by java.lang.NullPointerException: Attempt to invoke interface method 'java.lang.String java.lang.CharSequence.toString()' on a null object reference
       at android.app.Notification$Builder.processLegacyText(Notification.java:3211)
       at android.app.Notification$Builder.access$1100(Notification.java:2009)
       at android.app.Notification$BigTextStyle.makeBigContentView(Notification.java:4139)
       at android.app.Notification$BigTextStyle.populateBigContentView(Notification.java:4177)
       at android.app.Notification$Style.buildStyled(Notification.java:3849)
       at android.app.Notification$Builder.build(Notification.java:3656)
       at androidx.core.app.NotificationCompatBuilder.buildInternal(NotificationCompatBuilder.java:355)
       at androidx.core.app.NotificationCompatBuilder.build(NotificationCompatBuilder.java:247)
       at androidx.core.app.NotificationCompat$Builder.build(NotificationCompat.java:1677)
       at cz.covid19cz.erouska.ui.notifications.CovidNotificationManager.postNotification(CovidNotificationManager.java:121)
       at cz.covid19cz.erouska.service.CovidService.createNotification(CovidService.java:229)
       at cz.covid19cz.erouska.service.CovidService.resume(CovidService.java:160)
       at cz.covid19cz.erouska.service.CovidService.start(CovidService.java:153)
       at cz.covid19cz.erouska.service.CovidService.onStartCommand(CovidService.java:127)
       at android.app.ActivityThread.handleServiceArgs(ActivityThread.java:3011)
       at android.app.ActivityThread.access$2200(ActivityThread.java:150)
       at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1442)
       at android.os.Handler.dispatchMessage(Handler.java:102)
       at android.os.Looper.loop(Looper.java:148)
       at android.app.ActivityThread.main(ActivityThread.java:5418)
       at java.lang.reflect.Method.invoke(Method.java)
       at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
       at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)

Drazí vývojáři, dovolili jste se zamyslet nad objemem potřebných dat? Pokud se oficiálně přenáší jen MAC adresa bluetooth, je to 8 bajtíků. To máme 100.000 nakažených uživatelů e-roušky, že si to za den stáhne mego dat? Zamyslete se i nad tím co děláte, nejen nad tím proč to děláte. Opravdu, takhle se v reálu neprogramuje, s takovým přístupem by brzo došly výpočetní prostředky a o neefektivitě programování posledních 25 let (ano, od většího rozšíření Windows), kdy se výkon počítače jako uživatelského celku relativně snižuje rychleji než jde výkon procesorů nahoru díky špatnému programování aplikací (ano, dřív bylo všechno rychlejší), bych mohl už začít psát knihy.

Použijte rozdílovou synchronizaci pomocí RSYNC, místo XML nebo JSON struktury (nezkoumal jsem co používáte ani co přenášíte, ale objem dat na to vypadá), použijte přímo binární data. Nadefinujte si strukturované datové pole jak se to dělá v C jazyku, to co používáte to bude umět určitě taky.

http://jazykc.inf.upol.cz/strukturovane-datove-typy/index.htm

typedef struct {
unsigned int Den = 0; // od 1.1.2020, to máme 65536 dní celkem, to by mohlo stačit
byte Stav = 1; // 0 vyléčený, 1 nakažený, 2 v karanténě ...
byte BluetoothMAC [8]; // inicializujte si to pole
} koronaci;
koronaci koronak[];

No a celou tuhle proměnnou pak vysypete jako soubor, který se bude synchronizovat pomocí toho zmíněného RSYNC protokolu. Ten upravte, protože defaultně používá příliš velké bloky dat tak, aby byly v korelaci s velikostí jedné položky (v tomto konkrétním případě je to 11B). Checksum malého datového bloku může být i 1 bajt (jste programátoři, neskládáte LEGO, poradíte si) a komunikace bude tak velmi úsporná. A že to nepůjde přečíst v textovém editoru? No o to mám přece nejde, jde nám přece o to, aby aplikace byla funkční a úsporná, ne aby šlo jednoduše bádat nad daty.

