How does one know whether the app in playstore is compiled from this very repo + specific commit and not some other fork of it?
Edit: This is not questioning this particular app. A lot of govt are making their tracing app open source [1].
Since making it open source is supposed to increase trust hence the question.
For one: because this would be extra work within a short time frame. The source shows no extension points. Outside small tech circles nobody would have said anything if it were closed, if they have bad intention they could have made it closed.
For second: we can easily see that the app doesn't use GPS or similar, which is a nice indication
For third: Germans overall trust their government to not lie as much as other governments
For forth: Researchers will reverse the app
The only way this thing can work is, if the population trusts it, installs it and keeps their phone on. If the population doesn't trust it, it's doomed. It's in the self-interest of the project to be trustworthy and transparent.
This is not answering the question beyond "it would require some effort to do so". It is not unusual to have a different binary published, than what's in a public repo.
The following points you go on about are mostly irrelevant.
That combined with an Android based on AOSP and trust issues should be reduced (while the bad government can still track you using cell towers and for that app one could still place Bluetooth beacons everywhere and the server's could still store more information (while the only keys transmitted are those of infected, which is quite little) ... so yeah, pick your level of conspiracy
Right, the larger concern is somewhere else. It's in the operating system and if the government were to track everybody they could monitor cell towers. Way harder to detect.
They would most certainly break basic law, but they could, yes. I don't trust my government because of numerous attempts to do so, honestly.
I think the restrictions we see on mobile devices will at some point be the death of reasonable software for mobile. Yes, yes, I can run my own binaries if I jump over X hurdles but I have given up on mobile development years ago. It was zero fun in my opinion.
I have very little basic trust because of several reasons and have nothing to criticize on the development process, but I have no blanket trust for my government because it wasn't involved here besides as financier. The decisions for security measures didn't come from them. If they could get more info from people, they would try. The behavior shows a clear pattern over the last decade and luckily we have controlling institutions that are not as easily swayed.
That said, I never said anything about not using the app. I will certainly try it, although I think we are at a pandemic stage when it doesn't matter that much anymore. Maybe for the next one.
> The decisions for security measures didn't come from them.
This becomes philosophical, but the contract certainly contained security requirements (whether those are "adquante" can be argued) and they certainly required audits, which were done. But yes, the health minister is not an IT security expert, thus details are delegated.
> If they could get more info from people, they would try.
As the French try and Norwegians tried with their central approaches. If they wanted they could have made it closed source (like anything else they did before, thus nothing special) could have done more hand wavy design documents, could have done development away from a public repo with public issue tracker, ...
They (and yes, this was to a notable part driven by the engineers, but supervisees could easily overruled) conciously made it open and transparent.
There is hardly anything more they could have done within that project. (Spying activity by German intelligence/BND, "state trojans" (Quellen-TKÜ), ... etc are serious topics and yes, some "security experts" (i.e. Wolfgang Schäuble) demand mandatory tracking apps, but don't see that as being far from a mainstream oppinion in the government.
I don't dislike our current government but am starved of political opposition. I think this is reasonable in the context of the last decade of German politics.
The reason we got this transparency is the implicit demand for open solutions, not because of generous overlords. You could make tracking mandatory but it would certainly be a huge failure in the end. So they reacted to a demand and I have more where that came from. To repeat, I have no issues how it was handled here. Baby steps...
Ack, I think the many years of "große Koalition" aren't good for democracy and I think it had been better if SPD would have gone into opposition after the last election and see the consequences of minority government roll out ... then we could have a political debate with contradicting points of views etc. instead of long discussions in a Koalitionsausschuss followed by harmony ... but this is not directly related to this specific topic.
(Side note: I'm fresh SPD member and think they get quite a few of their initiatives through, despite the election results they get ... but we need more proper debate in democratic circles ...)
> Germans overall trust their government to not lie as much as other governments
German here. I don't trust my government to not lie (based on past evidence). However, I don't think the government is competent enough to execute this particular type or lie (or even creative enough to come up with it in the first place).
