Describe the bug

In the WalletApp it is not clear which timezone is shown

Expected behaviour

In the Test-QR-code should be clearly shown that it is the UTC-timezone as it is in the ios-version.

Steps to reproduce the issue

1. create Testcertificate with location time-zone (for example 8:00 AM german time) as seen on screenshot:
   

2. Open WalletApp

3. Scan the created test-certificate with location time-zone (for example 8:00 AM german time)

4. insert valid tan

5. see test certificate
   

6. you find a different timezone without a hint

Technical details

• Host Machine OS (Windows/Linux/Mac):

Possible Fix

add the hint (UTC) the Date of collection and Date of Test Result

Additional context

Hi all, big thanks to all for making this project open-source.

Slovakia e.g. declares to have functionality that allows wallet app to share/display QR codes with 'anonymized' data (my guess is that the QR e.g. does not contain a person's name or date of birth).

I am interested only in the technical point of view of this question - so do you know about ways how this could be accomplished, please?

I checked the default JSON schema, where "nam" (person's surname and given name) and "dob" are required.

So I think the only way, how this could be accomplished, is that issuer would always issue 2 kinds/2 versions of certificates for a single test, single vaccination, or single recovery "event":

• one anonymized where the personal data fields would be just placeholders / containing dummy values to pass JSONSchema validation step
• and the second, with original personal data

I see no point, in a solution where the wallet removes personal data (like 'tampering certificate'), as the signature for the verifier would become invalid.

Could you suggest other ideas (if any) / or tell me if I am wrong somewhere with the solution above, please?

I am not a representative, nor a member of any official working group - so I do not want to waste the time of any of you if you are currently under pressure.

Thanks.

Describe the bug

Thank you for making an open source application that is avilable on F-Droid.

I am using version 1.0.7-tst.

When attempting to add my EU Digital Covid certificate issued in Germany I can scan the code and the application correctly reads the details. However, I get the above error when hitting "save".

Expected behaviour

It should be able to add the certificate just fine.

Is this because of a syncing issue or something else? My certificate was issued a few hours ago.

When validating a booking code against certificate the injured rule should be displayed when status NOK.

Actual behaviour:
Validating this 1/2 vaccination certificate against DEV-TEST validation service (https://4b49927aadc0653d.dcc-validation.eu/) the new fixed behaviour shows the correct NOK (red) status in the wallet app but it does not show the injured rule.

Expected behaviour:
Please add the injured rule like it is in iOS:

!Please note the acc and test validation service has the old behaviour and the status is app i shown as OPEN (yellow icon). So you have to check and test against DEV-TEST validation service

Describe the bug

The 1.0.8-RC-1 build for acc was used for scanning QR codes from the dcc-quality-assurance repository. For example:

• https://github.com/eu-digital-green-certificates/dcc-quality-assurance/tree/main/LV/1.3.0

After the scan a screen requests a TAN code. No matter what it is entered in this field the user gets navigated in the next screen where all the details of the QRCode are displayed.

Expected behaviour

Since we are not in the position to provide the TAN code related to the QR code in question we should not have access to its details.

Steps to reproduce the issue

1. Download the latest build of the app for acceptance https://github.com/eu-digital-green-certificates/dgca-wallet-app-android/releases/tag/1.0.8-RC-1
2. Install the app and scan a QR code from:
   • https://github.com/eu-digital-green-certificates/dcc-quality-assurance/tree/main/LV/1.3.0
3. Enter a random TAN code and select next
4. The details of the QR code are displayed

Technical details

• Android. Pixel 2

Possible Fix

Should we prevent this?

Additional context

N/A

• The request is to have expired certificates automatically purged from the Wallet.

• Display the Expiry Date on the main screen that shows all loaded certificates as to ensure the holder is aware of when the specific certificate expires.

• It also has the benefit of not holding this information (even for spouse or dependents, parents, etc.) once they expire, and thus no longer useful. This is a security consideration.

Your Question

in User Story 2: Import Green Certificate in the Wallet App, is a second optionally way to import the cerificate by a deep link which was sended by SMS or email.

Optionally you can use a deep link instead of a 2D Code to initiate the certificate import in the
wallet app. The deep link can look like:
dgc://example.authority.com?token=ey… & [publickey]
In this case the token is received with the link, and the public key must be replaced by the key
of the new generated key pair of the certificate container in the wallet app. The deep link can
be delivered by SMS, Email or by presenting another 2D Code for scan.

