The federal government’s Corona Warning app had a brilliant start. According to the RKI, it was downloaded almost eight million times after two days. The app should make it easier to track corona infections. To this end, Bluetooth is used to check whether two smartphone owners are at a distance of two meters or less from one another for 15 minutes or more. The special feature of the app: If a user tests positive and then stores this information in the app, all people who have been close to the person receive a notification. If you receive a corresponding notification via the app, you can have yourself tested at the till, even if you do not yet show any symptoms.
When developing the app, special emphasis was placed on voluntariness and data protection. Both installing the app and storing a positive test result in the app are voluntary. In addition, people who do not use the app must not be at a disadvantage. For example, restaurants or shops are not permitted to make access dependent on the use of the app.
We had downloaded the app on an Android smartphone with Android 10 immediately after it appeared. There the app did its job unobtrusively in the background. We did not notice any negative effects on the battery life. A look at the battery consumption statistics shows that the developers did a good job. Although we had called up the app several times in the foreground, the consumption values were not higher than a good percent of the total consumption. The background activities of our fitness app were twice as high, although we had never started them.
However, other users seem to have had significant problems installing or operating the app. After just one day, the chairwoman of the Federal Association of Doctors in Public Health Service, Ute Teichert, reported that older people in particular were experiencing difficulties. The help function within the app answers many questions, but you must first have installed the app to get to the point. Alternatively, you can find the help function on a specially set up website of the Federal Government.
The hotline number worked well in the test and we navigated through the menus quite quickly. As with any other hotline, a few clarifying questions will direct you to the right contact person. From our point of view, the Federal Government could not have done much more to support users with technical problems.
However, there are justified problems with the system requirements: While the Android 6 bar is still quite low, the app on the Apple side requires at least iOS 13.5. This operating system version is available for all iPhones from model 6S. According to an overview by Statcounter from May 2020, around ten percent of Android users still use a version that is older than Android 6. In addition, statistics currently assume that around 23% of all iPhone users are not yet using the current iOS version, although technically they could.
There are currently no reliable statistics on how many iPhones 6 or older are still in use. Estimates currently assume that around ten percent of the devices used in Germany do not currently meet the system requirements for the Corona warning app. This also includes the latest Huawei devices that are no longer shipped with the Google Play Store. Huawei has also announced that it will deliver the missing prerequisites for these smartphones and has announced that the app will also work on devices that no longer have a Play Store from the beginning of July.
The requirements could certainly have been set lower – especially on the iOS side, because the functions of the app do not necessarily require the latest technology.
Since the functions of the Corona warning app are ultimately very manageable, the question remains why the development of the app took so long. This is certainly due to the implementation of data protection, general security and the general desire for transparency regarding the implementation.
The German government awarded the contract for the development of the app to Deutsche Telekom and SAP. According to various press releases, the development of the app should have cost around 20 million euros. For this, the population living in Germany has received an app, the program code of which was made available early on as open source code on the development platform GitHub. According to SAP, there were over 100,000 individual visits to the GitHub project website and over 7,000 participations over the entire development period. According to the Federal Government, 285 suggestions for improvement should have resulted from this.
However, the transparency of the program code was much more important: Experts were able to get an early picture of the development, point out weaknesses and thus ensure optimal protection for each individual user.
In order to ensure that the app does not have any security gaps despite all transparency, the app was checked by the TÜV Nord subsidiary of TÜV Nord, which specializes in IT security, before publication. This lasted around two weeks and revealed some shortcomings that were reported to the developers and then corrected. You can find a detailed report on the test and the results on the TÜVIT website. There is also a link to the SWR podcast, in which TÜViT expert Markus Bartsch provides information on the security of the Corona app.
There is little reason to criticize, especially with regard to security. Thanks to the decentralized storage of the data, you remain anonymous at any time of use, no registration is necessary during installation. Your smartphone or the installed app exchanges random codes with other devices, provided the criteria are met, and stores them in the local database.