The comment is a general one. Also it is not a criticism, it was a question because lot of govt are making their tracing app open source.
However, since this is a tracing app and being open source would imply "look, our app is clean, check our code if you do not trust us". Off-course making it open source has other benefits too.
> How do you know you can trust instagram/google maps/ any other common app on your phone?
I don't. If I am using it I know that I have no way to validate or enforce what happens with my data.
You not only need to trust the German government but any intermediate all the way to the store. I doubt that Apple or Google build the app from the repo.
To add, there are currently discussions underway in the German parliament to give our secret services (namely the notorious Verfassungsschutz) the power to compromise IT systems (Bundestrojaner). I'd trust even the government not that much these times.
Technically, you are free to implement the Exposure Notification [1] API for your own potentially open-source alternative of Google Play Services, right?
Or why would this currently not be possible?
It is still unbelievable, that the German government paid 20 Million Euro for these apps. Hopefully the request for details about the contracts[1] will be answered by the corresponding gov agency.
Compared to the billions to potentially trillions of euros Germany will be paying for the lockdown and the other EU states this is basically nothing I think.
For a system which interacts with Germany's divers structure of health authorities. Last time I counted there were 374 municipal health authorities, all of them have to be integrated. Also the laboratories and doctors. In addition they set up two calling centers (a technical hotline and a health hotline) and did multiple audits for security and for epidimological sense. And then all of it, frontend and backend, is open source.
For a government project that is cheap! (25cent per citizen)
Are people really bickering about the price of this? Please tell me you're just German developers angry you didn't get this contract.
Because the alternative is that you're terrible at math.
According to[0], the costs of the pandemic for the German economy are from 255 to 729 billion euros. Taking the middle of 500 billion as a best guess, and a quick division will tell us that this app will be worth it if it stops one in every 25,000 infections.
Or, alternatively: this app costs about 0.25€ for every citizen, or about a quarter of one mask. That does not strike me as a terrible deal.
The point here isn't that this is a model for how all government procurement should be run. It is not.
It's that under the specific circumstances, overpaying is completely acceptable if it meant, for example, getting a contract signed a day earlier. Note that situation was obviously far worse when this project started than it is now.
This! The economic damage is largely caused by our response to the infection risk, rather than by the infections themselves. There are numerous countries with enormous economic damage and very few infections, and others with large numbers of infections and relatively less economic damage. They don't seem to be particularly correlated.
Completely OT and just out of curiosity: Is there a point to posting the source as a redirect via Google? Or is it simply the link copied from the search results page?
You're right of course. My point was rather that you cannot simply say it's worth a single effort because the total net benefit of all measures is positive. Thanks for doing the math. Quite interesting result.
Ah, then I may have misunderstood the sentiment. In that case, please excuse the (passive-?)aggressive tone of my post.
And yes, the link is just the result of some hyperactive copy&paste.
I'll now try to enjoy the thought that the Germans are bickering about the price of this on HN. It's sort of a return to normalcy: the luxury of caring about pointless details precisely because the government isn't quite as incompetent as always assumed, at least compared to some others.
The worst case is that this app has negligible impact and even if it did, trying it as a strategy that helps fight Corona is still worth €20m.
Paying students €500 a month as emergency help will cost hundreds of millions and this is a single miniscule effort in a package of several hundred BILLION Euros.
Discussing the cost of this app with the given circumstances is a complete waste of time. It's a literal rounding error in the overall Corona bill for Germany alone.
Germany has done better than most countries, and we need to throw everything at the problem including the kitchen sink. This is noy time for meanongless bickering, its the time to enable folks with a plan and then access them on their merits.
The well of criticism is endless. There are voices arguing that masks are useless, that 'Churchill wouldn't wear one' and that 'social distancing is communism'. Dealing with all of them will result in brain damage.
The Federal Government also sourced PPE for around 900 M € without really distrbuting it. Also, without paying suppliers on time, or at all. So I guess the app is kind of cheap?
There’s also a website, there also was a security audit, there’s a hotline for getting codes when the laboratory can’t get you one. There are two separate apps for Android and iOS. Both the website and the Apps are available in German and English with other languages like Turkish following.