You find it in specification: https://ec.europa.eu/health/sites/default/files/ehealth/docs/digital-green-certificates_v4_en.pdf on page 12

• Question: When will it be implemented?

Describe the bug

A valid test certificate is created with the selected valid values “Rapid immunoassay” for “Type of Test” and “Roche (SD BIOSENSOR), SARS-CoV-2 Rapid Antigen Test” for “RAT Test name and manufacturer”. Certificate is claimed and saved in the Android WalletApp. The test result is not detected.

• This certificate will be then checked on its validity for DE within the WalletApp.
• It is now expected that the WalletApp would show green as a final result and all of the BR for DE are passed.
  But instead of this,
  o it shows the messegae “Certificate has limitation” and
  o The check for the BR “Der Antigen-Test muss in der Liste ‘Common list of rapid antigen tests’ der EU enthalten sein” is left open and
  o “LP217198-3” is showed as the value for “Type of Test” and
  o “1333” is showed as the value for ““RAT Test name and manufacturer”.

Technical details

Android Wallet App 1.1.0-tst

Possible Fix

Additional context

The same behaviour was observed with Android Verifier App 1.1.6-RC1

Wallet App 1.2.4-acc (20)
Samsung S20+

actual result
Pressing CANCEL button does not work

expected result
Pressing CANCEL button should result in going back to last screen (or to main menu)

@Hendrik-Schmidt-Schierhorn-TSI what do you think?

In iOS is the same issue.

The field Date of test result is not used anymore since schema 1.3.0 and should be removed from all app screens because it is always empty.

Android Wallet App 1.2.4.-acc (20)
Samsung S20+

For the user Anna Tester (ANN TESTER) I have 3 certificates (VAC, REC, TEST) All certificates include the same name and birthday.
But in the selection list for booking validation the TEST certificate is never displayed.

When we try to export a DCC Certificate from the Android Wallet App via NFC onto the iOS wallet app, no certificate is seen in the destination app (iOS Wallet) although it says "Fertig". See attached Screenshot.

Expected behaviour

The chosen certificate is shown in the wallet app in the iOS device.

Actual behaviour

No certificate is to be seen in the iOS wallet App.

Steps to reproduce the issue

1. Open a saved certificate in the Android Wallet App;
2. Turn NFC switch on;
3. On the iOS device open the wallet App --> NFC Import;
4. Position the two devices with the back sides against each other until the iOS device shows the screen with text: "Bereit zum Scannen".

Technical details

Android Wallet App 1.2.2 acc
Galaxy XCover 4, Android 9

iOS Wallet App 1.2.0.1
iPhone 5s, iOS 12.5.1

Your Question

• Source File: DefaultKeyStoreCryptor.kt
• Line(s): 62-97 fun getSecurityKeyWrapper
• Question:
  In fun getSecurityKeyWrapper the keyStore is first queried for a certain key pair. If it is found, it is wrapped in a
  SecurityKeyWrapper and returned. Otherwise, a new key pair is generated and also returned. But why is this new key pair
  not saved in the keyStore (for later retrieval)?

Describe the bug

Yesterday you've released v1.0.1 – versionCode of the APK is still set to 1 like with v1.0.0, so Android won't recognize it as an update.

Expected behaviour

versionCode was increased since the last release – no matter how much as long as it's "bigger".

Steps to reproduce the issue

$ aapt d badging app-release-signed.apk | grep versionCode
package: name='dgca.wallet.app.android' versionCode='1' versionName='1.0.0' compileSdkVersion='29' compileSdkVersionCodename='10'

You see it even identifies as v1.0.0.

Thanks for fixing 😃

Hi,

I just scanned my certificate and the app is asking a TAN Code. I have no idea what it is or what does TAN stand for. It's been supposedly sent to me via e-mail or else, but how (I mean, who has my contact info) and by who is this code supposed to be sent?

I scanned the QR Code (the EU one, not the French 2D-DOC) provided on paper in France by our health insurance system.

Thanks for any info on the matter.

Wallet App version 1.0.7-acc and 1.0.7-tst
OS: Android 11

Describe the bug

Upon claiming the following QR Code, all previously saved certificates got deleted.

The logs are attached. The event happaned around 10:29 o'clock, 15.07.22.