If a person who has installed the app is subsequently tested positive, they can save the result in the app. In this case, all contact persons are informed about the result and a warning is displayed in the app. A central server is then required for this. However, no personal data is stored here either. It was particularly important to the developers that no conclusions can be drawn about you as a user or your location at any time.
Despite everything, the Android app also needs an activated location determination on your smartphone in addition to Bluetooth. Only then is it possible to locate your smartphone via Bluetooth. However, this authorization is set up within the Android operating system so that no distinction is made between the sources used – i.e. WLAN, GPS, cellular network and Bluetooth. If the location services are not active, you will receive a notification after the installation. Within the terms and conditions of the app, paragraph 7b) explicitly states that no location data is collected.
Not only Germany has a Corona warning app in use. Spain, Italy, Iceland, Great Britain and Australia have also developed their own solutions.
The app has been in use in Iceland since April and is used by around 40 percent of the population. It uses GPS to locate the smartphones, which is significantly less precise than Bluetooth. According to reports, the benefits are therefore quite low. The solutions from Italy and Spain, like the German app, rely on decentralized data storage and use Bluetooth as a communication protocol.
One of the first implementations was already in Australia in April. However, according to Australian television, the desired success has failed to materialize and no infection has been identified that has not been known in the conventional way.
Other countries, such as Great Britain and France, have opted for central data storage. Since this is not supported by Google and Apple with a standard interface, the development and testing effort is significantly higher. Until the middle of June there was still no binding release date for the two apps.
In most countries, there was a lot of criticism from data protectors in advance when the idea of the Corona warning app came up. Most smartphone users are already very willing to disclose their data in various places. Just take a look at your personal timeline below Google Maps. You can find this in the app using the account symbol in the top right corner.
The app tracks exactly where you were at what time and also saves your habits. If you use Android Auto in your vehicle, you will be offered the navigation destinations that you normally go to at this time. However, that’s not all Google has stored about you. If you log in to your Google account via the browser and go to the “Data and personalization” menu, then under “Activities and timeline” you will not only see where you were using the Chrome browser, but also which apps you used on your Android smartphone and when.
The world map is also quite impressive, on which you can track exactly which days you visited which places. Google keeps a precise record of this – including events that took place years ago. Of course, you can also delete the location history completely and prevent future recordings. You can find the switch on your Android smartphone in the Google Maps app via your “User”, then “Settings” and “Google location settings”.
The rage of your position data is not quite as pronounced on iOS. Despite everything, the places you visit here are saved locally on your device. You can find the currently saved locations in the settings under “Data protection -> Location services -> System services -> Important locations” and you can also delete them here and generally deactivate them.
Not only the apps from Google and Apple currently have access to your position data. You have probably also given other apps access to your position data during installation or during use – otherwise many of the apps will not work at all.
On Android, you can view this more precisely via “Settings -> Apps & Notifications -> Authorization Manager”. The “Location” permission shows you which apps can access your position data either always or only during use. You can change an authorization directly from this view by tapping the app and adjusting the access procedure.
Under iOS you can see under “Settings -> Data protection” which apps want to access the location and which permissions are assigned in individual cases. Background activities, such as the standard for Android, are not intended for location services in iOS. However, they occur in the area of system services – it is worth taking a look at this submenu.
Through the Corona warning app we will certainly not become a transparent user in Germany. In many cases we were before. Especially when you use an Android smartphone and actively use many services – from Google Chrome to Android Auto – Google gets a clear picture of you very quickly. In the end, you have to decide how much information you want to disclose. Because even with less freedom of movement, most Google services can be used in the same way.
In order to counteract the increasing unwillingness of users to disclose personal data, Google has launched a survey app. You can use them to regularly participate in surveys, for example on your current shopping behavior, the payment method chosen and your vocational training. Of course you also get something for the disclosure of the information: usually a few cents as a voucher for purchases in the Google Play Store. With these targeted questions, Google succeeds in filling the gaps in your profile that still exist. (PC world)