I had no idea that badge dot on eRouška Home icon in bottom_nav has any meaning and obviously, that it should be green...:

if (isRunning && passesRequirements()) R.color.green else R.color.red

Which is not my case:

Android 8.0.0, patch security level July 1. 2020
Model: SM-G935F
eRouška and Google services versions as per above screenshots.

Please indicate and document (in app and on website) what requirements must be fulfilled and that this can mean an error + what kind of issues can one expect..

Thank you

Testuju na

Samsung SM-A202F

Android Studio 3.6.1
Build #AI-192.7142.36.36.6241897, built on February 27, 2020
Runtime version: 1.8.0_212-release-1586-b04 amd64
VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o
Windows 10 10.0
GC: ParNew, ConcurrentMarkSweep
Memory: 1246M
Cores: 4
Registry: ide.new.welcome.screen.force=true
Non-Bundled Plugins: com.widerwille.afterglow

Jak jsem postupoval

Nainstaloval jsem - ok
Spustil jsem - ok
Aniz bych zadaval svoje tel cislo, stiskl jsem tlacitko registrovat --> objevilo se varovani
Zadaval jsem telefoni cislo --> varovani nezmizelo

Jak bych si to predstavoval?

Varovani zmizi jakmile uzivatel zacne opravovat nebo zadavat nove cislo

The app consumes excessive battery. Tracking is enabled in both Mapy.cz and erouska. It's apparent that Mapy.cz (that's using GPS) either does some optimization or there is something wrong with the way how erouska manages it's resources.

Xiaomi Redmi 4x, Android 7.1.2, MIUI 11.0.2

Two different scenarios:
After a trip (~3hrs):

After sitting on a table for 2hrs:

Until a pan-European deal exists to share DBs of lists of infected ppl among countries so that eRouška2 can trigger an alert if it finds captured beacons of German Corona-Warn users etc. is there a possibility to make bilateral agreements on daily exchange of this data between e.g. Czech backend db and German backend db? Would it be GDPR and privacy-wise compliant without further explicit acceptance by all users?
Could Czech app accept another type of COVID-positive test code e.g. from Germany?

Probably this study help to improve this project :)

https://medium.com/@frankvolkel/tracetogether-under-the-hood-7d5e509aeb5d

Are plans to implement crypt and temporary (anonymous) uid?

After disabling of Bluetooth, notification pops up. But Bluetooth notification from eRouska is still there even if I reactivate Bluetooth. Probably related to #146

Step to reproduce:

1. enable Bluetooth
2. install and register eRouska
3. check it's running in eRouska dashboard
4. disable Blueooth
5. eRouska notification about disabled Bluetooth pops up
6. reenable Bluetooth
7. eRouska notification is still there
8. restarting phone "fixies" problem

I consider myself a "bit more" skilled then an average user and still it took me quite some time to set up the phone so the application stays running and logging. For example my girlfriend didn't manage that and I see her phone in my log only if she opens the app and some time after that.
Normal user will not go in the configuration and set anything at most he will be willing to tap that your app is allowed to set thus.
Thus.. I think the usability of the application is really doubtful if you consider that the average user will not be visible most of the time (I suppose normal people will just install and forget).

Is there a plan to implement Google Exposure Notification API, similar to apple exposure notification, that seems to be already in works?
https://developers.google.com/android/exposure-notifications/exposure-notifications-api

There is text inside the app which still appears to be only in Czech language and probably should be translated to english (and any other language the app supports), relatedly some links link to Czech version of relevant websites when they have English versions and users should probably be directed there instead when the app in English.

My data screen

Many sections of the Help screen

Links from the Contacts screen

It happened on sunday when my battery dropped under 15% and system activated a battery saver. When the screen was locked I was receiving new notification to stop the battery saver every few minutes.

