Giter Club home page Giter Club logo

nl-covid19-coronacheck-app-android's People

Contributors

aiden-shi avatar bartnijland91 avatar confiks avatar eizeoostinghoneywell avatar hvisser avatar iandundas avatar ijansch avatar jjdegroot avatar jorisdehaes avatar ktiniatros avatar nicktencate avatar reinschaap avatar rool avatar sanderveer avatar sigio avatar sleeplessbyte avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

ewouth osirisinferi aetios evavansloten sleeplessbyte bart0110 funveen tsegers jolandaverhoef bloemcol jpelgrom obfusk raymondbuil rbuiten coilzenterprise ltickett dave90dave mertceyhan martijnvandenhoek dstibbe eddieschrikenberg prlwtz rheutz91 invissvenska eizeoostinghoneywell conceptos-nl sybranddoev ktiniatros

nl-covid19-coronacheck-app-android's Issues

DIGI_D_REDIRECT_URI change doesn't work with some browsers

Describe the bug, issue or concern

The change in DIGI_D_REDIRECT_URI (from coronacheck://auth/login to https://coronacheck.nl/app/auth) doesn't work with some browsers (like the lineageOS stock browser) that don't support opening http(s) links in other applications.

Clicking on the "open in app" button in the web page just opens the link in the same browser window, making it impossible to finish adding the certificate after the DigiD login was successful.

Changing the "open supported links" setting for CoronaCheck to "allow app to open supported links" doesn't help.

The old non-http(s) link used in older versions of CoronaCheck works fine.

Governance

Minor UX thing in onboarding: bold text

In the android in-app onboarding there is a text highlighting stuff in the privacy statement. The bold text is "er worden geen locatiegegevens gebruikt of bewaard". Since the highlighted text is what users see first and "gebruikt of bewaard" does not convey any info by itself, maybe the text can be changed to "er worden geen locatiegegevens gebruikt of bewaard".

Governance

Fixed bug when logging in with DigiD sms-Control

Hi,

This is probably the wrong place, but I could not find any contact information on here and I can't dm anyone either.

Somewhere last week we noticed the check app for Android had a bug with logging in with DigiD when using sms controle. The browser would hang on the confirmation screen and not continue to the app, only when using Chrome as the browser.

Apparently you guys fixed this somewhere as now it's working fine.

We have the exact same bug on production but can't figure it out, and I can't find anything in your commits as to how it has been fixed. Any chance you guys can tell me how you fixed it?

Enhancement: support for multiple personas

Especially with elderly couples, but also small children, not all people own a personal smartphone.

If the Coronacheck app would support multiple personas, QR-codes for a partner or child could be included and all could participate in social life using a single phone.

App crashes when text is tapped

Describe the bug, issue or concern

App crashes when you tap on text in the "Make QR code" view.
E.g. on "This app makes a QR code in three steps"

To Reproduce

Steps to reproduce the behavior:

  1. Open app
  2. Click on 'Make QR code'
  3. Tap on text

Expected behavior

Nothing

Screenshots

No screenshots possible.

Smartphone (please complete the following information):

  • Device: Xiaomi Mi 9 Lite
  • OS: Android 10
  • App Version: 2.0

Additional context

java.util.NoSuchElementException: Array is empty.
at kotlin.collections.ArraysKt___ArraysKt.first(_Arrays.kt:1013)
at nl.rijksoverheid.ctr.design.views.HtmlTextViewWidget.dispatchPopulateAccessibilityEvent(HtmlTextView.kt:163)
at android.view.View.sendAccessibilityEventUncheckedInternal(View.java:8061)
at android.view.View.sendAccessibilityEventUnchecked(View.java:8038)
at android.widget.TextView.sendAccessibilityEventUnchecked(TextView.java:12068)
at android.view.View.sendAccessibilityEventInternal(View.java:8015)
at android.widget.TextView.sendAccessibilityEventInternal(TextView.java:12057)
at android.view.View.sendAccessibilityEvent(View.java:7979)
at android.view.View.performClick(View.java:7191)
at android.view.View.performClickInternal(View.java:7162)
at android.view.View.access$3500(View.java:819)
at android.view.View$PerformClick.run(View.java:27684)
at android.os.Handler.handleCallback(Handler.java:883)
at android.os.Handler.dispatchMessage(Handler.java:100)
at android.os.Looper.loop(Looper.java:224)
at android.app.ActivityThread.main(ActivityThread.java:7562)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:539)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:950)

Governance

Using 2D barcode imagers on Android Enterprise Devices delivering data via broadcast intents.

Describe the bug, issue or concern

To make use of Android Enterprise recommended devices there is a need to be able to implement and use 2D barcode Imagers which are inplemented in these devices.

To make this possible, an intent broadcast receiver needs to be added to the QrCodeScannerFragment. Android Enterprise devices such as Zebra Technologie's Mobile Devices TC2X, TC5x, TC7x as well as the ET5x series (all running on Android Enterprise) are capable of sending an broadcast intent with additional information as soon as a QR Barcode gets scanned with the integrated imager. (no use of camera). This makes the barcode scanning procedure more flexibele as these imager are build for barcode scanning purposes.

As often Android Enterprise devices are used within the Events business, an integration of 2D imagers is a must have.
Besides using the integrated barcode imager, also BlueTooth enabled ringscanners can be used to scan the QR Barcode. Same mechnisme is being used to send the QR Barcode content for validation.

Sample code on how to implement can be provided. We have used these source files to test and implement the Zebra 2D Imagers being used at the TC2x, TC5x, TC7x and ET5x series.