Initial state: one or more certificates are already claimed and successfully saved on device
Step 1: Scan attached Code
Step 2: Type in Tan
Step 3: Press save -- > the screen "No certificate available is shown" (attached Image)

Observed Behavior

After saving all previously saved certificates are deleted and no certificate is saved.

Additional Info

Furthermore, once in this state -- no other certificate can be saved any more on the device.

Expected behaviour

Certificate is successfully saved additionally to the rest of previously saved certificates.

Technical details

Wallet App 1.1.0-tst
Galaxy XCover 4, Android 9

Logs

logcat.txt

Possible Fix

Additional context

Scan a QR Code
Enter TAN

Click the Arrow to get into the QR Code
Click on the 3 dots to access the Menu for
Details and Delete options are White Font on White Background.

Please can this be fixed

Best Regards
Panayiotis Savva

Describe the bug

Field "Test Result" in Certificate of type TEST conatins a seemingly random 9-digit number.

Expected behaviour

The field "Test Result" in Certificate of type TEST should contain the value "DETECTED/UNDETECTED".

Steps to reproduce the issue

1. Scan a certificate of type TEST

Technical details

Galaxy XCover 4, Modellnummer: SM-G390F

Possible Fix

Additional context

Implement the usage of the dynamic context content. The claimDomains should be used for claiming.

[
{
"co":"DE",
"claimDomain":"http://ibm.blabala.de"
"pubKey":"MIIj234ksedfioweikseipo234jk234jksdfklsdfjksdfjklsdfsdjfsdfj"
},
{
"co":"ES",
"claimDomain":"http://ibm.blabala.de"
"pubKey":"MIIj234ksedfioweikseipo234jk234jksdfklsdfjksdfjklsdfsdjfsdfj"
}
]

Expected Benefits

• Easier to select the certificate you want, in case you have multiple tests
• Not intuitive to remember the day you scanned a certificate but rather the day you did the test/ vaccine

Current Implementation

Suggested Enhancement

Auto update QR code

• Source File:
• Line(s):
• Question:for French tousanticovid Android app, English language, Wallet, should existing QR codes for vaccination be updated automatically to the eu digital QR codes? This is not happening for my group.

There wer problems reported, that the claiming of a certificate has some errors:

a) If somebody tries to import a certificate and the TAN is not inserted (or canceled), the certificate is imported in the app
b) The new generated TAN is not visible after a valid import
c) Deletion of a certificate ?

Can you please evaluate this reports to crosscheck if there is any bug or a missing functionality:) Thanks:)

Describe the bug

For REC Certificates Only the Ones which Are Valid at Least 2 Days After the Day of Travel Are Found During Checkin/Booking. But Certificates which expire one or two days after the day of travel are not offered by the wallet app although the names match.

For Example -- travel date is 08. October 2021 and in the wallet app are REC certificates which expire on:
A) 08. October 2021;
B) 09. October 2021;
C) 10. October 2021;
D) 11. October 2021;
E) 12. October 2021.

All the data (incl. Name ) are identical in all of the certificates, only the expiry dates differ as shown above. Given a travel date of 08. October 2021, the wallet app matches only certificates D) and E). See attached Video.

Expected behaviour

All certificates should be matched because they are all valid with respect to the date of travel.

Technical details

Wallet App Version 1.2.3-acc (19)
Galaxy XCover 4, Android 9

Android wallet app 1.1.6.rc1 - tst
Samsung S20plus
Android 11

When trying to upload image from gallery I always get an error "Error importing file"

Feature description

• Scan QR code
• Decode information

Describe the bug

There is no option to select the country when scanning a certificate. Once claimed, the validity can be checked only for Belgium as it is fixed as the destination country.

Technical details

Wallet App 1.1.0-tst
Galaxy XCover 4, Android 9

Possible Fix

Additional context

Describe the bug

If a wrong or incomplete TAN is entered when claiming the certifacte, no error message is shown and it seems like the Certificate was claimed.

Then, when I try to save it again a "Bad request" is shown.

The same behaviour was observed when using a TAN twice or trying to save a certificate with a TAN which belongs to a different certificate.

Video is attached.