Android 9, Nokia 8

Please, add ptbr on languages supported at https://covid19cz.oneskyapp.com/collaboration/project?id=359388

Will be the app available somewhere without need of google?

https://f-droid.org/

When my phone turns on the battery saver (battery going low), whenever I start interacting with phone (lock screen, unlock), it starts to spam the notification about the "erouska doesn't work with battery saver", and makes my phone vibrate way too often.

Phone: Moto G7 Plus

Hello,
From various sources I understood that notification of "covid contact" contains only date of contact. Not even approximate time. In API must be some timestamps. I am a bit aware that it will make more panic than neccessary and makes bad ad for the app. Typical use case. You go by public transport to work, you go somewhere for lunch, after work you go shopping than you go to fitness and have some bier with friend during evening. You get ALERT about that day (some days later) and what? Was it in work, public transportation, in shopping center, fitness or restaurant? If you know exact (or at least approx.) time you can remember that you stood in quee in shopping center all people had masks and social distance was fair enough, it might not be so bad. Or it was in restaurant, you ask friend if he has issue, if not, maybe someone who was easting at next table. Anyway if your contact was in the evening you don´t need to call people who met during morning. I hope you understand what I mean.

I use my phone in landscape by default. When first run the app is in portrait. It would be nice if it could work in landscape too stright away. After setting the app and restarting, it goes to landscape.

I was using eRouška on my old phone. Now the old phone is broken and I bought the new one.
I cannot activate eRouška on the new phone.
When I enter the SMS verification code (which is delivered to the new phone), the application show message that my phone number is already used on another device and I cannot reuse it once again.

Are Google apps essential for eRouska? I tried to run it on Lineage Os. Besides eRouška I don't know any application which can't run without GApps (yes, google maps) even Waze can, so why eRouška? Yes, I miss notification with Mattermost, but it can run and work.

Thanks for the app!

As there are people living in (and visiting) the Czech Republic who feel more comfortable while using different languages, it would be nice to have the app and store description multilingual to grow the userbase.

We would be happy to host the translations on https://weblate.org for free as we do for all libre projects. The community on https://hosted.weblate.org/ is open and very friendly, and the translations would be ready very soon.

Also, checks and other features will ensure quality. Strings propagation with the iOS version is for sure to reduce the needed amount of translators’ work. Tight integration saves the time of the developers.

The battery drain is relatively severe and 99% of the time it doesn't make sense to have the app running while home (where most of the people are most of the time, these days).

Would it be possible to check e.g. every 5 minutes if mobile is connected to "home wifi" and only activate if not? I realize it may be niche use, so maybe this could get hidden in the advanced settings somewhere...

Menu item that opens a screen where a user can report a positive test has an unintuitive label "Send data" ("Odeslat data" in Czech version).

I would suggest "Report positive test" ("Oznámit pozitivní test") which is IMHO more straightforward.

To make the app more battery friendly (#148, …) it might be helpful to be able to declare safe zones where tracing is off and the app consumes no extra power.

There may be several ways to detect what a safe zone is:

• location
• known WiFI
• known BT devices
• audio/notifications profile

Supporting all of these seems unnecessarily complicated so perhaps it's best to leave it to existing automation tools (Tasker, Automate, Locale, Bixby Routines, …). Integration with the first three is achieved via plugins (more info). Bixby Routines doesn't seem to be as extensible, but it can invoke App Shortcuts:

I think it's quite likely that Tasker/Automate/Locale can also invoke App Shortcuts so I'd start by adding these: one to disable tracking and another to enable it. Then we can test this in the wild and see if it does the job and see what interesting use cases the users come up with.

Oh and we'll get this for free: the possibility of putting on/off buttons on home screen. :-)

Right now we download ZIPs only on-demand. It should work periodically on background. Use WorkManager for scheduling and running this background work. Everytime the job runs, download ZIPs and send them to Exposure Notifications API for analysis.

The conditions for triggering background job:

• device must be connected to the network (any)
• run every 6 hours, approximately. It doesn't matter if it's postponed a bit due to device sleeping. This number (=6 hours) should be configured via Remote Config

Add some log when the job run to the sandbox screens so testers can verify it works.