To Reproduce

Steps to reproduce the behavior:

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'
  4. See error

Expected behavior

A clear and concise description of what you expected to happen.

Screenshots

If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

  • OS: [e.g. iOS]
  • Browser [e.g. chrome, safari]
  • Version [e.g. 22]

Smartphone (please complete the following information):

  • Device: [e.g. iPhone6]
  • OS: [e.g. iOS8.1]
  • Browser [e.g. stock browser, safari]
  • Version [e.g. 22]

Additional context

Add any other context about the problem here.

Governance

Message that indicates invalid time is not helpful or actionable

Describe the bug, issue or concern

The Android app shows a warning when the time of the device is not in sync with actual current time. It suggests to set the device to automatic time sync, however even with that option turned on the clock of a device might still drift. If the clock is already set to automatic, there's really nothing much a user can do.

Instead, the app should pass on the observed clock skew (as observed in ClockDeviationUseCase) to the mobile core library that generates the QR code. To make this possible I filed minvws/nl-covid19-coronacheck-idemix#1.

Governance

Certificate pinning

While inspecting the code which sets up OkHttp client, I saw you use TrustManager to set a list of trusted CAs.

nl-covid19-coronacheck-app-android/holder/src/main/java/nl/rijksoverheid/ctr/holder/HolderModule.kt

Line 136 in 92fe329

.addTrustedCertificate(DIGICERT_BTC_ROOT_CA.decodeCertificatePem())

But you are not using CertificatePinner. Both things are described here: https://square.github.io/okhttp/https/
You are using the bottom section, but not the middle one (Certificate Pinning).

More description about it is here: https://square.github.io/okhttp/4.x/okhttp/okhttp3/-certificate-pinner/
Pinning host certificates with their associated hostnames instead of whole CAs will make it more secure.

Gebruik van externe camera/scanner in de corona scanner app

Describe the bug, issue or concern

A clear and concise description of what the bug, issue or concern is is.

Voor de ontwikkeling van een contactloze QR scanner zuil die bij ingang van horeca/winkels zal staan is het voor ons een requirement om de corona QR codes te scannen met een externe camera/scanner. Het is ons niet gelukt om dit voor elkaar te krijgen in de huidige app, mede omdat android het nu niet meer toelaat om standaard een externe camera te gebruiken in apps. Mijn vraag is of dit op een manier mogelijk is momenteel in de huidige versie van de corona scanner? En zo niet, wanneer kan ik een update verwachten die dit wel mogelijk maakt?

Smartphone (please complete the following information):

Android 11
Samsung A52

Additional context

Ik denk persoonlijk dat dit een hele belangrijke ontwikkeling is voor de app.

Governance

App Crashes on start

The app seems to crash on startup consistently, happens every time I try to open the app. the app only seems to show the opening screen but doesn't get further in.
Steps to reproduce the behaviour:

  1. Install app
  2. Open the app

The device in question is a:
Poco F2 Pro (Redmi k30 pro) running an android 11 based ROM, SafetyNet seems to pass basic.
Tried multiple versions of the os, including restarts etc.
Seems to be the only app with this issue encountered so far.

Added logs below:
device_info.txt
logcat.txt

Build for Prod?

Describe the bug, issue or concern

The current download is configured for acc, how to configure it for prod?
Config seems to be missing in productFlavors and other config files?

To Reproduce

Steps to reproduce the behavior:

  1. Build downloaded code, creates this build holder-v2.0-1000000-acc-debug.apk

Expected behavior

Some comments in the code on how to configure for building for prod environment.

Screenshots

none.

Desktop (please complete the following information):

  • OS: Windows, Android Studio + jre, latest gradle.

Smartphone (please complete the following information):
n.a.

Additional context

none.

Governance

(feature request) Make changing app's languague an option

Describe the bug, issue or concern

A clear and concise description of what the bug, issue or concern is is.

App chooses its language by the OS's preference. This may not be desired. Only by re-installing the app from Play Store, after changing OS language, does the app display correctly.

E.g.

To Reproduce

Steps to reproduce the behavior:

  1. change Android to another language from Dutch
  2. Open the App
  3. Still displays in Dutch on Samsung phone

Expected behavior

Language changes along with system language and allows override from a menu

Smartphone (please complete the following information):

  • Device: Samsung Galaxy
  • OS: Android 11 OneUI 3.1
  • Version CoronaCheck 2.1

Additional context

App data was cleared before reinstalling, which confirmed the app's behaviour for me.

Governance

Android integrations. Google pay / widget.

Feature

  • Display QR code as a widget on the home screen.
  • Integration with Google pay as a 'pass'.

Governance

App uses system time for 14 day validation

Describe the bug, issue or concern

After having 2 vaccins (or 1 with Janssen), the NL QR code only appears after 14 days. There is a clear message that you have to wait x days. When you change your telephone date to +14 days from now, the QR code appears directly. This should not be possible to prevent fraudulent behaviour with the QR code.

To Reproduce

Steps to reproduce the behavior:

  1. Get 2 vaccins and load vaccin data into app.
  2. Go to Overview
  3. See that the prove 'automatically is valid in x days' / 'wordt automatisch geldig over x dagen'
  4. Change the current date of your phone to today+14 days
  5. Go back to the corona check app, go to Overview
  6. You are now able to click on 'see QR' / 'Bekijk QR'

Expected behavior

I expect that the countdown from the last vaccin is not using the phone system time. A different method should be used for the countdown of 14 days.