All of that costs a lot of money if you want to bring it to this level of polish.
Up here in DK, 20 million EUR is approximately the price of 200 manyears of labor, with taxes. Assuming everyone is as highly paid as a senior developer/tech lead/managerial position.
The efforts are definitely not free, but the price is entirely disconnected from the service provided. It is just the result of the usual enterprise companies that handle government contracts.
Such grotesque waste of tax-payer money should be made illegal, but the fact that these companies keep getting contracts is unfortunately reinforced by absurd government processes.
To come up with a clean-slate estimate would require quite a bit of work. Instead, we can walk backwards from the data we have to price the actual work. Anything below is just an out-of-my-ass guess based on experience on certain projects, experience with security validation, and what information is easily available.
If we start just with development, we see that the the Github organization has 30 members. Unfortunately, the companies had absolutely horrendous source control and open source workflow practices (e.g. the android app's first commit is 35k lines), so we don't have a good history of all contributors, so for good measure let's double that to get an absurdly large team of 60 developers.
Considering the pandemic, let's say they all started working on the project in January. That means that the cost of the software developers themselves is approx 30 manyears, or 3 million EUR.
Translated the limited content and creating the webpages are not very expensive, but let's allocate a whopping ~100k EUR for that.
We need negotiation, design and security validation as well. Let's give that 5 people, 2 months at 4 times the already expensive senior developer salary. Expensive as hell, for no good reason, apart from to cover absurdities. ~200k EUR.
All these numbers are absurdly high (i.e. room for large errors), and we're "only" at 3.3 million EUR in cost. Need to add some profit margin for the company, but with more data (e.g. actual developers it took, how long they worked) the estimate could probably be pushed much lower.
> there’s a hotline for getting codes when the laboratory can’t get you one
This cannot be overstated and is generally underestimated by developers. Setting up a hotline infrastructure (actually it's two hotlines, one which is more like a helpdesk for customers of the app and one for the lab stuff) and operating it produces significant initial and ongoing cost.
Also they will still have additional ongoing cost for infrastructure (server operation, traffic) and cost for support regarding the still-to-be-performed process of interfacing the lab information systems of the 140-or-so labs in Germany with the Corona App Backend infrastructure (which is necessary to allow for the lab hotline and TAN stuff to become replaced by direct transmission of test results to the user via the app and its backend).
If those operating costs even just for the near/foreseeable future are included in the 20M€, I consider that a fair sum.
What I find far more unbelievable is that countries – at least European countries that through the EU have a common legal framework – did not get together and share the bill for the development of a common open source app. Perhaps each country would have to do some minor local customization, but surely the vast majority of the code could be shared?
I frequently find myself pondering this whenever my government announces yet another contract for (the admittedly decent) IT services for interacting with state entities.
In any big organization, the more you try to "share", the more bureaucracy is involved, because you have to get people to agree. You can hardly get agreement on how things should be done in a company, let alone in the EU.
In any big organization, it's better to ask for forgiveness than for permission, meaning that it's better to build it first, prove that it works and then seek to establish it as a standard, than vice versa. And if there are multiple competing proposals, then competition is healthy.
Do all countries have the same commitment to privacy? No. Are all countries willing to work within the limitations imposed by Apple/Google? No. Disagreement is natural and it would be pretty stupid for everyone to stand still until an agreement is reached.
Besides, 20 million euro for a country like Germany is peanuts. All EU countries have spent far more than that during the lockdown.
But in my understanding the backend of the german app is generic, since it only receives random IDs from the mobile apps and assembles a list of them to download again.
I think they wouldn't be able to agree wrt even the most basic data privacy questions.
It would actually be quite interesting to compare the different apps and their philosophies (privacy, security, centralization vs. decentralization, open vs. closed source, source code..).
I am actually curious, because on the other hand you would have all the constraints like development in less than 3 months, need for the app to be waterproof in a legal sense (data protection), additional backend development and also development for both iOS and Android.
According to the git log the overall development time was round about 6 weeks. Including some holidays in between, we're looking roughly at 1 Million Euro per development day!