Prosim implementujte sledovani odkud clovek prijizdi ze zahranici, karanteni opatreni pro lidi co prijizdeji ze Saska (25 pripadu / 100k) nebo Durynska (21 pripadu / 100k) jsou po prijezdu do CR (19 pripadu / 100k). Na druhou stranu by bylo dobre vedet ktery clovek se nachazel v nejakem znamem hotspotu. Hranice vecne zavrene byt nemuzou a kamionaci stejne jezdi, takze i ty je potreba sledovat.

Hi,
I use a Xiaomi Mi Band 2 with Mi Fit and Mi Band Tools on my Samsung Galaxy A70. Once I installed erouska the Mi Fit can't attach to the Mi Band. If I clear all data of the bluetooth application the band starts working again (I can't tell if at this moment erouska is working I was not in vicinity of any other phone with erouska app), but after some while it gets broken again.

I didn't inspect the code handling the BLE, but are you sure you don't mess any other config you don't need?

Hi!
I wanted to join your slack but I encountered two issues.

The link is pointing to the wrong URL - https://github.com/covid19cz/erouska-android/blob/develop/covid19cz.slack.com

I would send you a PR but I am not sure if the right link (assuming its https://covid19cz.slack.com) is correct.
On the correct link, I am not able to sign in. You can reproduce this error with the following step:

• click Continue with Google button
• select google account
• Sorry, you entered an incorrect email address or password. error occurs
  

If you activate your phone number on your phone, then uninstall the app and afterwards install it and try to use it again, it will not allow you to activate your phone number and you can not use the app.

Testuju na

Samsung SM-A202F

Android Studio 3.6.1
Build #AI-192.7142.36.36.6241897, built on February 27, 2020
Runtime version: 1.8.0_212-release-1586-b04 amd64
VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o
Windows 10 10.0
GC: ParNew, ConcurrentMarkSweep
Memory: 1246M
Cores: 4
Registry: ide.new.welcome.screen.force=true
Non-Bundled Plugins: com.widerwille.afterglow

Co bych chtel

Chtel bych mit moznost deaktivovat svoje telefonni cislo ze sluzby.

Dodatek

Je neprijemne, ze se ted moje cislo nekde vali a ja nevim koho kontaktovat aby moje cislo ze seznamu odstanil. Zavani mi to problemy s GDPR. Bude to resit hodne uzivatelu az se vsichni vyleci a nebude jiz aplikace potreba ... kez by to bylo brzy ;)

Ahoj, nemám přístup k úpravě textů, proto reportuji takto. V aplikaci v okně Nápověda (O aplikaci) navrhuji následující úpravy:

"váš telefon automaticky vypíná některé ..." - správně by měla věta začínat velkým písmenem, jako ostatní odstavce

"na celostátní telefonní lince: 1212 nebo webu Ministerstva zdravotnictví ČR - https://koronavirus.mzcr.cz" - navrhuji odstranit dvojtečku a pomlčku

"Další uživatelé se ani nedozví kdy a kde přišli" - před "kdy a kde" by měla být čárka

"i přes to má jejich použití smysl" - velké I na začátku věty

"ID eRoušky lze spojit pouze s konkrétním zařízením a telefonním číslem uživatele. a to pouze u těch ID ..." - čárka namísto tečky, resp. doporučuji celou větu upravit, aby bylo zřejmé, kdo může spárovat ID a tel. číslo: "ID eRoušky může s konkrétním telefonním číslem uživatele spojit pouze pracovník hygienické stanice, a to pouze u těch ID ...".

Následující větu "Do systému se přihlašují pomocí osobního (...) a hesla." lze vypustit, zkrátí to text, pro běžného uživatele irelevantní až matoucí.

"Aplikace žádná data sama nikam neodesílá." doporučuji změnit (de facto ani není pravda, např. při registraci...): "Aplikace nasbíraná data odešle hygienické stanici pouze až na vaši žádost."