Screenshots

Smartphone (please complete the following information):

  • Device: Samsung A6
  • OS: Android 10
  • Browser: Chrome
  • Version 2.1.2 (1496)

Additional context

Governance

QR is generated based on date of most recent "last dose" (booster) instead of earliest "last dose"

Describe the bug, issue or concern

First I received a single dose of pfizer, which was considered my final dose as I had COVID last year. Since this was thus considered my last dose, I received a valid QR in the app. This week, because several reasons I opted to also get the 2nd shot of pfizer. Both shots are now considered the last dose of my vaccination according to the app ("is this the last dose of your vaccination? yes). The app now takes the most recent dose for the QR and now I'm unable to generate a QR.
My first dose was on the 28th of june, and the 2nd dose was on the 4th of august.

E.g.

To Reproduce

Steps to reproduce the behavior:

  1. Get COVID and recover
  2. opt for a single dose of pfizer
  3. load vaccine data and enjoy your valid QR
  4. opt for a second dose of pfizer because reasons
  5. reload vaccine data and you will have to wait 14 days to enjoy your valid QR again

Expected behavior

Since I received my actual last dose already on june 28th, I should be able to generate a valid QR, regardless of any (booster) shots received after.

Smartphone (please complete the following information):

  • Device: OnePlus 7T
  • OS: Android 11
  • Browser: Chrome
  • Version: 92.0.4515.131

Governance

No valid vaccination certificate created when only one vaccination was required.

Describe the bug, issue or concern

I have received my Pfizer vaccination. Due to an earlier infection with covid, I only had to get one vaccine. (presumably) because of this, I can only create an international certificate, not a national one.

I'd like to add to that that the official minvws twitter account has stated that this bug has been fixed, but it has in fact not been fixed yet.

I think this might in part be related to the fixes in #28, but that is just speculation.

To Reproduce

  1. Get Covid-19 (please don't actually)
  2. Recover (please do)
  3. Fill in the questionaire to make an appointment truthfully (I've been infected before, so the site told me I only need one vaccine)
  4. Get vaccinated
  5. After a couple of hours, once the data has been received by the RIVM servers, try to create a vaccination certificate.

Expected behavior

Because I only needed one vaccine, the app should make a certificate for me. Unfortunately, it does not. I only get an international vaccine.

Screenshots

I can't really, the app does not allow screenshots.

Smartphone (please complete the following information):

  • Device: Huawei P Smart Z
  • OS: Android 10
  • Browser: Chrome
  • Version: latest

Additional context

Before making my certificate, it shows two vaccinations. Confused, but it seems to be the same vaccine.

Governance

Resolve Gradle warning

Describe the bug, issue or concern

Gradle currently throws the following warning, because an obsolete API is used:

> Configure project :api
WARNING: API 'BaseVariant.getApplicationIdTextResource' is obsolete and has been replaced with 'VariantProperties.applicationId'.
It will be removed in version 5.0 of the Android Gradle plugin.
For more information, see TBD.
To determine what is calling BaseVariant.getApplicationIdTextResource, use -Pandroid.debug.obsoleteApi=true on the command line to display more information.

To Reproduce

Steps to reproduce the behavior:

  1. Build with Gradle with --warning-mode=all

Expected behavior

Building with Gradle with --warning-mode=fail should pass.

Additional context

Governance

Feature Request; Add support for direct (2D) Scanning via Honeywell mobile devices

With the current version of the scanner app on Honeywell (Android Enterprise) Handheld Devices the camera is opened/launched to scan the QR barcode. For our customers it would be more ergonomic and more efficient (faster) if we could use the integrated 2D imager..

Could you please advice who to contact to explore the possibilities to include/embed scanner support for our handheld devices?
Of course we are happy to help/assist and/or provide you with all the necessary documentation and test hardware to support the development/implementation..

Many thanks in advance,

Eddie Schrikenberg
Solution Architect
Honeywell | Productivity Solutions and Services
Burgermeester Burgerslaan 40
5245 NH Rosmalen

No Dutch vaccination proof, when all data is correct.

Describe the bug, issue or concern

Received a Pfizer vaccination, and needed to get a second vaccination. Due to an earlier infection with covid, I than got notified i only had to get one vaccine. So canceled the second appointment.
I can only create an international certificate, not a national one, even though the GGD filled a new questionnaire, which stated i have had COVID and only needed 1 vaccination.
The questionnaire is filled 14th of June. And we are waiting for more than 2 months now, to get it fixed / updated.

To Reproduce

Steps to reproduce the behavior:

  1. Have a postitive test;
  2. Get 1 of 2 vaccinations;
  3. Cancel the 2nd because it is not needed anymore;
  4. Get doses 1/2 adjusted by filling in a new questionnaire;
  5. Retrieve vaccination proof in app / website or anywhere;
  6. Get only an international one.

Expected behavior

We should get a valid Dutch vaccination proof.

Desktop & Smartphone (please complete the following information):

  • OS: iOS & Android & Website

Governance

F-Droid version not working

Describe the bug, issue or concern

The check app on F-Droid cannot scan QR codes. (Paper at least, possibly all).
Please dont say use the play-store app as this phone has no play-store at all.

To Reproduce

Install F-Droid version of scanner, the QR code is not recognized.
The QR code can be scanned using a generic QR-reader so it is not the camera.
Using a generic QR scanner the resulting gibberish is not usefull.

Expected behavior

At least a scan by the APP.

Smartphone (please complete the following information):

  • Device: Pixel 4a
  • OS: Graphene OS
  • Browser not relevant
  • Version up to date, with near weekly updates.

