Corona-Warn-App from SAP and Telekom shortly before launch
After a back-and-forth between a large group of developers and the German government, which was difficult for uninvolved parties to understand, and after a heated public debate on centralized versus decentralized data storage, the German government decided to commission SAP and Telekom to develop the Corona-Warning-App. Fraunhofer Gesellschaft and the Helmholtz Centre CISPA are providing the development team with advice and contributing their experience from the development work of the first project. In mid-June, i.e. in the next few days, the app is to be released by the Robert Koch Institute and will be available for everyone to download.
At least 60 % of the 83 million people in Germany, i.e. around 50 million, must download and use the app to make a decisive contribution to containing the pandemic. This is why the acceptance of the software is so important. And that's why it took so long to make it available. The approach of storing data centrally, which was pursued first, posed the danger that the app could have been used not only to combat the pandemic but also to monitor users by the state. Similar to apps in China, South Korea and Taiwan, for example, which can be used to ask infected citizens to provide photographs of their current surroundings to prove that they are in quarantine in their home. Even such a theoretical possibility was unacceptable.
The Corona-Warn-App (all pictures are screenshots courtesy of SAP) in our country will neither work with the GPS data of the smartphones nor can authorities access personal data. Instead, it records smartphone IDs that the app user has come within 1.5 meters of. The detection is based on Bluetooth Low Energy technology. The operating systems Android from Google and iOS from Apple, with which around 99% of all smartphones worldwide run, will be provided with a jointly and in coordination with SAP and Telekom defined interface for the Corona-Warning-App, so that the app can run in the background with low energy consumption while the user is simultaneously using other applications.
The storage of a smartphone ID encountered on a bus or train, for example, is decentralised and stored on the individual device. Each ID is encrypted and does not allow any conclusion about the owner. The key is changed automatically every 15 minutes. If someone tests positive for the virus and reports this via the app, all app users who have come close enough to the infected person to infect themselves will know. But they don't find out who the infected person is and where they could have been infected. Data protection according to the GDPR has been the godfather of the first line of source code, so to speak. The same applies to the protection of personal freedom of movement, because the GPS is not addressed by the app at all, so it is not possible to create a movement log.
Since the beginning of its work, SAP has been running a series of topics on its news page, Corona-Warning-App, in which many questions are answered in detail by potential developers, but also by the public and potential users. In addition to Answers to Frequently Asked Questions, there is, for example, an explanation of the open source development principles pursued. All source code is open to everyone. For storage and access, as well as for active participation in program development, the GitHub is a public service for managing software projects.
Another article provides detailed information about the technical basics of the Corona Warning App. The reader understands Deutsche Telekom's share in the development, which concerns the cloud service and the connection of all app users, and what kind of functionality the developed app offers.
The most recent article from early June shows examples of what the app will look like for iOS and Android and what has been done to make its use as easy as possible for all conceivable kinds of users. This is the only way to achieve the high number of downloads we are aiming for.
It seems that the German government, although not at the first attempt, after some debates with experts, has commissioned a solution that has what it takes to achieve a high level of acceptance, not only in Germany. It is conceivable that many of the apps already available in other parts of the world, including a number of European countries, will follow this example and adapt their approach. After all, no comparable app is known to date, either in terms of data protection or secure privacy.