"v souladu se Zákonem o ochraně osobních údajů a GDPR" - zákon byl zrušen, správně má být "v souladu se Zákonem o zpracování osobních údajů č. 110/2019 Sb. a GDPR"

"v Zásadách ochrany soukromí aplikace a webu eRouška" - asi má být "na webu eRouška"

"Ano. v aplikaci je možné" - velké písmeno na začátku věty "V aplikaci"

Ještě k záložce kontakty: zde je "nebo vás zajímá jak funguje?" - chybí čárka před ", jak funguje?". Do kontaktů bych doporučil přidat i odkaz na "Zásady zpracování osobních údajů", které budou směřovat na adresu erouska.cz/gdpr, patřičnou stránku s informací o zpracovávaných odkazech, právech uživatele a s kontaktem na DPO aj. připravit. Použití /gdpr je zvykem, uvedení těchto údajů je povinné.

Right now we are downloading just one ZIP file with keys. It needs to be modified this way:

Remember last downloaded file into SharedPreferences.

Each download first downloads this index file:
https://storage.googleapis.com/exposure-notification-export-ejjud//index.txt

Download only files after last downloaded file. If it's a first download, download everything.

After the download, return a list of all unzipped files from the download (not from previous downloads).

In the code, modify this method: ExposureRepository#downloadKeyExport().

You can test it from SandboxFragment screen.

On Slovak Android the fallback language seems to be English, however for Slovaks living in Czechia it would be more meaningful to have the app in Czech.

So if the app is Czech and English language only, the logic should be:

1. Czech Android -> Czech eRouška2
2. Slovak Android -> fallback to Czech eRouška2
3. English Android -> English eRouška2
4. any other language version of Android -> fallback to English eRouška2

• Option to manually force another language would be useful.

Probably doesn't send veryfications to internatiol numbers. I tried with my Chilean (+56), never received verification SMS. Probably should at least notify it's not sending to international numbers. Might try to debug that further..

BetterBatteryStats version: 2.5-341
Creation Date: 2020-04-14 13:29:06
Statistic Type: Unplugged to Current
Since 19 h 22 m 17 s
MODEL: MI 9
OS.VERSION: 4.14.117-perf-gbf4e3c0
Level lost [%]: Bat.: -72%(100% to 28%) [3,7%/h]
Voltage lost [mV]: (4344-3682) [34,2%/h]
Deep Sleep (): 2 s 0,0%
Awake (Screen Off) (): 17 h 34 m 48 s 90,8%
Screen On (): 1 h 47 m 27 s 9,2%

Wakelocks
cz.covid19cz.erouska:LOCK (cz.covid19cz.erouska.eRouška): 15 h 37 m 25 s Count:5 80,7%

Processes
cz.covid19cz.erouska (cz.covid19cz.erouska.eRouška): Uid: 10454 Sys: 10 m 29 s Us: 33 m 43 s Starts: 6
wakelock (cz.covid19cz.erouska.eRouška): Uid: 10454 Sys: 27 s Us: 33 s Starts: 0

Network
10454 (Wifi) (cz.covid19cz.erouska.eRouška): 26.0 KBytes 0,0%

...at least i believe so.

why not just keep an updated public database of anonymized ids? the central server already exists. all the processing could then be done on the client and if a record from the public db is in my local "ids seen" db, a warning with "call the doctors immediately" should pop up.

bam! that's it. no phone number registration needed, no sending all my collected data. privacy first (this time for real)! ;-)

if this is not possible for some reason, please also add the answer to the faq. thanks!

