EU Digital COVID Certificate Wallet App - Android

Overview

EU Digital COVID Certificate Wallet App - Android

AboutDevelopmentDocumentationSupportContributeContributorsLicensing

About

This repository contains the source code of the EU Digital COVID Certificate Wallet App for Android.

The wallet app provides a user interface to store and manage personal DGCs directly on the phone. DGCs will be imported by scanning a base45-encoded QR code and decoding CBOR to JSON. Afterwards, it is symmetrically encrypted in the app’s sandbox and the symmetric key is stored in the system’s keychain. Multiple DGCs can be stored in the app. Access to the app is controlled via biometric data (e. g., Touch ID or Face ID). The wallet app can display any imported DGC as QR code for scanning and verifying with the verifier app.

Development

Prerequisites

  • TODO: Describe prerequisites

Build

Whether you cloned or downloaded the 'zipped' sources you will either find the sources in the chosen checkout-directory or get a zip file with the source code, which you can expand to a folder of your choice.

In either case open a terminal pointing to the directory you put the sources in. The local build process is described afterwards depending on the way you choose.

XYZ (Maven, Docker ...) based build

  • TODO: Add instructions for different build types

Documentation

  • TODO: Link to documentation

Support and feedback

The following channels are available for discussions, feedback, and support requests:

Type Channel
Issues
Other requests

How to contribute

Contribution and feedback is encouraged and always welcome. For more information about how to contribute, the project structure, as well as additional contribution information, see our Contribution Guidelines. By participating in this project, you agree to abide by its Code of Conduct at all times.

Contributors

Our commitment to open source means that we are enabling -in fact encouraging- all interested parties to contribute and become part of its developer community.

Licensing

Copyright (C) 2021 T-Systems International GmbH and all other contributors

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.

You may obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the LICENSE for the specific language governing permissions and limitations under the License.

Comments
  • [Android wallet app] - transfer a DCC via NFC is not received by the walletapp

    [Android wallet app] - transfer a DCC via NFC is not received by the walletapp

    Describe the bug

    if a DCC is sent from smartphine device A to smartphone device B via NFC, it does not arrive directly in the wallet app on device B. The sent file ends up in the file system of Device B and must first be imported.

    Expected behaviour

    a DCC sent via NFC should be received directly in the WalletApp

    Steps to reproduce the issue

    1. select at device A a DCC and press "share pdf" or "Share image" button
    2. sent the DCC to Device B
    3. the DCC is not received by the walletApp

    Technical details

    WalletApp 1.2.8-tst (41) Xiaomi Mi Note 10 Lite

    bug 2nd Prio - Medium 
    opened by michawol 19
  • [Android-Wallet-App] Certlogic Rule VR-DX-0004 Margin Case  Within One Day after Birthdate Inconsistent with Verifier

    [Android-Wallet-App] Certlogic Rule VR-DX-0004 Margin Case Within One Day after Birthdate Inconsistent with Verifier

    Testdata:

    • Testrule: VR-DX-0004
    • Date of test : 10.05.2022
    • Birthdate of person: 18 years + 1 Day old (Birth Date = 09.05.2022) VAC-Certificate with above Birthdate gets evaluated by Verifier app correctly as "limited" while WalletApp brings a different result than Verifier, namely "valid".

    Expected Behaviour: Both apps must bring the same result (this means, that wallet app should also say "limited")

    bug 3rd Prio - Low 
    opened by RalicaY 18
  • [Android wallet app] - update manually of the revocation state is not possible

    [Android wallet app] - update manually of the revocation state is not possible

    Describe the bug

    if you click the update button for the revocation state, no update is performed, at least the date and time are not updated

    Expected behaviour

    the date and time is updating, after you click the update button

    Steps to reproduce the issue

    1. open walletApp
    2. go to settings
    3. click the update button in the row "update revocation state"

    Technical details

    WalletApp 1.2.8-tst (41) Xiaomi Mi Note 10 Lite

    bug 1st Prio - High 
    opened by michawol 12
  • [Android-Wallet] Revoked Certificates are Evaluated as Valid

    [Android-Wallet] Revoked Certificates are Evaluated as Valid

    Describe the bug

    Revoked certificates get evaluated as valid.

