immuni-app / immuni-app-android Goto Github PK
View Code? Open in Web Editor NEWOfficial repository for the Android version of the immuni application
License: GNU Affero General Public License v3.0
Official repository for the Android version of the immuni application
License: GNU Affero General Public License v3.0
The file PlayStoreActions.kt has a hardcoded HTTP connection to the Google Play Store. This can lead to MiTM attacks.
Describe the bug
To Reproduce
Screenshots
nel file HomeListAdapter.kt vi è la classe HomeListAdapter che presenta il clickListener, sarebbe meglio che questa fosse dichiarata privata
If I disable exposure notifications on Android settings, I keep seeing the screen that Immuni service is active on the home page (only if I don't close the app via task manager).
To Reproduce
Expected behaviour
I expect that having disabled the exposure log, Immuni should say that the service is not active, but instead I keep seeing that the service is active. If I close and reopen the app from the task manager, the problem is solved.
Screenshots
Smartphone:
Additional context
Same problem on iOS simulator
Could you please elaborate on the following sentence?
At the current stage, the application points to backend services which are not publicly accessible and whose source code has not been released. Note that the application is designed to work without a backend, especially in the context of not having the Exposure Notification entitlements (see Installation.
I think it would be really appreciated by everyone knowing what's the purpose of every call, in particular POST ones! what are you sending? to whom? ecc.
All the best.
Matteo
android.view.View#SYSTEM_UI_FLAG_LIGHT_NAVIGATION_BAR
requires SDK >= 26 and the code it checks for SDK >= M (23) but app has already minSdkVersion = 23.
In files BottomSheetDialogDarkFragment.kt (line 29) and BottomSheetDialogLightFragment (line 84)
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
should be changed like this:
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
Please consider disabling the Javascript engine inside the WebViewPopup
class:
This exposes the app to XSS attacks and it's probably not really necessary (looks like you're using the WebView mostly to render TOS/PrivacyPolicy/FAQ pages) for the app to work properly.
Describe the bug
Bulleted lists and new paragraphs do not break like correctly.
To Reproduce
Impostazioni
> Domande frequenti
It is really ugly to see app locked in portrait in 2020... with livedata, viewmodels and SavedStateViewModel!
Describe the bug
In the EN, ES, FR, DE versions of the app, the Legal docs links redirect to the Italian TOU and PN.
Se i dati sono identificati da un codice alfanumerico che dovrebbe garantire l'anonimato, se, nel momento in cui "carico i dati" sul server centrale (dove?) e "devo" comunicare il mio codice all'operatore sanitario (che ovviamente mi sta identificando), come fa l'applicazione a garantire l'anonimato?
Chi è questo "operatore sanitario" a cui sto comunicando i dati? Cosa fa l'"operatore sanitario" quando "conferma il codice" che ho comunicato?
I have forked the project and used a dependency security scanner to check if there are some security problems related to the library used by the project.
This is the result:
I suggest you to check all the dependencies of the project, because many of potential security problems may be solved with a minor update
all the best
matteo baccan
Is your feature request related to a problem? Please describe it.
Implement root detection for android.
Describe the solution you'd like
Detect whether a phone is root or not.
I'm referring to this comment
#32 (comment)
Google said that they will profile full documentation of how to reproduce Exposure Notifications APIs in systems that are Google Services lacking, so there is no competition.
Apparently, there is a way to develop the app even for AOSP users. I'm talking about users that, by choice, do not have google play service installed (so, for example, LineageOS without gapps)
Is it true?
Do you have any plans on doing it?
Thanks
Describe the bug
When the countdown to tap on the Verify button is over the Error message does not disappear
To Reproduce
Expected behaviour
The error message disappears when the countdown is over
Users should be able to build the app and reproduce the exact build published to the Play Store, in order to make sure the binary was generated by this repo's source code.
For inspiration, here's how Signal does it: https://github.com/signalapp/Signal-Android/blob/master/ReproducibleBuilds.md
As discussed in
immuni-app/immuni-documentation#65 the app cannot be installed, used or kept up-to-date unless the user connects its phone to a Google account.
This is both a privacy risk (the same executable providing the Exposure Notification service is aware of user's identity), as well as a fair competition issue (the government should not oblige a citizen to subscribe a certain private service, even if free of charge, in order use a public service).
