Stated goals of the App

What are the stated goals of the App?

“The Corona-Warn-App is an app that helps trace infection chains of SARS-CoV-2 (which can cause COVID-19) in Germany. The app is based on technologies with a decentralized approach and notifies users if they have been exposed to SARS-CoV-2. Transparency is key to both protect the app’s end-users and to encourage adoption.” Source: [website], checked on 2020-07-26

Side effects of the App

Are there any others goals, not stated by the App Creators, that they are known to also accomplish with this App, or that they could also accomplish with this App in the future?

None known.

Are there any other goals that others (not App Creators) could also accomplish because this App exists, or is used by certain Users?

None known.

Are there notable side effects in the use of this App?

Social context of using the App

Is usage of the App required under some circumstances? If so, by whom? What are the consequences of not using it?

Not required. The German government explicitly discourages requiring the App for other purposes. Source: [govt-faq-pdf], checked on 2020-07-26

Are there non-trivial incentives (e.g. financial, access) for using the App? Are there social pressures to use the App?

None.

Is a minimum penetration of App usage required in some population before the App can start to be effective?

  • Presumably the number of concurrent App Users in a certain region must be a significant percentage of people in that area. This is true for all technical approaches to contact tracing.

Are there social pressures on the App User resulting from the use of the App, or from information shown by the App? (E.g. if the App indicates that the App User has likely been infected.)

None known.

Are there social pressures on anybody resulting from information shown by the App run by another App User? (e.g. pressures on an App User's family or friends if the App identifies the App User as likely infected)

None known.

Is the App available in all languages and localizations most appropriate for the intended App User population?

Yes.

Operations

Describe the principle of operation

Usage metrics

How many App Users are currently using the App?

16 million downloads. Source: [update-corona-war-app], checked on 2020-07-26

Effectiveness metrics against the disease

Not known.

Not known.

Privacy

How are new App Users onboarded on the App? What information do they need to provide to be able to use the App?

The App User downloads the App from an App Store. When started for the first time, the App User needs to consent to the App's terms. No other information needs to be provided by the App User. Source: [scoping], checked on 2020-07-26

How long is collected data retained, and where?

Received Contact IDs are retained for 2 weeks on the Smartphone Component and then deleted. Uploaded “Diagnosis Keys” are retained for 2 weeks on the Cloud Component and then deleted. Source: [technical-solution-architecture], checked on 2020-07-26

Test-related data is deleted after 12 days. Source: [privacy-policy], checked on 2020-07-26

Are any Backups being made whose retention is longer than the declared Data Retention Period? How is it guaranteed that Backups are deleted on time?

Unknown.

Has a Privacy Impact Assessment been performed, and if so, where can it be obtained? Which recommendations have been implemented, and which not? If no such assessment has been performed, why not?

Yes (in German). Source: [cwa-datenschutz-folgenabschaetzung], checked on 2020-07-26

There is a separate security assessment. Source: [overview-security], checked on 2020-07-26

Is the App compliant with local regulations on privacy, in particular on privacy of health-related information?

Yes: complies with GDPR. Source: [privacy-policy], checked on 2020-07-26 Source: [cwa-datenschutz-folgenabschaetzung], checked on 2020-07-26

Is the App consistent with global best practices on privacy, in particular on privacy of health-related information?

Yes: the GDPR is currently global best practice on privacy, and the App complies with it.

What assurances exist that the App will be shut down promptly when appropriate (e.g. when the pandemic has passed, or better approaches for combating the disease have been found)?

The legal framework for the App requires that the functions of the App are necessary and proportionate. Source: [cwa-datenschutz-folgenabschaetzung], checked on 2020-07-26

Is any data collected by the App transmitted beyond the App? If so:

  • Who is the receiver of the data?
  • What is the data that is being transmitted?
  • What are the terms under which the data is transmitted, and what are the safeguards that guarantee the terms are not being violated?
  • Can the transmitted data be correlated by the received with other data they may have or may be able to obtain?

N/A: The data collected by the App is not meaningful beyond the App.

Is any data imported by the App from other sources? If so:

  • What data is being imported, and from which sources?
  • How does that increase the effectiveness of the App?
  • Does it potentially increase risks or downsides of the App, and if so, how?

N/A

Can identities of App Users be tied to, or can they be correlated to specific individuals, and if so, by whom?

No. Source: [pruefsteine], checked on 2020-07-26

User education, consent, support and agency

How do new App Users discover, and obtain access to the App?

The German government performed a marketing campaign to educate the public.

If the App performs several distinct functions, can the App User opt-in to some and opt-out of others?

App Users can deactivate the Apple-Google Notification Framework, which disables contact tracing. App Users can opt out of electronic notification of their lab test results by not using the QR code provided by the lab. Source: [technical-solution-architecture], checked on 2020-07-26

How is user support handled?

The App lists a support telephone number.