    Expected behaviour

    Revoked certificates get evaluated as invalid.

    Steps to reproduce the issue

    1. Claim a revoked certificate;
    2. Load the certificate;
    3. Click check validity for chosen country and date, while the certificate is revoked;
    4. App says: "Valid certificate".

    Technical details

    Galaxy XCover 4, Android 9, Wallet App Android, Version: 1.2.8-without-tan-request-tst (37)

    Additional context

    For about 1 second while loading the revoked certificate, one sees a red text saying "Revoked !" -- yet the text flashes out as soon as the certificate is loaded. (See attached video).

    https://user-images.githubusercontent.com/76050122/155003670-834dfdd2-4242-4a44-ae1c-599a908b89c0.mp4

    bug 
    opened by RalicaY 11
  • Android - TAN input should be after displaying the values of the certificate

    Android - TAN input should be after displaying the values of the certificate

    ## Describe the bug

    When I scan a QR Code at next step should be displayed the details informations of the certificate. Steps should be like in iOS wallet app. the behaviour on iOS is according to spec, on Android it is not.

    In iOS steps are like this:

    1. scan QR Code
    2. display cert details and SAVE button
    3. tap on SAVE
    4. input TAN
    opened by kerstin-oppermann-tsi 10
  • [Android] For REC Certificates Only the Ones which Are Valid at Least 2 Days After the Day of Travel Are Found During Checkin/Booking

    [Android] For REC Certificates Only the Ones which Are Valid at Least 2 Days After the Day of Travel Are Found During Checkin/Booking

    Describe the bug

    For REC Certificates Only the Ones which Are Valid at Least 2 Days After the Day of Travel Are Found During Checkin/Booking. But Certificates which expire one or two days after the day of travel are not offered by the wallet app although the names match.

    For Example -- travel date is 08. October 2021 and in the wallet app are REC certificates which expire on: A) 08. October 2021; B) 09. October 2021; C) 10. October 2021; D) 11. October 2021; E) 12. October 2021.

    All the data (incl. Name ) are identical in all of the certificates, only the expiry dates differ as shown above. Given a travel date of 08. October 2021, the wallet app matches only certificates D) and E). See attached Video.

    Expected behaviour

    All certificates should be matched because they are all valid with respect to the date of travel.

    Technical details

    Wallet App Version 1.2.3-acc (19) Galaxy XCover 4, Android 9 Booking_08102021

    https://user-images.githubusercontent.com/76050122/136432174-ffd27a01-01e6-4b89-942b-c61dd0a0efd3.mp4

    bug 
    opened by RalicaY 9
  • [Android] - Claiming a QR Code Deletes all previously saved Certificates

    [Android] - Claiming a QR Code Deletes all previously saved Certificates

    Describe the bug

    Upon claiming the following QR Code, all previously saved certificates got deleted.

    The logs are attached. The event happaned around 10:29 o'clock, 15.07.22.

    Initial state: one or more certificates are already claimed and successfully saved on device Step 1: Scan attached Code Step 2: Type in Tan Step 3: Press save -- > the screen "No certificate available is shown" (attached Image)

    Observed Behavior

    After saving all previously saved certificates are deleted and no certificate is saved.

    Additional Info

    Furthermore, once in this state -- no other certificate can be saved any more on the device.

    Expected behaviour

    Certificate is successfully saved additionally to the rest of previously saved certificates.

    Technical details

    Wallet App 1.1.0-tst Galaxy XCover 4, Android 9

    Logs

    logcat.txt

    Liem_Rec_abgelaufen

    Possible Fix

    Additional context

    bug 
    opened by RalicaY 8
  • Cannot find DGCI: URN:UVCI:01DE/....

    Cannot find DGCI: URN:UVCI:01DE/....

    Describe the bug

    Thank you for making an open source application that is avilable on F-Droid.

    I am using version 1.0.7-tst.

    When attempting to add my EU Digital Covid certificate issued in Germany I can scan the code and the application correctly reads the details. However, I get the above error when hitting "save".

    Expected behaviour

    It should be able to add the certificate just fine.