Really? Maybe I'm just too jaded but I feel like 20 million is not a particularly crazy amount for a government project, especially one that is this important and had to be developed under this much time pressure.
20m€ are peanuts for this. These government contracts normally takes ages, explode in cost and never really work in the end. I'm glad to see that we have experts in germany that can in just 6 weeks develop such an app for just 20m€. I don't get why people think it's too much. It sounds large but we're not talking about your everyday startup here, that is half-assing their product for 2 years and have tons of bugs in it. This app seems solid and usable for 80m people
I suspect that you don't have the slightest clue about the effort that has gone into it. This morning, Timotheus Höttges talked a little about that. [1]
Sooner or later there will probably come auto-translated captions.
For comparison, the Italian version was donated to the government by the developer, Bending Spoon. They are not small, but I really don't think they would have been able to donate 20M€ of effort.
To be fair the backend, while developed by Bending Spoon, is operated by the government, while the 20M€ from the German government might also include operation? But still
I have to say the main reason I did not install my country's (Norway) corona-tracing-app is that they said it could not be made safe if the source code was public. Nice to see other countries do the right thing.
> Does your government have much of an open source culture?
I'd say no, but it's a bit surprising, because it does have a pretty decent open data culture. The weather [1] and mapping [2] data services are world-class, for example.
Even though it is getting better, I would argue Norway still has a pretty bad open data culture. As far as I know Kartverket has only released the N50 with the more detailed N5 data still not being available to the public. The biggest pain points for me is the fact that marine depth data of a certain resolution is classified information [1] and they still wont release nautical maps for free.
I am hoping the open trend will continue because the Norwegian government sits on some really high quality data that could see a lot of interesting uses.
Norway botched the contact tracing app completely, certainly politically and maybe technically.
Centralized storage of GPS & bluetooth data and refusal to open-source (which is a tacit acknowledgement of insufficient confidence in security -- of the personal movements of the whole population, no less). Statements from researchers involved in the technical development that citizens have a responsibility to give up their personal information. Poor debate and communication regarding the choice of centralized tracing.
Then followed up with painfully weak statements from politicians and researchers that this is a truly exceptional one-time-only transgression of privacy, which will be rolled back permanently on a specified date and never be construed as precedence for similar actions in the future.
FHI, responsible for the app deployment (the Norwegian version of the CDC), has previously betrayed the trust of the public by refusing to destroy DNA samples of exonerated suspects and witnesses. Skepticism towards their ethics and degree of principled data management is highly justified.
Digital contract tracing seems dubious anyway, but thankfully we're in a position at the moment where it is definitely unnecessary. Might be relavant in a few months though.
> Does your government have much of an open source culture?
I would say no. Some years ago (2012) I was somewhat hopeful. I attended a conference hosted by "Friprog senteret" (Free software center) called GoOpen. "Fripro senteret" was a small but very effective organization that got great publicity (the crown prince held a speech together with the Wikipedia founder etc.), and in general open source and open standards seemed to something people cared about, at least when informed about problems of lock-in etc.
A few years later (2014) Friprog-senteret was de-funded, and it just seems like the whole society drifted towards convenience over privacy/ethics etc.
How is outsourcing the development of an app the "definition of soft corruption"?! Would you prefer the government spent a few years to train up their own app developers before they build the app?
FWIW, the German app was largely built by SAP too.
Ouch, that in itself does not sound very convincing.
Only experience I've had with SAP is when an earlier employer of mine bought SAP and after 6 months the login still did not work. SAP had to bring some Windows PC's of their own for us to login on, which were "setup correctly".
If the public app and API works as-designed, then there is simply no information made available to be uploaded that could be personally identifying. So what the server is doing, in a way, doesn't matter.
edit: The risk would be breaking into the backend and spamming exposure notifications. In that case, just take down the server and restore from backup.
If you can see what data is leaving your phone, and you don't trust the author, then I don't see what difference the server side code being OS makes...?
There's not really anything they can do to comprehensively prove what they do with the data after it has been received.
