Recommendations to App Creators

  • We recognize that several major improvements have been made in the most recent version of Bluezone.


  • Remove the functionality from the code that allows silent upload that can be triggered by the App Operator.

  • Restore trust in the implementation by publishing the full source code of the Smartphone Component including instructions that are known to enable independent reviewers to build the App on all platforms.

  • Do not ask App Users for their phone number at time of registration, as it does not appear to be needed. Should there be good reasons to need the phone number, they need to be explained which they currently aren’t.


  • Review the published white paper on a regular basis and make sure it accurately reflects the current state of the implementation. Remove outdated copies of the white paper (e.g. on Github).

  • Augment the white paper to describe all data at rest, and data in motion for all components of the App.

  • Respond to all open issues raised by the public on the bug tracker; currently several major issues have had no response.

  • Publish the State Machine of the App so it can be clearly understood what happens in terms of data exchange and behavior of the App triggered by which events. (E.g. the App seems to have states doubt, pending, safe, infected, verified; document what they mean and how the App behaves in those states)

  • Publish the source code of the Cloud Component.

  • Research and publish key statistics of the App on a regular basis. This should include not only how many active users there are, but also key disease-relevant metrics such as:

    • how many App Users have tested positive and whose Daily Key was published to other App Users through Bluezone.

    • how many of their contacts were identified through the App;

    • how many of their contacts then tested positive as well.

To further increase public confidence in the App:

  • Migrate the implementation to an independently validated, major implementation of Bluetooth-based contact tracing, such as the Apple/Google framework.

  • Perform development on the public Github repository, not elsewhere.

  • Commission an independent Audit of all aspects of the App, in particular the operations of the Cloud Component and the interaction of the entire App system with the public health system.

  • Clean up the code base to remove obsolete and duplicate code. Improve the overall quality and documentation of the code, and implement automated tests.

  • Convene an independent oversight board that maintains a list of questions submitted by the public, researches answers to those questions in full cooperation with the App Creators and publishes answers in a timely manner.