    Is this because of a syncing issue or something else? My certificate was issued a few hours ago.

    bug 
    opened by hsanjuan 8
  • WalletApp crash when manually start the synchronisation

    WalletApp crash when manually start the synchronisation

    Describe the bug

    When manually start the synchronisation, the app will crash

    Steps to reproduce the issue

    1. go to settings
    2. click on "update recovation state"

    image

    Technical details

    • Pixel 3a XL
    • Android 12
    bug 
    opened by michawol 6
  • Library licenses without proprietary dependency

    Library licenses without proprietary dependency

    As part of fixing #50, this removes the dependency on the proprietary Google Licenses activity, and replaces it with a free implementation

    Related to #37

    Please note, this was inspired by https://github.com/mozilla-mobile/fenix/pull/13767/ and as such the LicensesActivity is under the MPL 2.0. I have reached out to the author to ask for a copy of the corresponding file under Apache 2.0, but even if that ends up not being possible it should also be noted that the MPL is compatible with Apache 2.0.

    opened by Wv5twkFEKh54vo4tta9yu7dHa3 6
  • F-Droid release and reproducible builds

    F-Droid release and reproducible builds

    Current Implementation

    App is likely only planned to be released in Google Play Store.

    Suggested Enhancement

    It would be great to see this Android app on F-Droid!

    F-Droid is an Android app store specifically for free/libre open-source apps. It would be great if your app could be released there, as it is the number one for getting FLOSS Android apps for many people. F-Droid also builds all apps from source (optionally even reproducible), so downloads from there can be trusted.

    The app developer FAQ or the quick start guide may help you to get started.

    BTW a release on F-Droid could also bring some (more) popularity (in case that is intended), as it will show up in the app (new apps are featured there).

    Expected Benefits

    The benefits are trust (that the code shown here is the code you deliver), security (as untrusted modification of the code is nearly impossible then and you make an independent analysis possible) an increased user base/alternative installation options combined with an increased robustness by not having a single point of failure (Google Play Store) for app delivery. And also, as said, popularity/marketing if it is visible in the main F-Droid store.

    See also https://github.com/corona-warn-app/cwa-app-android/issues/1483 for the same issue for the German Corona-Warn-App that explains more advantages especially of reproducible builds.

    enhancement 
    opened by rugk 6
  • Wallet-app uses ECB encryption scheme.

    Wallet-app uses ECB encryption scheme.

    Description

    The wallet-app encrypts internal data, the qr code and tan using the keystore. The chosen encryption scheme in class SecurityKeyWrapper and DefaultKeyStoreCryptor is ECB. ECB produces identical encrypted data and is thus not recommended for multi block data. There is also no documentation of the security model this security features is modeled for so its not possible to say if the feature is now faulty. While potentially not a meaningful issues for the presented data its not best practices and might be an issues later if template extend the use case.

    Possible Fix

    Use a more secure encryption scheme in the wallet app.

    Impact

    Wallet-app data storage encryption scheme slightly leaks protected data.

    bug 
    opened by Hendrik-Schmidt-Schierhorn-TSI 0
  • Wallet-app login dialog wrongly claim to biometric even when it is not.

    Wallet-app login dialog wrongly claim to biometric even when it is not.

    Description

    The wallet-app is protected by login dialog. The dialog is depending on the device features protected by biometrics or another device unlock method. However it always wrongly claims to be a biometric login even on phone not supporting biometrics.

    In class AuthFragment ; val prompt = BiometricPrompt.PromptInfo.Builder() .setTitle(getString(R.string.biometric_dialog_title)) .setSubtitle(getString(R.string.biometric_dialog_subtitle))

    Possible Fix

    Always uses these hardcoded values: Biometric login Log in using your biometric credential This security feature wrongly advertises itself and gives a false sense of security.

    Impact

    Wallet-app login suggest biometric level security on non-biometric devices. Recommendation: • Change login screen text and design accordingly on non-biometric devices.

    bug 
    opened by Hendrik-Schmidt-Schierhorn-TSI 0
  • [Android wallet] Fix problem for revokation reload when certificates claimed twice (or more)

    [Android wallet] Fix problem for revokation reload when certificates claimed twice (or more)

    The problem is that when one certificate is claimed more than one time, only the last claimed become to the prior certificate. Means that only for this newest claimed the public keys are can be found in the gateway. So for the older claimed (on other devices or on the same device) the revokation reload function fails with 400 in the API.