To add to this, Norway has had to stop it's data collection and delete existing data because the agency in charge of data protection ruled that it's excessive.
Yes, it does work without an permanent internet connection. The whole point of this app is to be decentralized. No data is uploaded unless you share your sent tokens if you are infected. This requires an approval from the health departments to prevent abuse. The apps download the tokens of infected persons and check if they had contact locally on the device.
I installed 2 of the ones using the Exposure Notification API, just to check what happens in this circumstance (the german app is implemented differently, though) and Android allows access to it to only one app at a time. You can choose/enable/disable manually which app you want to grant access to the api.
The more interesting part is that security audits for the frontend did find multiple high risk security issues in the app, which have been fixed by the developers.
But the organisation was not allowed to make a security audit of the backend. I mean the most critical part security wise was not allowed to be verified. This does not feel good.
I'm a hopeless optimist and romantic when it comes to software, and I really would have liked to see the covid app being done in some way that built confidence and inspired hope and optimism. My vision was that it could have been more like open source Eurovision where developers that participate had the chance to introduce themselves to the public, and some of the development and design could have been screen cast to us unfortunate souls trapped in our homes for months for some entertainment value and inspiration for budding developers. But eh, instead we get something good, something bad, but much of the same old same old, and in the end, I'm staying as far as I can from these apps as a result. Sad, there was a chance to do something amazing.
Covid has been curtailed without the need for these apps (in all the places that opened up). Why do people insist on pushing them to people? There is no evidence they work, even when with months of testing. No matter how anonymized you try to make them, the authorities and evil state actors will find ways to abuse the data -- it's like a law of nature now that all data will be abused.
E.g. in case of a bombing or riots, the police can arrest bystanders and use phones to tell who was standing next to whom.
Pushing these for security theater has long term bad consequences. I was hoping people would know that after the 1000th repetition but alas, people are incorrigible
> Covid has been curtailed mainly with extremely expensive lockdowns.
Citation needed. We don't know conclusively what curtailed it in places where it has been curtailed, since there were many different control approaches occurring at the same time.
There are also several countries where lockdown effectively ended weeks or months ago, and spread is not occurring despite a lack of widespread use of these apps, not to mention a variety of approaches to lockdown itself with no obvious correlation between strictness of the approach and mortality/infection stats.
While everyone is looking at the code or press releases, only very few seem to research about how Bluetooth distance measurement works and if it's reliable enough with thousand of different smartphones out there having different chips and antenna characteristics.
The app may be great but the design simply seems not to work as expected.
111 comments
[ 2.8 ms ] story [ 161 ms ] threadEdit: This is not questioning this particular app. A lot of govt are making their tracing app open source [1]. Since making it open source is supposed to increase trust hence the question.
[1] India app: https://github.com/nic-delhi/AarogyaSetu_Android
For second: we can easily see that the app doesn't use GPS or similar, which is a nice indication
For third: Germans overall trust their government to not lie as much as other governments
For forth: Researchers will reverse the app
The only way this thing can work is, if the population trusts it, installs it and keeps their phone on. If the population doesn't trust it, it's doomed. It's in the self-interest of the project to be trustworthy and transparent.
If you understand German you might enjoy this podcast with two of the developers: https://ukw.fm/ukw030-die-corona-warn-app/
The following points you go on about are mostly irrelevant.
That combined with an Android based on AOSP and trust issues should be reduced (while the bad government can still track you using cell towers and for that app one could still place Bluetooth beacons everywhere and the server's could still store more information (while the only keys transmitted are those of infected, which is quite little) ... so yeah, pick your level of conspiracy
Trust is good, control is better. But in this case the fault is certainly with shitty app stores and mobile OS.
I think the restrictions we see on mobile devices will at some point be the death of reasonable software for mobile. Yes, yes, I can run my own binaries if I jump over X hurdles but I have given up on mobile development years ago. It was zero fun in my opinion.
For the ones with basic trust, they do a lot. Way more than most others. (Just look at the transparent dev process, the depth of documentation etc.)