Additional context

Add any other context about the problem here.

Governance

Prevent screenshot or screen capture on the QR code page

Describe the bug, issue or concern

At the moment it is possible to take a screenshot of the QR code (vaccination, recovery or test certificate).
I think this is not desired for it allows very easy fraud. Users could just screenshot the QR code and send it to friends.

I know this could already be done by looking at the moving animations on screen but reality shows that bouncers or guards at clubs don't really look at that and only look at or scan the code.

To Reproduce

Steps to reproduce the behavior:

  1. Go to my overview.
  2. Click on view qr code.
  3. Take screenshot or start capture.
  4. See error.

Expected behavior

There could be multiple options with varying implementations.

  • As Ziggo does this in their Ziggo go app once a screenshot is taken they turn to black and there is no information in the screenshot. This doesn't prevent screenshots from being taken but it holds no purpose for there is no information in the screenshot. Just a black screen.

  • ABN AMRO app will not let you take a screenshot at all. They will just issue an alert to the user with an explanation that no screenshot was taken.

Additional context

Android documentation suggests using the following to disable capture inside an android window:
https://developer.android.com/reference/android/view/WindowManager.LayoutParams#FLAG_SECURE

Governance

Distribute packages outside of play store

Describe the bug, issue or concern

Please consider providing the application outside of the Google Play Store, for example by adding apk files to GitHub releases or ideally adding the app to F-Droid. Some people can't or don't want to use Google Play Services on their Android devices, for example because of privacy concerns.

Contact tracing and/or checking apps for France (and third party), Switzerland, United Kingdom and Germany are available on F-Droid.

Governance

CI: Key store signing errors

Currently the CI fails because something is going wrong with the key store signing.

FAILURE: Build failed with an exception.
518 actionable tasks: 361 executed, 157 from cache

* What went wrong:
Execution failed for task ':holder:packageTstRelease'.
> A failure occurred while executing com.android.build.gradle.tasks.PackageAndroidArtifact$IncrementalSplitterRunnable
   > com.android.ide.common.signing.KeytoolException: Failed to read key  from store "/home/runner/work/nl-covid19-coronacheck-app-android/nl-covid19-coronacheck-app-android/keystore.jks": null

App crashes instantly on Google Pixel 4 XL on latest Android 12

Describe the bug, issue or concern

When launching the app on Android 12 SPB3.210618.013 the app instantly crashes. I've been trying to get the crash dialog to stay open long enough so I can see the reason, but have been unable to do so.

Resetting the apps data didn't resolve the issue.
Resetting the android WebView component didn't resolve the issue.

E.g.

To Reproduce

Steps to reproduce the behavior:

  1. Open the app from the app drawer
  2. Crash.

Expected behavior

https://youtube.com/shorts/afKbsTNpAEw?feature=share

Screenshots

If applicable, add screenshots to help explain your problem.

Smartphone (please complete the following information):

  • Device: Pixel 4 XL
  • OS: Android 12 SPB3.210618.013
  • Browser Chrome
  • Version 91.0.4472.164

Additional context

Add any other context about the problem here.

Governance

Kwetsbaarheid in de methode om de QR + identiteit te controleren

Hi,

Deze kwetsbaarheid is eerder doorgegeven aan het NCSC maar zij zien het niet als technisch beveiligingsprobleem en gaan dit niet verder behandelen. Omdat er verder nergens aangegeven is waar dit aan te kaarten post ik het hier publiekelijk. De kwetsbaarheid vereist geen raketgeleerde om er op te komen dus dit zal ongetwijfeld al veel in het wild toegepast worden.

De kwetsbaarheid:
De methode zoals aangegeven in de scanner app laat teveel human error toe. Hier volgt een vector die naar mijn inzicht het makkelijkst te exploiten is in venues die zich netjes aan de stappen in de scanner app houden.

  1. Genereer een (papieren) QR code. Geef hiervan een kopie aan een maatje. Papier is het makkelijkst want hier zit geen time-based challenge in waardoor je niet vast zit aan die 3 minuten. Eventueel kun je ook met je DigiD op de telefoon van een maatje inloggen en de QR Code met time based challenge genereren op de telefoon van je maatje aangezien er geen limiet zit op hoeveel devices gekoppeld zijn.
  2. De meeste mensen hebben meer dan een identiteitsbewijs. Bijvoorbeeld een id-kaart / rijbewijs / paspoort. Een van deze leen je uit aan het betreffende maatje en eentje gebruik je zelf.
  3. Loop de venue binnen. Als er slechts een portier aanwezig is zorg er dan voor dat je een klein stukje uit elkaar in de rij aanschuift zodat de portier twee maal dezelfde naam en geboortedatum niet te verdacht vindt. Je maat indentificeer zich met kopie QR code + geleend identiteitsbewijs. De meeste portiers kijken niet naar de pasfoto op het identiteitsbewijs omdat ze hier niet toe opgedragen worden door de app, er niet voor getrained zijn of vanwege low-light condities die dit bemoeilijken.

Uiteraard zijn er genoeg variaties op deze methode te bedenken waarbij je je telefoon / id uitleent nadat je al binnen bent in een venue mits de situatie dit toelaat. Hierdoor kun je potentieel best wel wat mensen naar binnen krijgen.

Impact:
De impact op de volksgezondheid is potentieel groot omdat je ongemerkt mensen toelaat die potentieel niet gevaccineerd of getest zijn maar wel actief het virus verspreiden, of als men het niet zo nauw neemt en positief test maar vervolgens met deze methode een negatieve test / vaccinatie van een maatje gebruikt om toch binnen te komen.

