I have to say the main reason I did not install my country's (Norway) corona-tracing-app is that they said it could not be made safe if the source code was public. Nice to see other countries do the right thing.
It is still unbelievable, that the German government paid 20 Million Euro for these apps. Hopefully the request for details about the contracts[1] will be answered by the corresponding gov agency.<p>[1]: <a href="https://fragdenstaat.de/anfrage/kostenaufstellung-der-corona-tracing-app/" rel="nofollow">https://fragdenstaat.de/anfrage/kostenaufstellung-der-corona...</a>
How does one know whether the app in playstore is compiled from this very repo + specific commit and not some other fork of it?<p>Edit: This is not questioning this particular app. A lot of govt are making their tracing app open source [1].
Since making it open source is supposed to increase trust hence the question.<p>[1] India app: <a href="https://github.com/nic-delhi/AarogyaSetu_Android" rel="nofollow">https://github.com/nic-delhi/AarogyaSetu_Android</a>
France also released the source code of its StopCovid19 app[1]<p>[1] <a href="https://gitlab.inria.fr/stopcovid19" rel="nofollow">https://gitlab.inria.fr/stopcovid19</a>
<a href="https://github.com/DP-3T/documents" rel="nofollow">https://github.com/DP-3T/documents</a><p>Here is the protocol it is based on.
for reference, this is the source of the Austrian contact tracking app: <a href="https://github.com/austrianredcross/" rel="nofollow">https://github.com/austrianredcross/</a>
I'm a hopeless optimist and romantic when it comes to software, and I really would have liked to see the covid app being done in some way that built confidence and inspired hope and optimism. My vision was that it could have been more like open source Eurovision where developers that participate had the chance to introduce themselves to the public, and some of the development and design could have been screen cast to us unfortunate souls trapped in our homes for months for some entertainment value and inspiration for budding developers. But eh, instead we get something good, something bad, but much of the same old same old, and in the end, I'm staying as far as I can from these apps as a result. Sad, there was a chance to do something amazing.
This was officially released just a few hours ago by the way:<p><a href="https://play.google.com/store/apps/details?id=de.rki.coronawarnapp" rel="nofollow">https://play.google.com/store/apps/details?id=de.rki.coronaw...</a>
@dang, can we get a title update to include the apostrophe in "Germany's"?<p>Or just change the title to how it's documented on the site?
"Corona-Warn-App: The official COVID-19 exposure notification app for Germany"
While everyone is looking at the code or press releases, only very few seem to research about how Bluetooth distance measurement works and if it's reliable enough with thousand of different smartphones out there having different chips and antenna characteristics.<p>The app may be great but the design simply seems not to work as expected.
The more interesting part is that security audits for the frontend did find multiple high risk security issues in the app, which have been fixed by the developers.<p>But the organisation was not allowed to make a security audit of the backend. I mean the most critical part security wise was not allowed to be verified. This does not feel good.
India also released source code of Aarogya Setu app<p><a href="https://github.com/nic-delhi/AarogyaSetu_Android" rel="nofollow">https://github.com/nic-delhi/AarogyaSetu_Android</a>
Covid has been curtailed without the need for these apps (in all the places that opened up). Why do people insist on pushing them to people? There is no evidence they work, even when with months of testing. No matter how anonymized you try to make them, the authorities and evil state actors will find ways to abuse the data -- it's like a law of nature now that all data will be abused.<p>E.g. in case of a bombing or riots, the police can arrest bystanders and use phones to tell who was standing next to whom.<p>Pushing these for security theater has long term bad consequences. I was hoping people would know that after the 1000th repetition but alas, people are incorrigible<p><a href="https://www.nbcnews.com/tech/tech-news/coronavirus-contact-tracing-apps-were-tech-s-chance-step-they-n1230211" rel="nofollow">https://www.nbcnews.com/tech/tech-news/coronavirus-contact-t...</a><p><a href="https://www.wired.co.uk/article/contact-tracing-app-isle-of-wight-trial" rel="nofollow">https://www.wired.co.uk/article/contact-tracing-app-isle-of-...</a>