That said, I never said anything about not using the app. I will certainly try it, although I think we are at a pandemic stage when it doesn't matter that much anymore. Maybe for the next one.
This becomes philosophical, but the contract certainly contained security requirements (whether those are "adquante" can be argued) and they certainly required audits, which were done. But yes, the health minister is not an IT security expert, thus details are delegated.
> If they could get more info from people, they would try.
As the French try and Norwegians tried with their central approaches. If they wanted they could have made it closed source (like anything else they did before, thus nothing special) could have done more hand wavy design documents, could have done development away from a public repo with public issue tracker, ...
They (and yes, this was to a notable part driven by the engineers, but supervisees could easily overruled) conciously made it open and transparent.
There is hardly anything more they could have done within that project. (Spying activity by German intelligence/BND, "state trojans" (Quellen-TKÜ), ... etc are serious topics and yes, some "security experts" (i.e. Wolfgang Schäuble) demand mandatory tracking apps, but don't see that as being far from a mainstream oppinion in the government.
The reason we got this transparency is the implicit demand for open solutions, not because of generous overlords. You could make tracking mandatory but it would certainly be a huge failure in the end. So they reacted to a demand and I have more where that came from. To repeat, I have no issues how it was handled here. Baby steps...
German here. I don't trust my government to not lie (based on past evidence). However, I don't think the government is competent enough to execute this particular type or lie (or even creative enough to come up with it in the first place).
How do you know you can trust instagram/google maps/ any other common app on your phone?
I would trust German government way more than i trust just about any corporate entity I can think of.
However, since this is a tracing app and being open source would imply "look, our app is clean, check our code if you do not trust us". Off-course making it open source has other benefits too.
> How do you know you can trust instagram/google maps/ any other common app on your phone?
I don't. If I am using it I know that I have no way to validate or enforce what happens with my data.
To add, there are currently discussions underway in the German parliament to give our secret services (namely the notorious Verfassungsschutz) the power to compromise IT systems (Bundestrojaner). I'd trust even the government not that much these times.
As for conpromising IT systems, arent they just going to bw on a level playing field with NSA and others?
[1] https://en.wikipedia.org/wiki/Exposure_Notification
Edit: and also see https://github.com/theScrabi/CoraLibre-android-sdk/
https://play.google.com/store/apps/details?id=de.rki.coronaw...
[1]: https://fragdenstaat.de/anfrage/kostenaufstellung-der-corona...
For a government project that is cheap! (25cent per citizen)
Edit: source for the 374 is the table on https://de.m.wikipedia.org/wiki/Gesundheitsamt
Because the alternative is that you're terrible at math.
According to[0], the costs of the pandemic for the German economy are from 255 to 729 billion euros. Taking the middle of 500 billion as a best guess, and a quick division will tell us that this app will be worth it if it stops one in every 25,000 infections.
Or, alternatively: this app costs about 0.25€ for every citizen, or about a quarter of one mask. That does not strike me as a terrible deal.
The point here isn't that this is a model for how all government procurement should be run. It is not.
It's that under the specific circumstances, overpaying is completely acceptable if it meant, for example, getting a contract signed a day earlier. Note that situation was obviously far worse when this project started than it is now.
[0]: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&c...
And yes, the link is just the result of some hyperactive copy&paste.
I'll now try to enjoy the thought that the Germans are bickering about the price of this on HN. It's sort of a return to normalcy: the luxury of caring about pointless details precisely because the government isn't quite as incompetent as always assumed, at least compared to some others.
Paying students €500 a month as emergency help will cost hundreds of millions and this is a single miniscule effort in a package of several hundred BILLION Euros.
Discussing the cost of this app with the given circumstances is a complete waste of time. It's a literal rounding error in the overall Corona bill for Germany alone.
The well of criticism is endless. There are voices arguing that masks are useless, that 'Churchill wouldn't wear one' and that 'social distancing is communism'. Dealing with all of them will result in brain damage.
Edit: 600 million, source: https://www.spiegel.de/politik/deutschland/corona-krise-jens...
All of that costs a lot of money if you want to bring it to this level of polish.