De impact op het individu die van deze kwetsbaarheid gebruik maakt is op dit moment laag. Er is op dit moment weinig toezicht op dit soort identiteitsfraude.

De impact op de horecazaak is potentieel groot omdat zij potentieel een superspread event organiseren en hierdoor de deuren moeten sluiten terwijl hun niet per-sé iets toe te wijten is wanneer ze de scanner volgens de procedure gebruiken.

Potentiele oplossing:
Om het gebruik van dubbele id's / QR's tegen te gaan zou je een gastenlijst bij moeten houden. Bijvoorbeeld in de app een lijst met welke id's/QR's reeds gebruikt zijn om toegang te verkrijgen. Dit is lastig vorm te geven door wetgeving maar ook omdat, indien meerdere keren vrij uit/in lopen toegestaan is, je deze mensen constant uit/in moet checken.

Eventueel zou je de scanner app ook de MRZ + NFC uit een identiteitsbewijs kunnen laten gebruiken voordat een groen scherm afgegeven wordt met een fallback naar manuele input wanneer het device geen NFC ondersteund. Dit dwingt de portier om de methode op de juiste manier te gebruiken en staat toe om automatisch een lijst bij te houden. Het gebruik van de NFC is hier enigszins key omdat die lastiger na te maken is terwijl de MRZ slechts een goede kopieer machine vereist.

Bij grotere evenementen is het gebruik van meerdere scanners gewenst die offline moeten kunnen functioneren. Deze zullen de gastenlijst onderling moeten synchroniseren. Dit is geen triviale taak om op te zetten. Dit vereist een vorm van een (P2P) netwerk communicatie tussen de devices en de nodige encryptie om de synchronisatie veilig uit te voeren.

CoronaCheck app doesn't start on Android 12

Describe the bug, issue or concern

When i press the icon to launch the app, the splash screen with logo comes up. Then it stays on that screen for a couple minutes.
Then the app just closes. No force close dialog or anything. The same happens to the Scanner for CoronaCheck app.

I have added a screenrecoding of the bug. in this case, a force close dialog does appear however.
I have wiped cache and data multiple times, and all apps are up to date.

XRecorder_21012022_101303.mp4

The DigiD app works without any problems.

** Possible fix
I notice that the targeted SDK version of this app is 30. Android 12 uses 31. Is the app not compatible yet?

  • Device: OnePlus 8T
  • OS: Android 12
  • Browser : Chrome
  • Version: 96.0.4664.104

Governance

com/minvws/nl-covid19-notification-app-coordination/blob/master/LICENSE.txt and the contributor license agreement https://github.com/minvws/nl-covid19-notification-app-coordination/blob/master/CLA.md

Valid (Dutch not international) vaccination certificate given after only one vaccination of Pfizer

Describe the bug, issue or concern

Yesterday I finally got the chance to receive my first vaccination with Pfizer and of course after I got home I tinkered with the app (see steps in To reproduce). While I ended the night with a valid certificate because I've recently been negatively tested (valid until 5:00 AM this morning), I woke up to find a valid vaccination certificate, which I was successfully able to use in the scanner app.

I've checked at mijn.rivm.nl to see if my vaccination was correctly registered, and no problems seem to have occurred there.

To Reproduce

  1. Get vaccinated (Pfizer) 💯
  2. Load vaccination certificate into the Coronamelder app (around 5 hours after vaccination)
  3. Get greeted by a message that my vaccination is only valid internationally and not yet in the Netherlands
  4. Load negative test result gotten from the GGD (around 35 hours old at this point)
  5. Get a valid negative test result QR-code
  6. (next morning) See that my negative test result has correctly disappeared from the Netherlands part and is still visible in the international tab
  7. Find a valid vaccination QR-code in the Netherlands portion
  8. Scan the QR-code in the scanner app and get greeted by a green checkmark.

Expected behavior

Since I've only had one shot of Pfizer I expect my vaccination to not be valid yet in the Netherlands.

Screenshots

Unable to take screenshots.

Smartphone (please complete the following information):

  • Device: OnePlus 5T
  • OS: Android 10 (Oxygen OS 10.0.1)
  • Browser: Chrome
  • Version : 91.0.4472.120

Additional context

Add any other context about the problem here.

Governance

Vraag, theaters willen graag de CoronaCheck Scanner gebruiken in combinatie met een USB scanner ipv de camera lens zodat ze contactloos kunnen scannen. Is er een Andriod APK beschikbaar waarbij de app ook werkt icm usb scanners? Of is het mogelijk om dit te ontwikkelen? Hiermee zouden bezoekers contactloos hun controle kunnen doen ipv scannen via theater personeel.

Describe the bug, issue or concern

A clear and concise description of what the bug, issue or concern is is.

E.g.

To Reproduce

Steps to reproduce the behavior:

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'
  4. See error

Expected behavior

A clear and concise description of what you expected to happen.

Screenshots

If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

  • OS: [e.g. iOS]
  • Browser [e.g. chrome, safari]
  • Version [e.g. 22]

Smartphone (please complete the following information):

  • Device: [e.g. iPhone6]
  • OS: [e.g. iOS8.1]
  • Browser [e.g. stock browser, safari]
  • Version [e.g. 22]

Additional context

Add any other context about the problem here.