Testuju na

Samsung SM-A202F

Android Studio 3.6.1
Build #AI-192.7142.36.36.6241897, built on February 27, 2020
Runtime version: 1.8.0_212-release-1586-b04 amd64
VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o
Windows 10 10.0
GC: ParNew, ConcurrentMarkSweep
Memory: 1246M
Cores: 4
Registry: ide.new.welcome.screen.force=true
Non-Bundled Plugins: com.widerwille.afterglow

Verze aplikace 0.6.92

V bodech

• Registracni formular se mi libi az na bug #15
• Po registraci a opetovnem prihlaseni bych se chtel dostat na rozcestnik, ktery:
  • Bude mit minimalne v titulku informaci ze jsem v aplikaci eRouska, lepe bude mit hlavicku s logem (ktere se Vam povedlo ;))
  • Ukaze mi stav - Sledovani je aktivni na mem telefonnim cisle XYZ, pri vysilacim vykonu XYZ
  • Da mi moznost sluzbu aktivovat/deaktivovat
  • Da mi moznost se podivat do databaze/Exportovat
  • Ukaze mi dodatecne informace
    • Zopakuje telefonni cislo 1212
    • ...
  • Da mi moznost se odhlasit ze sluzby
  • Bonus
    • Ukaze mi pocet ulovenych zarizeni - gamifikace?
    • Ukaze mi pocet zarizeni v okoli prave ted
    • Ukaze mi kolik lidi si jiz aplikaci nainstalovalo abych v tom nebyl sam
    • Ukaze mi stav COVID-19 v CR
    • ...

The number of performed tests in the "Actual" tab is one day behind the number of confirmed positives. App shows the data exactly from https://onemocneni-aktualne.mzcr.cz/covid-19

In this case 14785 tests were performed on 19.9. but 985 confirmed cases on 20.9. But app assigns both numbers to "yesterday" - 20.9.

This leads to a misinterpretation of the proportion of tests performed and cases confirmed per day.

If one wants the app to be available to the widest circle of users, one should not restrict it to big brother's services. Lots of users have degoogled phones and you loose the good will of those. On top of that, collect PII and use privacy invading corporation's services?

Please try better next time, without proprietary nonsense that is GCM/Firebase.

I do not buy your explanations in other threads. You just went with a path of least resistance, to hell with privacy and users outside of reach of data miner corp. You are thus complacent in privacy shrinkage and are empowering evil corporation, enabling it.

After the confirmation sms is sent, it gets copy pasted to the app automatically. But I had to enter my phone number manually. I would expect the app to get it on its own. My phone is a dual-SIM with one physical SIM and one eSIM - not sure if that is realted. I would expect the app to let me choose which nubmer to use or to enter a different number in case I use two phones or something.

Hello.

Would it be possible to lower minSdkVersion back to 21?

According to Google [1], Exposure Notifications API may work on some phones with Android 5:

For your app to work on all devices, set your minSdkVersion to version 6.0 (API level 23) or higher. The framework works on some devices as low as version 5.0 (API level 21), so using this version is an option to increase the number of devices eligible. If you decide to set the minSdkVersion to API level 21, you should test your app on the most popular Android 5.0 devices in your country to ensure that your app works as intended.

[1] https://developers.google.com/android/exposure-notifications/exposure-notifications-api

Unless there are other technical reasons,
I would prefer some disclaimer for phones with this version instead of forbidding them.

I've tried to modify the app myself for my Sony Xperia Z1 Compact with Android 5.1.1;
I was able to spawn it, but the API rejected my signature of the app:

I/ExposureNotification( 2439): Utils#isSupported enabled=true [CONTEXT service_id=236 ]
I/ExposureNotification( 2439): Utils#isBluetoothSupported requireMultiAdvertisement=false [CONTEXT service_id=236 ]
I/ExposureNotification( 2439): isDeviceSupported=true, isBluetoothSupported=true, BluetoothAdapter.isMultipleAdvertisementSupported=false [CONTEXT service_id=236 ]
I/ExposureNotification( 2439): Denied cz.covid19cz.erouska.dev:9E0D7AF6DC00CD39E92394DD154BC2644D17B82AC216C529ABC22EFC56437050: not on whitelist [CONTEXT service_id=236 ]
W/ExposureNotification( 2439): Reject the api access due to the caller is not whitelisted [CONTEXT service_id=236 ]

Thanks for your work.

After entering my phone number and pressing continue I got a message: "eRouska DEV won't run without Google Play services." and application doesn't seem to do anything.
Is such a dependency necessary?