I need to send my phone to assistence, and i will use a temporary phone for at least one month, using a temporary phone.
What will happen when i will use again main main phone?
Can be the data tracked by my temporary phone "added" to my main phone?
What if i will notify Covid by my main phone? Will contacts with my temporary phone alerted?
Many thanks
Describe the bug
DE, ES, FR localizations not yet available in the app.
To Reproduce
Build: 54
Describe the bug
During the on-boarding, the app asks a permission to enable the COVID-19 exposure notifications. Even though the locations services have already been activated, when the "Allow" button is clicked, the app shows "Exposure notifications not enabled".
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Although the instructions about the location services activation are not clear enough from the Toast
message, I was expected to be redirected to the next page after allowing the exposure notifications.
Screenshots
Smartphone (please complete the following information):
Additional context
The Toast
message also should be more clear in order to prompt the user to check the location services.
Describe the bug
Two capitalization issues in the FAQ for consistency with the rest of the copy:
immuni >> Immuni
bluetooth >> Bluetooth
To Reproduce
Describe the bug
In the Default suggestions, one recommendation is missing at the bottom of the screen (Indosssa una mascherina).
To Reproduce
Cosa puoi fare per proteggerti
Screenshots
Describe the bug
There are missing/placeholder/not working parts that will need to be changed before releasing:
The app interface doesn't support English language.
I think this feature is important considering the presence of non-italian speakers in the country like seasonal workers and immigrants.
immuni-app-android/app/build.gradle
Line 132 in 8c4739b
glide annotation processor is duplicated
come affermato del dalle specifiche della libreria, importando questa libreria lo sviluppatore potrebbe accedere alla posizione con una bassa granularità
"Unless noted, all Location API methods require the Manifest.permission.ACCESS_COARSE_LOCATION or Manifest.permission.ACCESS_FINE_LOCATION permissions. If your application only has the coarse permission then it will not have access to fine location providers. Other providers will still return location results, but the exact location will be obfuscated to a coarse level of accuracy.
Requires the PackageManager#FEATURE_LOCATION feature which can be detected using PackageManager.hasSystemFeature(String)."
https://developer.android.com/reference/android/location/LocationManager
Describe the bug
All blue buttons in the app should have a light shadow around them by design but it's missing.
To Reproduce
Impostazioni
> Caricamento dati
Verifica
is missing the light blue shadow expected by design.Note that all blue buttons in the app are missing the shadow.
See a few examples in the screenshots attached.
perché la generazione del codice OTP avviene ogni volta che si apre la schermata di "caricamento dati" e non avviene mediante temporizzazione?
si potrebbe forzare un device ad avere lo stesso OTP di un altro mediante una riapertura automatica della scheda.
Code conciseness
Using androidx.Fragment
, it's possible to clean up a bit each Fragment
class by removing the onCreateView
method with the layout inflation in favor of the alternate Fragment
constructor that allows providing the default layout.
Androidx Fragment releases page
Example
Instead of writing
class MyFragment: Fragment() {
// ...
override fun onCreateView(inflater: LayoutInflater, container: ViewGroup?,
savedInstanceState: Bundle?): View? {
return inflater.inflate(R.layout.my_fragment, container, false)
}
}
it's now possible to simplify it with:
class MyFragment: Fragment(R.layout.my_fragment) {
// onCreateView no longer needed
}
Describe the bug
When I arrive in the "Attiva le notifiche di esposizione COVID-19" section and I try to press the "Consenti" button I get this message "Notifiche di esposizione non attivate".
The bug seems to be here where the optInAndStartExposureTracing
gets an exception :
//OnboardingViewModel.kt
fun startExposureNotification(activity: Activity) {
viewModelScope.launch {
try {
exposureManager.optInAndStartExposureTracing(activity)
} catch (e: Exception) {
toast(
activity.applicationContext,
activity.getString(R.string.onboarding_exposure_api_not_activated)
)
e.printStackTrace()
}
}
}
To Reproduce
Expected behaviour
I aspect I should be able to finish the onboarding without incurring in an error.
Screenshots
Smartphone (please complete the following information):
Additional context
Describe the bug
On Samsung Galaxy S10, there is a cut off string in the pop-up message in the High Exposure suggestion screen.