Governance

SMS verification or ID verification is required but the login page only allows username + password

To Reproduce

Steps to reproduce the behavior:
In the FOSS version on F-droid, if you try to login with DigID to retrieve the vaccination certificate, you can only login using username+password

Expected behavior

Login with DigID webpage lets you choose to login with SMS verification or the DigID app with ID verification

Screenshots

h7Kxvimh

Smartphone (please complete the following information):

  • Device: Xiaomi mi 10 lite 5G
  • OS: Android 11 (crDroid 7.11, AOSP/LineageOS based)
  • Browser: The app opens the LineageOS default browser (even though I have set Firefox as the default)

Additional context

FOSS / Fdroid version

Governance

'Ziekteverwekker / Disease' text value in details international QR-code wrong

Describe the bug, issue or concern

When I choose Main screen - Internationaal - select Button BEKIJK QR) and then select the question mark at the top right in the international QR code screen (the screen with the QR code and the animations), the text value at the label 'Ziekteverwekker / Disease targeted:' is not correct. The text value states 'Ziekteverwekker:' Comparing this with the paper version (papieren bewijs), generated through https://coronacheck.nl/nl/print/ I noticed the difference. There the text value states 'COVID-19', which is correct, I assume.

To Reproduce

Steps to reproduce the behavior:

  1. Go to main screen 'Mijn bewijzen'
  2. Select menu 'Internationaal'
  3. Click on button 'BEKIJK QR'
  4. Click on question mark symbol in right top corner
  5. See error under 'Ziekteverwekker / Disease targeted:' where the text value states 'Ziekteverwekker:'

Expected behavior

The expected behavior should be that the text value should display 'COVID-19' instead of 'Ziekteverwekker:'

Screenshots

coronacheckapp_bug

Smartphone (please complete the following information):

  • Device: [OnePlus 8T]
  • OS: [Android 11]
  • Browser [Chrome]
  • Version [92.0.4515.131]
  • Coronacheck app version 2.2.1 (1851)

Governance

Can't open DigiD when phone uses Work Profile

Describe the bug, issue or concern

Commit 2d46186 introduced a regression. With this change, users that have Work Profile set up in their device cannot open their browser anymore to login with DigiD.

When using Work Profile, there's a custom preferred "browser" that lets you choose between the Private and the Work browser. The package name of this "browser" is simply android as it's part of the core Android package.

The commit mentioned above removed the whitelist of browsers, and instead allows all browsers. On a phone with Work Profile installed, this will try to open this generic "browser", using package name android which fails and crashes the app.

A simple fix would be to add a filter, which filters out browsers with package name android. I'll open a PR with that fix.

Governance

"Next" button falls off screen in "make qr code" activity

Describe the bug, issue or concern

"Next" button only partially visible, need to scroll down, which might confuse novice users

To Reproduce

Steps to reproduce the behavior:

  1. Tap "make qr code"
  2. Scroll down

Expected behavior

A clear and concise description of what you expected to happen.

Screenshots

Impossible due to what seems app's security policy

Smartphone (please complete the following information):

  • Device: Samsung device with OneUI 3.1 1080x2400
  • OS: Android 11

Additional context

Add any other context about the problem here.

Governance

Application doesn't show QR code without internet connection

Describe the bug, issue or concern

Application doesn't show QR code and require connection to the internet with imported certificate. It has happened recently during vodafone outage.

To Reproduce

Steps to reproduce the behavior:

  1. Import vaccination certificate
  2. Wait few days
  3. Open CoronaCheck app
  4. It show an error "Server cannot be reached"

Expected behavior

A clear and concise description of what you expected to happen.

Screenshots

Unable to make screenshots as application doesn't allow to do it.

Smartphone (please complete the following information):

  • Sony Xperia II
  • Android 10
  • CoronaCheck version from October 5

Additional context

Application haven't been used for few days and this has happened on check in the cafe.

Governance

Total number of doses is not shown correctly in international vaccination after booster (3rd) vaccination

Describe the bug, issue or concern

I did receive a 3rd vaccination because of a severe immune system disorder. This is officially not a booster vaccination, however can be seen equally regarding the problem I observed.
I thus have a third vaccination, after my earlier two vaccinations. In the CoronaCheck app, on the tab that is showing the international vaccination certificates, the vaccinations are shown as:

  • Dose 3/3
  • Dose 2/2
  • Dose 1/2

The total dose counter for dose 1 and dose 2 are thus shown incorrectly, as I would expect them to be shown as:

  • Dose 3/3
  • Dose 2/3
  • Dose 1/3

Also on the QR code view, QR code selector is showing 'Dose 1/2' and 'Dose 2/2' where I would expect it to show: 'Dose 1/3' and 'Dose 2/3'. The selector is correctly showing 'Dose 3/3'.

Also see the attached screenshots

To Reproduce

Steps to reproduce the behaviour:

  1. Start the CoronaCheck app
  2. Click on 'International' tab
  3. See first screenshot
  4. Click on the 'View QR Codes' button
  5. See the second screenshot

Expected behaviour

I would expect that the total number of doses (3 in my case at this moment), is shown correctly when it is shown in 'Dose x/y' style strings.

Screenshots

The overview of the vaccinations on the 'International' tab.
image

The QR code selector. Notice the three dots, and the still enabled 'go to right' button.
image

Smartphone (please complete the following information):

  • Device: Samsung A51
  • OS: Android 11
  • Browser: Chrome
  • Chrome Version: 96.0.4664.45
  • CoronaCheck version: 2.5 (2753)

Governance

Scanner app does not show 4 letter/numbers to verify identity of citizen

Describe the bug, issue or concern

qr code scanned with cornacheck scanner app says qr code is valid but does display 4 underscores instead of the information to confirm the identity. This might not be a specific issue with the app but is concerning.

