minvws / nl-covid19-notification-app-android Goto Github PK
View Code? Open in Web Editor NEWAndroid sources for the Dutch Covid19 Notification App
License: European Union Public License 1.2
Android sources for the Dutch Covid19 Notification App
License: European Union Public License 1.2
Currently it is unclear what a notification of the app will look like. There is also no clear button to view the notification history.
Add in the "About the app" a section "Notification sample" combined with a screenshot of an actual notification.
Add at the "app home" a button to view the "Notification history". This will take you to an overview of all the (past) notifications.
Smartphone
Since it is not likely a lot of users will ever see the notification (hopefully). A screenshot of an actual notification might be useful for some users. At least I am curious what it will look like.
Since it might be easy to accidentally swipe a notification away an history containing all the past notifications might be useful. (Maybe even checkboxes "Requested test" and/or "Got tested".)
In the google play store there is no mention of the tag "blootstellingsmeldingen".
On a supported android phone set to the dutch language:
This will lead to the following page: https://support.google.com/android/answer/9888358?hl=nl (dutch)
Under the section "Wat u nodig heeft om aan de slag te gaan" we have the following text:
Als er een app beschikbaar is in uw regio, kunt u deze downloaden via de Play Store. Zoek naar 'blootstellingsmeldingen' of naar de naam van de app.
Smartphone
According to google you should search for "blootstellingsmeldingen" in the play store. However doing this does leads to the following page:
This might be because there is no mention of "blootstellingsmeldingen" on the play store listing of the app at https://play.google.com/store/apps/details?id=nl.rijksoverheid.en
It might be an idea to add this tag somehow. (Maybe even a screenshot of the "COVID-19 Exposure Notifications" open with the "CoronaMelder" logo.
Nothing happens when I press the "Turn on app" button. I'm on MIUI 1.0.7 on a Xiaomi Redmi Note 8.
Any other info I can share?
Apparently I've been close to someone, but the app literally failed to warn me. The German "Corona Contact Tracing Germany" app warned me correctly though.
Steps to reproduce the behavior:
The Dutch app should warn me when there is an increased risk.
Smartphone (please complete the following information):
I have never gotten any alert from the Dutch app in multiple years of usage. I contributed this to my careful behaviour. However, given I only installed the German app 7 days ago and already got a warning I now worry the Dutch app has been silently failing consistently...
CCTG noted that it was last updated today at 13:25 when it showed the risk, so I waited until the Dutch app showed "Last checked on March 7, 14:11" before reporting this issue (screenshot taken earlier). Given I was in the Netherlands on March 4th (the date CCTG warned me for), I would expect this to be waiting long enough.
Issue:
It is not (clearly) obvious how to temporarily disable the app, without completely deleting it from your phone. Via phone settings you can deactivate "blootstellingsmeldingen".
Proposal:
It would be nice to use the "check" button in the app to mute the app for a while.
Investigate if the app can meet the inclusion criteria to be build, distributed and installed via the F-Droid app store, see https://gitlab.com/fdroid/rfp/-/issues/1441 For starters, see the question on the Exposure API.
A few days ago I had contact with a person that later received a positive corona test result.
How ever I did not receive an Android notification.
When I opened the app I did get a High Risk exposure message.
Steps to reproduce the behavior:
I would have expected to receive a notification about the High Risk exposure
--
Smartphone (please complete the following information):
Having a custom rom might have something to do with it, however all other notifications are working properly so do not suspect this to be the issue.
As discussed previously in general at minvws/nl-covid19-notification-app-coordination#6, while it is great that the provenance chain has been audited (https://github.com/minvws/nl-covid19-notification-app-provenance), an even stronger verification that no-where in the (technical) process a step was compromised would be to use Reproducible Builds to allow all citizens to independently verify that the published binaries in the play store are actually consistent with the tagged source code.
Personally I'm not an Android developer, so I hope to learn from others in this thread.