    Possible solution should be to ask for the information from the gateway for every single one certificate and not only to get answer for the whole set of certificates.

    @SchulzeStTSI maybe you can explain possible solution here in detail.

    enhancement 
    opened by kerstin-oppermann-tsi 0
  • Use monospaced font for certificate metadata

    Use monospaced font for certificate metadata

    Please consider using a monospaced font for the certificate metadata to make it easier to spot typos committed by the institution issuing the certificate, both in the smartphone apps and on the actual PDFs that are printed out and handed to the person obtaining their certificate.

    Currently the PDF uses the worst possible choice of font for this use case: a) a sans-serif font, which makes it difficult to spot certain typos and spelling mistakes (for example "m" vs "rn"), and b) blue instead of black text, which results in grey text on the printout in practice, which can be poorly rasterized depending on the exact printer configuration.

    In my specific case, the institution issuing the certificate for my booster vaccination spelled my last name as "Emster" instead of "Ernster", and it took me a whole month to notice this. I had double-checked the spelling on the printout but even though I'm the type of person that routinely spots "two spaces instead of one" isses in printed text, hadn't noticed this misspelling. And even though I had wondered why the third certificate showed up in the German "Corona Warn App" as if it had been issued to a different person, I originally attributed this to the fact that the vaccine used for my booster vaccination was not the same as the one used for my initial two vaccinations. I only found the spelling mistake when I checked the certificate's Standardized Name, First Name field in the CWA, since all characters in this field are spelled in upper case.

    You can probably even tell the advantage of monotype fonts for this use case when comparing the two in your browser:

    • "Ernster" vs "Emster"
    • Ernster vs Emster
    opened by hardfalcon 0
  • [iOS Wallet app] - After NFC Export of Certificate to iOS Wallet, there is no Certificate to be found in the iOS Wallet App

    [iOS Wallet app] - After NFC Export of Certificate to iOS Wallet, there is no Certificate to be found in the iOS Wallet App

    When we try to export a DCC Certificate from the Android Wallet App via NFC onto the iOS wallet app, no certificate is seen in the destination app (iOS Wallet) although it says "Fertig". See attached Screenshot.

    Expected behaviour

    The chosen certificate is shown in the wallet app in the iOS device.

    Actual behaviour

    No certificate is to be seen in the iOS wallet App.

    Steps to reproduce the issue

    1. Open a saved certificate in the Android Wallet App;
    2. Turn NFC switch on;
    3. On the iOS device open the wallet App --> NFC Import;
    4. Position the two devices with the back sides against each other until the iOS device shows the screen with text: "Bereit zum Scannen".

    Technical details

    Android Wallet App 1.2.2 acc Galaxy XCover 4, Android 9

    iOS Wallet App 1.2.0.1 iPhone 5s, iOS 12.5.1 NFC_Android_2_iOS

    bug 3rd Prio - Low 
    opened by RalicaY 15
Releases(1.3.1)
Owner
Official GitHub Organization of the EU Digital COVID Certificates (EUDCC) project, previously known as the EU Digital Green Certificates (DGC).
null
A simple covid-19 response application to give users an idea of the severity of their covid-19 status and profer steps to take based on the severity.

COVID-19 Response ?? A simple covid-19 response application to give users an idea of the severity of their covid-19 status and profer steps to take ba

Samson Achiaga 5 Oct 4, 2022
Scp-wallet-android - Lightweight ScPrime wallet for Android

SCP Wallet Android SCP Wallet is lightweight ScPrime wallet for Android. Get sta

Paolo Biglioli 3 Mar 31, 2022
Cosmostation wallet apps are non-custodial tendermint-based wallet that supports Cosmos Network.

Cosmostation wallet apps are non-custodial tendermint-based wallet that supports Cosmos Network.

Cosmostation 44 Dec 21, 2022
Sample crypto wallet for Wallet Link SDK.