To Reproduce

Steps to reproduce the behavior:

  1. Go to Lead Healthcare for a corona test.
  2. validate negative result in CoronaCheck app and show qr code.
  3. Scan qr code on another device with the scanner app.

Expected behavior

get 4 letters/numbers to verify identity

Screenshots

image

Smartphone (please complete the following information):

  • Device: both Samsung a71
  • OS: Android 11

Governance

Verifier app: validate QR code signature

While inspecting verifier app code, I haven't found any place where we validate the QR code signature.
At the moment it seems it's very easy to forge your own QR code. Is this something in plans to be improved?

Geen QR code (indien corona + 1 vaccinatie)

Problem: geen QR code (indien corona + 1 vaccinatie)

Indien je corona gehad hebt zou je met 1 vaccinatie voldoende bescherming moeten hebben om een QR code te krijgen.
Bij die vaccinatie moet dan aangevinkt worden dat er een eerdere besmetting was zodat in de QR code ‘1 van 1 vaccinaties’ komt te staan.
Indien bovenstaande het geval is: hoe (en wie/welke instantie) kan dit aanpassen indien er toch geen QR code verkregen wordt omdat er ‘1 van 2 vaccinaties’ staat.
Bij huisarts, GGD, huisartsenvereniging, RIVM etc komen we niet verder. Dit zijn de logische contactpunten, maar naar mijn idee is het data verwerkingsprobleem en bij hen komen we niet verder. Iedereen doet z'n best en is behulpzaam, maar nergens komen we verder omdat niemand iets kan aanpassen in zijn/haar systeem (en iedereen zegt dat een andere persoon of instantie dat wel kan/moet kunnen).

Bij wie of welke instantie kunnen we terecht die wel dieper in de database kan om dit (met terugwerkende kracht) aan te passen?

Benadruk het vragen om ID meer

Naar mijn ervaring met de app wordt of niet gecontroleerd, of, als er gecontroleerd wordt, alleen controlevragen gesteld zoals "Wat is je geboortejaar?". Dit maakt het erg makkelijk om met een QR code van iemand anders naar binnen te komen. Ik ben in de afgelopen 4 keer dat ik gecontroleerd ben 1x wel gevraagd om ID, 2x kon ik na het scannen zonder ID naar binnen, en 1x kon ik met een controlevraag naar binnen. Dit ging in 2 gevallen om de horeca, en 2 gevallen een bioscoop. Het hele punt van de App is zo weg. Er moet naar mijn mening sterker benadrukt worden dat controlevragen niet voldoende zijn en dat het tonen van een ID verplicht is.

Sync CoronaCheck releases to GitHub before roll out.

Currently CoronaCheck version 2.1.0 and 2.1.1 are rolled out through Google Play, but not yet available in this GitHub repo. This undermines the open-source principals. Source code should be made first available on GitHub, before pushing to Google Play and rolling out, so that it can be independently checked.

Ping @ijansch @BartNijland91

Privacy Concerns

Describe the bug, issue or concern

Please do not get me wrong. I applaud the fact this application is open source and the fact privacy seems to be taken seriously while developing this application. Having said that, despite these considerations I am strongly against the sharing of ANY patient data, including vaccination status. While the generation of the QR code that is used within The Netherlands itself is much better since it only shows a binary YES/NO without any additional details (such as what generated the YES: Negative test, recent infection or vaccinated), the European QR code that is supported within the application is a privacy disaster, showing things such as batch number of vaccination, number of shots and date at which the shots were received.

I have searched far and wide if this entire ecosystem can be opted out of. While I know it is possible to opt-out of sharing your vaccination information with the RIVM, as far as I know this application can also retrieve vaccination details from the GGD. I am strongly against this, and this fact has made me doubt whether I even want to be vaccinated in the first place. This feels extremely bad because I WANT to be vaccinated and be part of the solution of this crisis. However, my privacy concerns are currently preventing me from being that.

These questions aren't really related to the application itself, but since I was unable to find ANY relevant information on the topic, and since you guys have experience with retrieving the information from said systems, I was hoping the knowledge I am after can be found here. My questions:

  1. As far as I know, if I get vaccinated at the GGD and choose to NOT share my details with the RIVM, the CoronaCheck app will still be able to generate the QR-codes that would allow me to attend an event. Is this correct?
  2. Is there ANY way to opt out of this completely and make my vaccination status irretrievable by the CoronaCheck application? Yes, I know I would not be allowed into an event despite me being vaccinated if these details cannot be retrieved. However, I am completely fine with that.

Thank you very much in advance!

Governance

Does use Chrome instead of default browser?

When try to login with DigiD, a URL (https://tvs.coronacheck.nl/authorize?....) is opened in Chrome which is not my default browser. I would expect it to open my default browser.

login met digid - ophalen is afgebroken (again)

Describe the bug, issue or concern

Na klikken op 'log in met digid' verschijnt de melding 'Het ophalen is afgebroken'.
Dit is eerder een issue geweest, maar het lijkt niet volledig opgelost.

To Reproduce

Steps to reproduce the behavior:

  1. app starten
  2. Click on 'bewijs toevoegen'
  3. Scroll down to 'een vaccinatiebewijs toevoegen.'
  4. press: 'login met digid'
  5. See error

Expected behavior

Ik verwacht dat na het inloggen het vacinatiebewijs wordt opgehaald.