How is the user experience, user understanding, and technical performance of the App being monitored in the field?

User studies were performed prior to release. The App Operator performs technical monitoring.

Can App Users request a copy of the data that has been retained about them? Is the process simple and quick? Is the obtained data easy to understand, verify and use?

N/A. No identifiable data is retained by anybody beyond the data related to the COVID-19 testing process, which would exist regardless of the existence or usage of the App.

Can previous App Users request a permanent deletion of the data collected about them? Is the process simple and quick?

the process simple and quick? N/A

Can App Users request a correction of data about them? Is the process simple and quick?

N/A

Can parents or guardians act on behalf of their children in all aspects of the App?

The App makes no distinction between adult and minor users. No parental consent, or withdrawal of consent is supported. Source: [ui-screens], checked on 2020-07-26

The target user is at least 16 years old. Source: [privacy-policy], checked on 2020-07-26

Is there an effective complaint process by which App Users can raise issues with the App, or issues with the impact of the use of the App has on them? (not bugs, not technical issues; that is handled in the support question)

The entire development process is performed publicly on Github. The App Creators have publicly encouraged contributions. Raised issues have generally been responded to by the App Developers Source: [github-documentation-issues], checked on 2020-07-26

Are App Users being educated about what it means to use the App, and give their informed consent prior to using the App?

Yes. Source: [ui-screens], checked on 2020-07-26

Can the App User deactivate and delete the App?
If the source code is available, under which license is it available?

Apache 2.0

Usability

Are the user-facing components of the App built in a way that minimizes potential user mistakes that could be detrimental towards effectiveness or avoidance of risks and harms for themselves and others?

The user interface appears straightforward and understandable. The App Creators report that “We conducted usability tests with representative user groups and … Apple and Google were involved to optimize the design for iOS and Android usage.” Source: [ui-screens], checked on 2020-07-26

Is the App accessible?

Default OS features for accessibility.

Managed or processed data

What data does the App handle? Where in the Architecture is which data stored or processed? Is all data handled by the App strictly required for the stated goals?

Federation with other Apps

Is the App a standalone system (“stovepipe”) or is it intended to be used in Federation with other Apps created by others? If so, what are the supported Federation technologies (e.g. protocols/standards), operations and governance?

Not available so far. Source: [solution-architecture], checked on 2020-07-26

Service Providers used with the App

What third-party Service Providers are used for the App?

Are all Service Providers under legal obligations consistent with the needs of the App? This may particularly be an issue if a Service Provider is subject to a different jurisdiction than the App Creators or App Users, or if the Service Provider can be legally compelled in their jurisdiction to break their obligations to stakeholders of the App.

N/A: there are no service providers other than the App Creators themselves.

Protocols

What are the key non-standard communication protocols the App uses? Explain. (These are highly dependent on the App's features.)

Communication between Smartphone Component and Cloud Component is entirely via HTTPS without use a third-party services. Source: [solution-architecture], checked on 2020-07-26

Governance

How are decisions made about technology and operations of the App?

Decisions are made by the App Creators and publicly documented. Source: [github-docs-issues], checked on 2020-07-26

How are decisions made about governance of the App?

Not known. . However, the past decisionmaking process has been documented. The names, roles and affiliations of key team members have been published. The privacy assessment will again be updated within 3 months. Source: [cwa-datenschutz-folgenabschaetzung], checked on 2020-07-26

Is there a public roadmap for the App, and if so, where can it be found?

The published roadmap appears to have been delivered on. A wishlist for future features is available; the public can contribute. Source: [wishlist], checked on 2020-07-26

Is there a whistleblower process for people involved in any aspect of the development, operation, or governance of the App? If not, why not?

None known.

Should assertions by App Creators prove to be false, or their behavior to be negligent, what are the remedies available to App Users?

Legal steps within the German legal system.

Validation by third parties

Which third parties have researched the effectiveness of this App against the disease? Are their reports publicly available, and if so, where?

Not known.

Which third parties have researched the potential downsides or risks of this App? Are their reports publicly available, and if so, where?

Not known.

Has any third-party audit been performed of the App? Who performed the audit, are their reports publicly available, and if so, where?

Not known.

Are any major discrepancies known between self-assertions by the App Creators and Inference or Audits by third parties?

Not known.

Are all relevant technologies, processes, governance and their internal and public documentation periodically and timely updated?

The documentation of the App is extensive and appears comprehensive.

Audits

Is there an audit trail of what happens in the App? Can it be accessed by the App User or entities on their behalf?

The App reports when it last performed certain actions. There is no audit trail beyond the last time an action was performed.

Validation by third parties

If source code is available, where can it be found?

Source code for all components are on Github.

Other notes

Any other notes that may be of interest

The App Creators commissioned some experiments about actual transmission risk from which key parameters were derived. Source: [api-testing], checked on 2020-07-26