DemoWallet This repo is sample app for Wallet Link SDK. WalletLink is an open protocol that lets users connect their mobile wallets to your DApp. With

null 0 Dec 17, 2021
Impact vaccine eu certificate android verifier app

DGCVerifier Android Application This is an application that scans the EU certifi

null 4 Dec 21, 2021
Bundel is a digital wellbeing Android app, helping you to focus by grouping up notifications and only releasing them in batches

Bundel is a digital wellbeing Android app, helping you to focus by grouping up notifications and only releasing them in batches, at set times. This minimises context switching and improves productivity, while decreasing the impulse to continuously check your phone.

Sebastiano Poggi 238 Dec 27, 2022
A digital wellbeing Android app that helps minimise distractions when you don't want them

Bundel is a digital wellbeing Android app, helping you to focus by grouping up notifications and only releasing them in batches, at set times. This minimises context switching and improves productivity, while decreasing the impulse to continuously check your phone.

Code with the Italians 238 Dec 27, 2022
An unofficial companion app for DJI's Digital FPV System.

fpv-dvca An unofficial companion app for DJI's Digital FPV System for Android devices. Plug your Android device into your Googles and watch a live fee

Matthias Urhahn 73 Dec 12, 2022
An android app that displays statistics about covid-19 vaccinations and enables the user to make a dummy appointment.

AndroidApp An android app that displays statistics about covid-19 statistics and enables the user to make a dummy appointment. This a simple android a

Thodoris Kanellopoulos 7 Oct 2, 2022
Tutorial Membuat Aplikasi Pencarian Rumah Sakit Khusus COVID-19 dengan Android Studio

Hospital-Covid-19 Tutorial Membuat Aplikasi Pencarian Rumah Sakit Khusus COVID-19 dengan Android Studio Data ini diambil dari API https://github.com/s

Azhar Rivaldi 7 Aug 23, 2022
COVID-19 Diagnosis at Ease

Cough It COVID-19 Diagnosis at Ease Inspiration As the pandemic has nearly crippled all the nations and still in many countries, people are in lockdow

null 12 Jan 11, 2022
COVID-19 Check-in solution for store using a safe number based on MVVM model.

wave-in-listener English version : README_EN.md wave-in-listener 는 매장에 방문한 고객의 개인안심번호를 음파통신을 이용해 수신할 수 있는 앱입니다. 이 앱은 wave-in-speaker 앱과 함께 사용됩니다. wave

Euphony 14 Jul 25, 2022
COVID-19 Check-in solution using a safe number based on MVVM model.

wave-in-speaker wave-in-speaker는 방문하는 공간에 전자출입명부를 쉽게 남기도록 도와주는 앱이며 특히 코로나 바이러스 감염증(COVID-19) 기간동안 효과적으로 사용가능합니다. 이 앱을 사용하면 QR코드 대신 음파 통신으로 체크인할 수 있습니다

Euphony 15 Oct 15, 2022
Aplikasi Deteksi Dini Covid-19 dengan rekaman batuk yang dikembangkan oleh tim CSD-123 dari Dicoding Academy

Decotuk_app Sebuah Aplikasi Deteksi Dini Covid-19 dengan rekaman batuk yang dikembangkan oleh tim CSD-123 dari Dicoding Academy, Aplikasi ini dibangun

Muhammad Khaidar Rahman 2 Mar 15, 2022
Covid-19 Tracking application

Covid-19 Covid-19 Tracking application An open-source Android COVID-19 tracking app built using core UI components from the Robinhood stock trading ap

null 1 Dec 29, 2021
Covidapp - The COVID-19 crisis and social distancing had a significant impact on our lives

Covid App The COVID-19 crisis and social distancing had a significant impact on

Abhinav 1 Jan 10, 2022
Veyron - Covid 19 analysis using OWID data

veyron Covid 19 & Vaccine history representation by country. The app was designe

Nino Matassa 0 Feb 10, 2022
Covid Tracker - Show Details of Corona virus cases of all affected country

Covid_Tracker Based on MVVM Architecture Show Details of Corona virus cases of a

inderjeet yadav 1 Feb 27, 2022