Al gewijzigd / geprobeerd:

1 coronacheck-app al diverse malen geheel verwijderd en opnieuw geïnstalleerd
2 telefoontoestel al opnieuw opgestart
3 aanvankelijk geprobeerd met opera-browser (werkte niet). toen firefox geïnstalleerd (werkte niet). toen chrome aangezet. chrome geupdate. chrome werkt ook niet.
4 digid-app geïnstalleerd. daarmee inloggen op bijvoorbeeld digid.nl lukt wel.
5 testbewijs van andere testlocatie opgehaald via ophaalcode (lukt wel)
6 verbinding gewijzigd van wifi naar mobiel-netwerk

Smartphone (please complete the following information):

  • coronacheckapp: versie 2.1.9 (1649)
  • Device: ZTE A2017G
  • OS: android 8.0.0 (patch 1-4-2019)
  • Browser: Chrome
  • Version: 92.0.4515.115

Additional context

Ik wil best logging verstrekken, maar ik heb geen idee hoe ik dat doe. Als aangegeven kan worden hoe ik dat doe, geen probleem.

Governance

Deep linking in the application

Describe the bug, issue or concern

At the entrance of events, multiple items need to be checked such as their ticket and the Corona Qr code. As an employee you often have to switch between the CoronaCheck Scanner application and a ticket scan application.

To improve the speed we have added a button in our application which brings up the CoronaCheck Scanner however it currently opens a page with a button Start scanning which means you'll have to click again. This might not feel like a huge hassle but please keep in mind that you will have to do this for hundreds of times each day.

It would be great if we could deep link to the scanning page, thereby saving the hassle of pressing the Start Scanning button.

Note

The same goes for the visitor; they have to show their Ticket QR code as well as their Corona QR code. If this issue gets accepted I'll create a similar issue in the CoronaCheck application.

To Reproduce

Steps to reproduce the behavior:

  1. Open any other application
  2. Click on Open CoronaCheck Scanner app
  3. You have to click on Start scanning
  4. The scanner page opens up
  5. You scan the user

Goal

  1. Open any other application
  2. Click on Open CoronaCheck Scanner app and it deep-links you to the scan page
  3. The scanner page opens up
  4. You scan the user

Screenshots

If applicable, add screenshots to help explain your problem.

Screenshot 2021-07-19 at 21 50 49
Screenshot 2021-07-19 at 21 50 40

Governance

Security overview not availible

The corona Melder app from the RIVM uses the Google Exposier API. This API has been reviewed my multiple security experts. This app the CoronaCheck app looks to be using a custom designed flow. So I would like to see a breakdown of all security measures and a technical flow of the data and key exchanges that are going on.

So far I got the following information from searching the source code:

So my question is if an overview can be made where all technical details are also shown.

Using a 2D barcode scanner instead of the camera

Hello,

We make custom made self scan kiosks using Android tablets. We are wondering if it's possible to scan QR codes using an infrared 2D barcode scanner hooked up (or integrated directly into the device) instead of using the regular built-in camera. I have noticed a similar issue posted in August in which the support for Zebra devices were mentioned and plans the expand support in general for dedicated barcode scanners. I am wondering how the progress regarding this issue is. Ideally we would like to hook up an external barcode scanner which returns the QR code content as a keyboard input. Is this possible?

Thank you for your time.

Daniel

CoronaCheck Scanner rejects QR code if third (booster) dose is less than 14 days old

Apologies if this isn't the right place to report a bug that's specific to CoronaCheck Scanner, or if it's not specific to Android. (I suspect it isn't, though I've only checked on Android, and am not sure where to report more general issues.)

Describe the bug, issue or concern

Individuals with international EU Digital COVID Certificates who have received a third (booster) dose within the last 14 days will have their QR codes rejected, even though their second dose was more than 14 days old so their proof of vaccination should be accepted. (In other words, CoronaCheck Scanner simply looks at the date of the last dose without taking into account the number of doses, such that individuals with boosters are worse off than if they hadn't had the third dose at all.)

This can be confirmed by setting the date for the phone running CoronaCheck Scanner to one more than two weeks after the third dose -- this results in the QR code being accepted.

To Reproduce

  1. Have an EU DCC QR code generated following a third dose.
  2. Scan using CoronaCheck Scanner.
  3. The QR code will be rejected if the third dose was less than 14 days ago.

Expected behavior

The QR code should be accepted, since the second dose was more than two weeks ago. (The date of the second dose isn't itself stored in the QR code, as far as I know, but no member state allows receiving a third dose less than two weeks after the second dose – in most cases it'll be at least 6 months earlier.)

The number of individuals this affects is likely to be small right now, but will grow as more people elsewhere in the EU get boosters.

Smartphone

  • Device: Pixel 3a XL
  • OS: Android 12

Governance

Cyclist animation should not respect Android's "remove animations"

Describe the bug, issue or concern

Honoring the "remove animations" setting within Android Settings is counterproductive

To Reproduce

Steps to reproduce the behavior:

  1. Go to Android Settings
  2. Go to Accessibility
    3 Enable "remove animations"
  3. note: incidentally, this setting may be hidden within Developer Settings as "animation duration scale"
  4. Generate Dutch QR code

Expected behavior

Animated cyclist remains visible so it can serve as a proof of authenticity, even for those normally intolerant toward animations.

Smartphone (please complete the following information):

  • Device: Samsung OneUI 3.1

  • App version 2.1.1

Additional context

People with affected disabilities are at risk of being scapegoated for a perceived attempt to fraud the system. this should not happen.

Governance

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.