The steps to check reproducibility are generally:
I can build the code with ./gradlew bundleRelease
(after generating a keystore and correctly setting KEYSTORE_KEY_ALIAS
, KEYSTORE_KEY_PASSWORD
and KEYSTORE_PASSWORD
environment variables). This produces a app/build/outputs/bundle/prodRelease/covid-notificatie-v1.0.0-1-prod-release.aab , but I'm not sure yet if that's the right starting point and how to compare that to the packages from the play store.
I can understand if this is not the main focus of the VWS team right now, but I hope this issue might at least be a good place for contributors to share their knowledge and findings.
It would be great if we could come up with the steps needed to independently validate the published packages correspond to the published source code. Of course it's only one link in the chain, but an important one!
This app is explained to be open source. To ensure there are no hidden gems, people should be able to compile it themselves.
For this a good amount of capability may be assumed, but it should be possible with the code and documentation.
Though I admit my capabilities may simply be lacking, I have tried to review the code of this Android App, and I cannot find the correct configuration for sending data to the actual server.
Currently build.gradle points to things like localhost, but I do not see the required configuration for actuall pointing to the real backend.
I hope this request makes sense, if there is additional information required to build and use the app please add this as well.
When the app hasn't been able to check for 24 hours, a notification is given. Clicking the notification brings you into the app with a warning that the app hasn't been able to check for infections for over 24 hours. Clicking the retry button instantly changes the app state back to a green checkmark with "The app is active", but after 24 hours the same error appears.
This incorrect switching to a "success" state gives a false sense of security and severely complicates troubleshooting this situation.
E.g.
Steps to reproduce the behavior:
Retrying should cause the same "couldn't check for 24 hours" error to pop up, as the check clearly hasn't succeeded in 24 hours.
Impossible, app blocks creating screenshots (why? what security issue is this supposed to solve? there is no private info on the main screen of the app...)
Smartphone (please complete the following information):
This issue started appearing when I went to another network with a rather aggressive adblocker on it, so I assume my actual issue is some web URL being blocked. A list of URLs the app needs to access would be very helpful in letting me ensure my own safety, but the false reporting of the app (stating it is running successfully when it isn't) is a much more scary issue.
To prevent mitm-attacks on the https-api.
https://square.github.io/okhttp/3.x/okhttp/okhttp3/CertificatePinner.html
Due to privacy concerns, I don't have Google Play Services installed on my Android 10 phone. For a long time, I've been running microg instead (see: https://github.com/microg/android_packages_apps_GmsCore if unknown).
When Coronamelder was just released, I was still running a microg version which hadn't implemented the Exposure Notifications API. As expected, I got the notification that I needed a Google Play Services update. About three weeks ago microg was updated to include the Exposure Notifications API and the message to update Play Services disappeared in Coronamelder.
However, upon clicking 'turn on' in the 'turn on Exposure Notifications screen' pop up, nothing seems to happen. The screen of some people and a bike that is supposed to appear, appears partly for less than a split second and then disappears again. "De app is niet actief" remains in the screen.
In short: Coronamelder cannot be turned on with microg instead of Play Services, even though latest version has the Exposure Notifaction API implemented.
Steps to reproduce the behavior:
Coronamelder should work with latest version of microg since Exposure Notifications API was implemented.
Xiaomi Mi A1 with Android 10 (Lineage 17.1)
In "Risk of Infection" view "What to do now?" is hidden by "Request Coronavirus test" and nothing strongly suggest there's content to scroll to.
Smartphone (please complete the following information):
After intalling I get the message "your Google Play Servies is out of date". There is an "update" button. Clicking it shows "UnifiedNlp (No GAPPS) in F-droid, without any possibility to update it.
A bigger question is: why does the app need access to a location service? Wasn't the whole point that it didn't use that stuff?
Steps to reproduce the behavior:
See above.
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Add any other context about the problem here.
At the moment it is not possible for the user to select the language of the application. Apparently is it set to the default language of the device.
Steps to reproduce the behavior:
Open the app
A settings menu in which the language preference can be set
Smartphone (please complete the following information):
If one opens the app as a .zip file there is a okhttp3 folder. This folder contains but a file(and a notice) that contains public suffices.
These are .com/.nl/ names where one could register a domain name. This is not really something that one should expect inside a COVID19 app. It is quite suspicous to say the least. Can you remove this file, and the folder?