(Trello link does not work)

Since this app is clearly open source with a MIT (?) license it would be nice to supply packages also to F-Droid.

Spousta lidí má čistý AOSP bez Google Services (např. LineageOS). Bylo by celkem užitečné, kdyby aplikaci šlo na takovém systému spustit.

Hi,
I'd like to ask for clarification for how the data upload and matching process works.

When I first open the app, I'm supposed to enter my phone number, which is then uploaded to the backend database to allow local services to contact me if deemed necessary. In the FAQ, you say that on the backend, the health workers are able to get the phone number for any ID uploaded from the device of somone who tested positive for COVID-19. How is this matching done? You say that all interaction data are only stored locally, but the backend matching implies that all my generated IDs are uploaded, which I'd consider a major privacy violation.

Questions:

1. Are the user's generated temporary IDs uploaded to the backend during normal use, and associated with his phone number?
2. When someone uploads his contact data, how does the backend determine phone numbers of the people he came in contact with?
3. If someone had access to the backend (hacker/government officials), could he read phone numbers of people around him based on the IDs received from his surroundings using Bluetooth?

Thanks in advance for clarification.

Hi,

Thanks for working on this and making it public. Given that every country would benefit from a variant of this application, it would be great to create an international community around this project.

I haven't found any references to a license in this repository. Could you please clarify which one covers the source code on it?

Thanks and please keep up the good work.

Transmitted user ID, actually transmitted over Bluetooth, each BUID gets about 100 TUIDs after registration, client picks a different one every hour or so, privacy measure to prevent tracking individual device/user, 10 bytes

What happen when all 100 TUID's will be exhausted? Start reusing old ones or will somehow ask server for new range. Or re-register?

You call about privacy first. So why you collect data about user's phone such as Mode/Manufacture ? That could be really good big data and could be sold to some statistics company for who those data are important in marketing.

Please provide English description in Google Play. While I understand the primary language is Czech, when no English is provided, Google Play offers machine translation that produces pearls like: "You should also help to increase the number of infected coronaviruses." (for "Přispějte i vy k tomu, aby nakažených koronavirem přibývalo méně."). The text can be seen here: https://play.google.com/store/apps/details?id=cz.covid19cz.erouska&hl=en, after you press the "Translate" button.

Similarly, in the Google Play app, in the "About this app" section, there is: "Thanks to eRouche you will protect yourself and others in your area.". I don't know if this machine translation, but "rouche" - even if somewhat related (https://en.wiktionary.org/wiki/rouche) does not sound right. :)

The strings don't seem to be present in this repo - or at least I have not found them, so no pull request is possible.

Battery saver notification appears even after battery saver was turned off.

What I did:

1. phone had a low battery and went into battery saver mode
2. notification appeared (also see #145)
3. I put the phone on the charger and left it alone
4. came back when phone was charged, and battery saver has turned automatically off
5. notification stayed

I tried:

1. disabling and enabling erouska again (with the in-app button)
2. enabling and disabling the battery saver again (notification appears again, and stays there even after disabling)

erouska still thinks that the battery saver is on anyway

As eRouška uses Bluetooth as proximity sensor, all security flaws for Bluetooth on Android should be seriously evaluated and actions to ensure user security taken.

A lot of Android devices don't get any update even two years after device release and many people use quite old phone. E.g. my current phone has latest google security patch from October 5, 2017.

User should be informed that his device is missing security patches.

In last 3 years there were quite serious bugs:
BlueBorne
BlueFrag

Both can lead to silent execution of arbitrary code by attacker on users device.
There are probably more bugs patched in last years, those are just that I'm awere of.

Why is the location service of system used as a condition for entire service to run?

• Condition CovidService.kt
• Change listener LocationStateReceiver.kt

If the service is suppose to be privacy focused GPS shoudn't be a condition to have the application operational. Beside privacy the GPS radio is generally a battery killer.

It has been pointed out in google play review by Igor Khavkine