The efforts are definitely not free, but the price is entirely disconnected from the service provided. It is just the result of the usual enterprise companies that handle government contracts.
Such grotesque waste of tax-payer money should be made illegal, but the fact that these companies keep getting contracts is unfortunately reinforced by absurd government processes.
If we start just with development, we see that the the Github organization has 30 members. Unfortunately, the companies had absolutely horrendous source control and open source workflow practices (e.g. the android app's first commit is 35k lines), so we don't have a good history of all contributors, so for good measure let's double that to get an absurdly large team of 60 developers.
Considering the pandemic, let's say they all started working on the project in January. That means that the cost of the software developers themselves is approx 30 manyears, or 3 million EUR.
Translated the limited content and creating the webpages are not very expensive, but let's allocate a whopping ~100k EUR for that.
We need negotiation, design and security validation as well. Let's give that 5 people, 2 months at 4 times the already expensive senior developer salary. Expensive as hell, for no good reason, apart from to cover absurdities. ~200k EUR.
All these numbers are absurdly high (i.e. room for large errors), and we're "only" at 3.3 million EUR in cost. Need to add some profit margin for the company, but with more data (e.g. actual developers it took, how long they worked) the estimate could probably be pushed much lower.
This cannot be overstated and is generally underestimated by developers. Setting up a hotline infrastructure (actually it's two hotlines, one which is more like a helpdesk for customers of the app and one for the lab stuff) and operating it produces significant initial and ongoing cost.
Also they will still have additional ongoing cost for infrastructure (server operation, traffic) and cost for support regarding the still-to-be-performed process of interfacing the lab information systems of the 140-or-so labs in Germany with the Corona App Backend infrastructure (which is necessary to allow for the lab hotline and TAN stuff to become replaced by direct transmission of test results to the user via the app and its backend).
If those operating costs even just for the near/foreseeable future are included in the 20M€, I consider that a fair sum.
Depending on how realistically they did that, that can be costly.
If this system stays up on its first day of use, 20 million might be worth it.
I frequently find myself pondering this whenever my government announces yet another contract for (the admittedly decent) IT services for interacting with state entities.
In any big organization, it's better to ask for forgiveness than for permission, meaning that it's better to build it first, prove that it works and then seek to establish it as a standard, than vice versa. And if there are multiple competing proposals, then competition is healthy.
Do all countries have the same commitment to privacy? No. Are all countries willing to work within the limitations imposed by Apple/Google? No. Disagreement is natural and it would be pretty stupid for everyone to stand still until an agreement is reached.
Besides, 20 million euro for a country like Germany is peanuts. All EU countries have spent far more than that during the lockdown.
Also, the app would have to be translated in many more languages. If you don’t want that to increase time to market, it will cost a lot of money.
It would actually be quite interesting to compare the different apps and their philosophies (privacy, security, centralization vs. decentralization, open vs. closed source, source code..).
I am actually curious, because on the other hand you would have all the constraints like development in less than 3 months, need for the app to be waterproof in a legal sense (data protection), additional backend development and also development for both iOS and Android.
maybe they can build a toy version, like everyone else.
Sooner or later there will probably come auto-translated captions.
[1] https://www.youtube.com/watch?v=GDnaNMGbXnw&t=1667
To be fair the backend, while developed by Bending Spoon, is operated by the government, while the 20M€ from the German government might also include operation? But still
https://github.com/alphagov https://github.com/hmrc https://github.com/UKHomeOffice
I'd say no, but it's a bit surprising, because it does have a pretty decent open data culture. The weather [1] and mapping [2] data services are world-class, for example.
[1] https://hjelp.yr.no/hc/en-us/articles/360009342833-XML-weath...
[2] https://kartverket.no/en/data/Open-and-Free-geospatial-data-...
I am hoping the open trend will continue because the Norwegian government sits on some really high quality data that could see a lot of interesting uses.
[1] https://www.kartverket.no/en/data/bathymetric-data-and-DTM-o...