Not this file/folder to be found
Smartphone (please complete the following information):
After the news broke on tweakers.net about the availability of the app on Android I went ahead and installed it. During installation of the app and subsequent opening of the app I wasn't prompted for permissions Regarding Bluetooth usage or usage of the notification api for health providers.
I'm not sure if the app actually works because I don't see any notification of the app running in the background (other than the app telling me it is running). Also, when I check the permissions that the app has been given (in my settings) I see no permissions set other than it being able to send out "notifications", which is a regular permission.
Smartphone (please complete the following information):
Beste Rijksoverheid, Kunnen jullie in de app een functie toevoegen waarmee je bij horeca zaken bijvoorbeeld een QR code scant in plaats van al je gegevens te moeten achterlaten? Zo weet de app dat je op die locatie bent geweest en kan de app je contacten ipv de horeca. Mensen zullen dan meer gemotiveerd zijn de app te gebruiken en de horeca heeft hierdoor weer meer tijd voor hun corebusiness. Daarnaast hoeven mensen zo hun persoonlijke gegevens niet bij horeca gelegenheid achter te laten. Mensen die de app niet hebben kunnen zichzelf altijd alsnog inschrijven
Dear National Government, Can you add a function to the app that allows you to scan a QR code for catering establishments, for example, instead of having to leave all your details? This way the app knows that you have been at that location and the app can contact you instead of the catering industry. People will then be more motivated to use the app and the hospitality industry will have more time for their core business. In addition, people do not have to leave their personal details at a catering establishment. People who do not have the app can always register themselves
The GGD key that my CoronaMelder App shows, is invalidated by the GGD system:
the code is typed below; no misuse possibility, because it is invalidated
753-QZ-ZU
system responds with invalid key: Letter U is not allowed
There are no known steps to produce an invalid GGD key.
Smartphone (please complete the following information):
CoronaMelder App:
CoronaMelder installed from day 1 of public release.
I had an old notification from 16 days ago that I deleted in the app. After a few hours I heard from someone that she had received a notification, so I checked in the app, but I didn't receive one. However, on further inspection I saw in the COVID-19 Exposure Notifications settings that there was a match in one of the exposure checks.
I expected that I would receive a notification in the app.
Smartphone (please complete the following information):
When open the app for the first time it does not detect that Play Services needs updating and lets me continue through the beginning explanations until I hit the screen to activate. Here the button does nothing.
The phone does show a notification in the notification drawer, but this is easily missed, even more so due to all the information being shown in the app.
Do not continue as long as Play Services is not updated.
Smartphone (please complete the following information):
I travelled outside the Netherlands recently, and the app crashes when I tried to open it. While I realise that the app is meant to work only in the Netherlands, crashing is undesirable.
No clear notifications and no notification log.
That's the issue :-(
My wife is running around with the application installed and enabled on the phone. We are not part of the test region.
Yet, she got notifications about dates she would have been in close contact with someone diagnosed with corona, on dates she was nowhere near anyone from the testing region.
She is not tech savvy, so the notifications are lost, and I can not see what exactly the notification said.
Any notification should be logged and retrievable again, with debugging data if possible. There are 2 scenes for that:
Smartphone (please complete the following information):
Galaxy S8+ (up to date, carrier free). Application is not in the battery saver list.
To be clear: Samsung phones have a very large active bluetooth range. You can easily walk outside with a bluetooth headset playing music and walk to the other side of the street before realizing you forgot your phone.
Android app closes instantly after open, displaying very shortly 'Coronamelder stopt steeds'. (nov. 3)
Steps to reproduce the behavior:
A clear and concise description of what you expected to happen.
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Add any other context about the problem here.
I do not get the weekly update notification from the corona melder app. On a similar iphone weekly messages are received (stating there was no contact with infected persons). Similar version of the app 1.0.5 and settings (notifications on)
My iphone is a company managed iphone (mobile iron installed)
I would expect to receive the weekly messages that there was no contact with infected persons.
Smartphone (please complete the following information):
I received a new Android phone yesterday and used the Google Device Transfer option to move my apps and data from my previous Google Pixel 4 XL to the Google Pixel 6 Pro.
