Recommendations to App Creators

Critical:

  • Create much longer random Contact IDs for users to avoid collisions (e.g. use 128 bits)

  • Rotate Contact IDs on a regular schedule to avoid tracking over time (e.g. every 5 minutes)

  • Do not ask App Users for their phone number at time of registration, as it does not appear to be needed. Should there be good reasons to need the phone number, they need to be explained which they currently aren’t.

Important:

  • Review the published white paper on a regular basis and make sure it accurately reflects the current state of the implementation.

  • Augment the white paper to describe all data at rest, and data in motion for all components of the App.

  • Respond to all open issues raised by the public on the bug tracker; currently several major issues have had no response.

  • Publish the State Machine of the App so it can be clearly understood what happens in terms of data exchange and behavior of the App triggered by which events. (E.g. the App seems to have states doubt, pending, safe, infected, verified; document what they mean and how the App behaves in those states)

  • Publish the build and release process so that technically capable users can easily build and run the mobile App from GitHub in the exact same version as is available from the app stores. Make sure that the build process described on GitHub works without hiccups.

  • Publish the source code of the Cloud Component, just like you published the source code of the Smartphone Component.

  • Research and publish key statistics of the App on a regular basis. This should include not only how many active users there are, but also key disease-relevant metrics such as:

    • how many App Users have tested positive and reported their Contact ID;

    • how many of their contacts were identified through the App;

    • how many of their contacts then tested positive as well.

To further increase public confidence in the App:

  • Migrate the implementation to an independently validated, major implementation of Bluetooth-based contact tracing, such as the Apple/Google framework.

  • Perform development on the public Github repository, not elsewhere.

  • Commission an independent Audit of all aspects of the App, in particular the operations of the Cloud Component and the interaction of the entire App system with the public health system.

  • Clean up the code base to remove obsolete and duplicate code. Improve the overall quality and documentation of the code, and implement automated tests.

  • Convene an independent oversight board that maintains a list of questions submitted by the public, researches answers to those questions in full cooperation with the App Creators and publishes answers in a timely manner.

  • Have a single, centralized, well-reviewed, implementation of random generation that is used across platforms.

  • Reconcile the implementations on iOS and Android. There is no need for different database names, column names and types, or algorithms for creation of random identifiers.