To Reproduce
Scopri subito cosa fare
Ho contattato il medico
Screenshots
There Is an uml diagram avaiable of the app?
Describe the bug
Two notifications are sent simultaneously when a contact at risk is detected (both OS and app notifications).
To Reproduce
Note that Immuni notification is sticky and the user need to tap on it to dismiss it, while the OS notification is dismissable without opening the app.
Describe the bug
Toast with "Notifiche di esposizione non attivate" next to App Wizard
To Reproduce
Expected behaviour
App starting(?)
Screenshots
Smartphone (please complete the following information):
Describe the bug
In the Suggestions/High Exposure
screen there are several discrepancies with the latest copy.
Build: 54
getColor()
is deprecated, you should use ContextCompat.getColor()
instead.
Describe the bug
The application currently points to endpoints that are not publicly accessible. The application works nonetheless, however it would be better to have working endpoints.
To Reproduce
Expected behavior
The application should be able to reach remote endpoints
Smartphone (please complete the following information):
If I click on the two "links" a white page appears.
Immuni supports RTL then layouts should use start
and end
instead left
and right
according to https://developer.android.com/about/versions/android-4.2.html#RTL
Describe the bug
Incorrect Warning is triggered when users become positive. Text refers to having been in contact with a positive user when the users are actually positive themselves.
Smartphone (please complete the following information):
In the Network module, the comment of the method createServiceAPI() in the Network class has a wrong "instance" word.
/**
* Creates an **instace** of [apiClass]
* using the [Network] and [NetworkConfiguration] config.
*/
fun <T : Any> createServiceAPI(apiClass: KClass<T>): T {
return NetworkRetrofit(context, config).retrofit.create(
apiClass.java
)
}
Describe the bug
When onboarding after the Choose City step when user is asked for Exposure notification clicking on "Consenti" show the exception toast and the app can't go on and nothing's showing on screen.
Expected behaviour
The app should show a dialog to ask for something
Screenshots
Smartphone (please complete the following information):
Additional context
The error seems to be generated by an exception in startExposureNotification method inside OnBoardingViewModel. Putting a breakpoint at line 155 when launching the coroutine, an exception is risen with this message:
ApiException: 17: API: Nearby.EXPOSURE_NOTIFICATION_API is not available on this device. Connection failed with: ConnectionResult{statusCode=UNKNOWN_ERROR_CODE(39507), resolution=null, message=null} atcom.google.android.gms.common.internal.ApiExceptionUtil.fromStatus(com.google.android.gms:play-services-base@@17.2.1:4) atcom.google.android.gms.common.api.internal.ApiExceptionMapper.getException(com.google.android.gms:play-services-base@@17.2.1:2)
Maybe is a device problem but I wasn't notified of anything at all.
Sarebbe opportuno rinforzare la funzione aumentando il numero di caratteri, inserendo ad esempio le lettere minuscole e qualche carattere speciale, inoltre sarebbe opportuno inserire un algoritmo di Salt a protezione dell'hash.
Describe the bug
There's a visual glitch on Android 10 on the "Scopri di più" section.
There's a grey bar at the top of the navigation bar.
To Reproduce
Expected behaviour
No gray bar.
Smartphone (please complete the following information):
Additional context
Describe the bug
Onboarding/Pin advice
and Onboarding/Malicious
screens need to be updated with the latest approved copy.
Build: 54
Just build the project then installed on device. Can't pass the onboardig screen, in the step Attiva le notifiche di esposizione COVID-19. Touching Consenti doesn't go further but displays a toast message with "Notifiche di espozicione non attiva".
What I understood is that I need to activate some settings but can't figure it out. GPS and Bluetooth are enabled.
Describe the bug
In the Onboarding/Privacy screen, by tapping on Avanti
, users are brought to the end of the screen where the two checkbox tiles are already marked in red, even though they were never visualized by the user.
To Reproduce
Avanti
Expected behaviour
The two checkbox tiles should turn red after being visualized and then pressing Avanti
.
Screenshots
Describe the bug
If the user gives consent to receive Immuni notifications but Exposure Notifications are turned off, no push notification is received to alert that the service is inactive. The user can see that the service is inactive only by opening the app.
To Reproduce
Turn off exposure notifications
and ConfirmExpected behaviour
A push notification should be sent to alert that the service is inactive.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.