Upon completion Google proceeded restoring all apps, including Corona melder.
After completion of device setup, Corona Melder won't start and crashes instantly. Clearing Data & Cache for the app fixes the issue and allows me to reinitialize the app.
Steps to reproduce the behavior:
Workaround:
Ideally the app restores the configuration and automatically keeps working on the new device. If that's not possible, have the app detect the 'corrupt state', and pop up a notification to reinitialize.
At least don't crash on launch and let me reinitialize without having to manually clear the apps data.
Smartphone (please complete the following information):
Device 1:
Device 2:
Information
There may be circumstances where a user is or was at a location and would like to indicate on a map with a marker that user could maybe have been at risc (for example: supermarket too crowded).
With these markers people could be tentatively warned that they may have been at risc at xx date at xx time.
Collecting these markers can predict a possible risc spread.
This collecting or warning can be done in the background and when a certain level of user markers is reached, the notification of the app will run.
I would like to understand how the exposure notification api is configured, especially with regards to the parameters for duration, I've observed in my friends and family as some online communties, that there is quite some confusion about this. For example, if you only sit next to an infected person for 14minutes, is that not reported as a high risk scenario?
I love that it's an open source application, so I tried to figure out how it's working. But in the end the configuration for the ExposureNotification
is not hard coded in the app (which I can understand) but is retrieved from the api server (v2/riskCalculationParameters/{id}
).
Is there are way to publish these configuration parameters? Combining that with the documentation gives me (and hopefully others) a better insight in how the application is functioning.
If you could expose these settings in the UI in a compact way, that would be really nice, just behind an advanced window or something. Otherwise, just a place to send a GET to and inspect the values.
Resolve the following Gradle issues
Warnings:
WARNING: API 'BaseVariant.getApplicationIdTextResource' is obsolete and has been replaced with 'VariantProperties.applicationId'.
It will be removed in version 5.0 of the Android Gradle plugin.
/home/runner/work/nl-covid19-notification-app-android/nl-covid19-notification-app-android/app/src/debug/AndroidManifest.xml:16:5-18:31 Warning:
uses-permission#android.permission.READ_EXTERNAL_STORAGE was tagged at AndroidManifest.xml:16 to remove other declarations but no other declaration present
/home/runner/work/nl-covid19-notification-app-android/nl-covid19-notification-app-android/app/src/debug/AndroidManifest.xml:19:5-21:31 Warning:
uses-permission#android.permission.WRITE_EXTERNAL_STORAGE was tagged at AndroidManifest.xml:19 to remove other declarations but no other declaration present
/home/runner/work/nl-covid19-notification-app-android/nl-covid19-notification-app-android/app/src/debug/AndroidManifest.xml:22:5-24:31 Warning:
uses-permission#android.permission.READ_PHONE_STATE was tagged at AndroidManifest.xml:22 to remove other declarations but no other declaration present
Depreciations:
Here's the full build log
Build with Gradle 6.8 with --warning-mode=all
, for example ./gradlew app:assemDevDebug testDevDebug testDebug app:lintDevDebug --warning-mode=all
Gradle --warning-mode=fail
should pass, see #54.
The CoronaMelder app does not work without Google Mobile Services (GMS) on Android. This is unfortunate, since Chinese device vendors make up roughly 12% of market share in the Netherlands (part of which doesn't come with GMS). Huawei provides it's own contact tracing API, HMS. Perhaps this can be incorporated into the CoronaMelder, to improve potential adoptation.
Steps to reproduce the behavior:
Would expect app to open
no screenshot atm
Smartphone (please complete the following information):
Today I received a notification on the android app for an exposure that was 90 days ago, and for which I already had a notification back then.
I checked the google exposures, and today at the time of the notification there were 0 exposures on the moment of the notifications (which did come together with the moment google collected its exposures).
You might want to set some maximum interval after which someone can receive such notification, to prevent this kind of behaviour even when there is some bug on the backend?