Centralized storage of GPS & bluetooth data and refusal to open-source (which is a tacit acknowledgement of insufficient confidence in security -- of the personal movements of the whole population, no less). Statements from researchers involved in the technical development that citizens have a responsibility to give up their personal information. Poor debate and communication regarding the choice of centralized tracing.
Then followed up with painfully weak statements from politicians and researchers that this is a truly exceptional one-time-only transgression of privacy, which will be rolled back permanently on a specified date and never be construed as precedence for similar actions in the future.
FHI, responsible for the app deployment (the Norwegian version of the CDC), has previously betrayed the trust of the public by refusing to destroy DNA samples of exonerated suspects and witnesses. Skepticism towards their ethics and degree of principled data management is highly justified.
Digital contract tracing seems dubious anyway, but thankfully we're in a position at the moment where it is definitely unnecessary. Might be relavant in a few months though.
I would say no. Some years ago (2012) I was somewhat hopeful. I attended a conference hosted by "Friprog senteret" (Free software center) called GoOpen. "Fripro senteret" was a small but very effective organization that got great publicity (the crown prince held a speech together with the Wikipedia founder etc.), and in general open source and open standards seemed to something people cared about, at least when informed about problems of lock-in etc.
A few years later (2014) Friprog-senteret was de-funded, and it just seems like the whole society drifted towards convenience over privacy/ethics etc.
The definition of soft corruption -- very angry with our government. A text book example of an app/software that should absolutely be open source.
FWIW, the German app was largely built by SAP too.
Because the app is clearly in the public interest. Funded by public money and simply cannot be reliably secure without being open source.
This is just some guys in gov getting kickbacks by awarding the contract to their mates.
Ouch, that in itself does not sound very convincing.
Only experience I've had with SAP is when an earlier employer of mine bought SAP and after 6 months the login still did not work. SAP had to bring some Windows PC's of their own for us to login on, which were "setup correctly".
The UK made their app public https://github.com/nhsx/COVID-19-app-iOS-BETA But app only, none of the server-side projects. Germany and Italy https://github.com/immuni-app also made public some of their server-side components.
So there is no chance I will install the UK app as I have no idea what they will do with the data.
Obviously we cannot be sure the open sourced code is what their servers (and even app) actually runs but it gives more confidence.
edit: The risk would be breaking into the backend and spamming exposure notifications. In that case, just take down the server and restore from backup.
There's not really anything they can do to comprehensively prove what they do with the data after it has been received.
What are your concerns with the data it sends?
I agree, certainly the server-side part of the project must be open for this to make sense.
Amnesty did a review of tracing apps and listed Norway as one of the worst for privacy: https://www.amnesty.org/en/latest/news/2020/06/bahrain-kuwai...
[1] https://gitlab.inria.fr/stopcovid19
Here is the protocol it is based on.
If YOU are infected you will need to consent to your local list of met IDs to be uploaded, so others in your list can be notified.
It's not every country, but we're slowing moving there. :)
https://github.com/nic-delhi/AarogyaSetu_Android
But the organisation was not allowed to make a security audit of the backend. I mean the most critical part security wise was not allowed to be verified. This does not feel good.
E.g. in case of a bombing or riots, the police can arrest bystanders and use phones to tell who was standing next to whom.
Pushing these for security theater has long term bad consequences. I was hoping people would know that after the 1000th repetition but alas, people are incorrigible
https://www.nbcnews.com/tech/tech-news/coronavirus-contact-t...
https://www.wired.co.uk/article/contact-tracing-app-isle-of-...
The purpose of the apps is to control the spread going forward, without lockdown.
Citation needed. We don't know conclusively what curtailed it in places where it has been curtailed, since there were many different control approaches occurring at the same time.
There are also several countries where lockdown effectively ended weeks or months ago, and spread is not occurring despite a lack of widespread use of these apps, not to mention a variety of approaches to lockdown itself with no obvious correlation between strictness of the approach and mortality/infection stats.
The app may be great but the design simply seems not to work as expected.
Or just change the title to how it's documented on the site? "Corona-Warn-App: The official COVID-19 exposure notification app for Germany"