Smartphone (please complete the following information):
### The Issue
After download and installation of the app, one needs to go through the wizard, accept and give permissions for data usage (eg. acceptance of the privacy statement), then Turn on the app by hitting the corresponding blue button. However I am unable to do so and receive an error:
TITLE: Google Play Services is still being updated
The app can only keep track of possible coronavirus exposure when Google Play Services is up to date. Try again later.
### To Reproduce
Error can be reproduced by starting the app and walk through the first run wizard. When I quit the app, terminate the processes, start the app again, I have to go through the wizard again, hitting the same problem again. Tried to re-install the app, reboot the phone, but I can't get it to work.
### Diagnostics
I've seen other topics thus included the output of adb logcat
. I hit the turn on button 3 times, they should be recorded.
logcat.txt
I also checked the Google Play Store. Its certified and running the latest version I could update/find: 20.9.10-all [0] [PR] 319853039. I did try to stop/start the Google Play Store/Services as well as a full clean restart of the phone, but this did not help.
Smartphone:
Still not sure what it is. First I thought it might be because of the more exotic brand for an Android phone. Bluetooth was turned on during all tests. I also tried to give the app every permission I could give for the test, however, when going to the App Management, it says 'No permissions requested' so I can't do that.
Battery optimizations should not be an issue as the whole battery optimization proces/apps are disabled.
When I haven't opened the app in more than a day and then open it, I get the error "The app couldn't connect to the internet for the past 24 hours. Check if your Wi-Fi or mobile data is turned on.", i.e. the sync_issue_notification_message. When the app cannot sync the codes, notifications will not work.
Steps to reproduce the behavior:
Do not use app for >24 hours and open app.
Background sync to allow for notifications.
Smartphone (please complete the following information):
I think the aggressive background app killing functionality of MIUI may kill the Coronamelder app in the background, but similar issues may arise on phones from certain other manufacturers. There are ways to allow the app to run in the background, but this requires following many steps, which many users will not (know how to) do.
I have now followed these steps and background sync should work for me now.
During the initial setup wizard, I get the following screen:
The wording "can only warn you when ..." suggests that the bullet points specify things that are required for CoronaMelder to work (warn me). However, the second point says "(not necessary)", suggesting that it is optional. So which is it? If it is not necessary, then why ask? If there are other advantages to granting battery optimization permission, then which are those?
I also looked through the help/FAQ section in the app and the only question that looks related is "How much power does the app use?", but that does not mention this permission at all.
Niet echt een concern, maar respect dat jullie de app zo snel in de lucht hebben kunnen zetten! Jammer genoeg duurt politiek altijd zo lang :)
The app has a section supposedly explaining what a notification says, but it only describes what a notification will look like. It might be good to actually explain what information you will get in a notification.
Steps to reproduce the behavior:
I expect a description of what a notification says, since that's the item I clicked on.
After install of app, 1.0.0 (68251-1e56b23) and accepting all questions, the app reports to be operational. I closed the app and left phone for a few hours . Then I turned off the Bluetooth of my phone. The app does not ask me to turn it on again, even for 24 hours of bluetooth turned off.
I live in Utrecht. Phone: galaxy tab s7 (SM-G930F) Android 8.0.0
Br
Carl.
Both our British and German colleagues ran into serious issues with files not decrypting on the app due to EncryptedSharedPreferences
throwing an exception when the phone is under heavy load or is just booting up (e.g. after an android update). This led to database corruption bugs in the German app. And causes the app to fail to start on both.
ukhsa-collaboration/covid-19-app-android-ag-public#22
corona-warn-app/cwa-app-android#642 (comment)
E.g.
Very hard to reproduce. (I haven't been able to reproduce it on this specific app yet but I did reproduce on the German counterpart) . But under high load the creation function on EncryptedSharedPreferences will throw a General security exception
we should keep retrying with exponential backoff.
E.g. like https://github.com/corona-warn-app/cwa-app-android/blob/7ff340f673103b92ce1e37fe383fec14a6afa4e1/Corona-Warn-App/src/main/java/de/rki/coronawarnapp/util/security/EncryptedPreferencesFactory.kt#L31
I only had a very superficial look at the code. So it might be that this error is already dealt with in the code without me realising.
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Add any other context about the problem here.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.