Technical details

Android Wallet App 1.0.8-tst
Galaxy XCover 4, Android 9

Possible Fix

Additional context

Actual:
for all certificates is displayed: "share the vaccination certificate 2 ..." seems to be hard coded

Expected:
The correct certificate naming should be displayed

vaccination certificate 1 of 2
vaccination certificate 2 of 2
test certificate (or test result certificate - if this is easier)
recovery certificate

Build fails with

e: /src/dgca-wallet-app-android/app/src/main/java/dgca/wallet/app/android/di/DecoderModule.kt: (90, 75): No value passed for parameter 'x509'

## Describe the bug

When I scan a QR Code at next step should be displayed the details informations of the certificate.
Steps should be like in iOS wallet app. the behaviour on iOS is according to spec, on Android it is not.

In iOS steps are like this:

1. scan QR Code
2. display cert details and SAVE button
3. tap on SAVE
4. input TAN

Implement certificate deletion functionality

Your Question

• Source File: .
• Line(s): .
• Question: I want to import my German certificate into the Wallet App but I'm asked to input a TAN. Where can I get it from?

Describe the bug

In the WalletApp it is shown the Label "Country of Vaccination"

Expected behaviour

In the Test-QR-code should be written"Country of Test".

Steps to reproduce the issue

1. Open WalletApp
2. Scan a test-certificate
3. insert valid tan
4. see test-certificate
   
5. you see "Country of Vaccination" instead of "Country of Test"

Technical details

• Host Machine OS (Windows/Linux/Mac):

Possible Fix

Change Label to "Country of Test"

Additional context

Add the "to" into

"Do you agree to share the .... information ..."

Environment
Issuance Web Portal https://issuance-dgca-test.cfapps.eu10.hana.ondemand.com/
Android Phone
Wallet App 1.0.5.-tst

Steps to reproduce the issue

1. Click on Record Vaccination Certification
2. Fill out all mandatory fields
3. Dont fill out family or given name
4. Scan certificate by Wallet App

Added information of used open source libraries

Describe the bug

After changing the IssuerWebApp to another URL, no TANs are found to claim the qr-code

Expected behaviour

valid TAN should claim the qr-code

Steps to reproduce the issue

1. open WalletApp
2. unlock via faceID
3. push the button "Scan code"
4. qr-code will be scaned
5. TAN is requested
6. insert valid TAN
7. see error message: not found

Technical details

• Host Machine OS (Windows/Linux/Mac):
  Samsung Galaxy S9
  Android 10

Possible Fix

Additional context

Describe the bug

The fields "Disease or agent targeted", "Type of test" should be made humanly readable. Now the values are shown as digits.

Technical details

Android Wallet App 1.0.8-tst

Galaxy XCover 4, Android 9

Possible Fix

Additional context

Describe the bug

A REC Certifiacte does not get saved (claimed) in the wallet app after a fresh new installation.

ATTENTION: The Bug manifests only after a fresh install of the app while no other certificates have been saved and it happens only aproximately 3 out of 5 times -- that is, it seems to be sporadic. Attached is a Video and the Logs.

LOGs are attached.

Uploading video_after_install.mp4…

Expected behaviour

REC certificate is saved.

Steps to reproduce the issue

1. Install the wallet app. No certifiacates has been saved yet;
2. Scan a REC QR Code;
3. Enter TAN --> REC certificate is NOT saved about 3 out of 5 times.

Technical details

Galaxy XCover 4, Android 9
Wallet App 1.2.0-acc

logcat.zip

Describe the bug

According to the specification (p. 25)

DGCs will be imported by scanning a base45-encoded QR code and decoding CBOR to JSON.
Afterwards, it is symmetrically encrypted in the app’s sandbox and the symmetric key is stored in the system’s keychain.

However, the actual cipher used is RSA_ECB_PKCS1_PADDING, hence asymmetric. The relevant call chain is as follows:

[WalletRepositoryImpl.kt] claimCertificate(...)
---> [WalletRepositoryImpl.kt] keyStoreCryptor.encrypt(qrCode)
---> [DefaultKeyStoreCryptor.kt] getSecurityKeyWrapper(keyStore).encrypt(qrCode)
---> [SecurityKeyWrapper.kt] getCipher(...) = Cipher.getInstance(RSA_ECB_PKCS1_PADDING)

Expected behaviour

As stated in the specification, a symmetric encryption algorithm should be used.

Steps to reproduce the issue

Technical details

• Host Machine OS (Windows/Linux/Mac):

Possible Fix

Additional context

In Android wallet 1.2.4 (21) there are no certificate infos displayed after scanning QR Code and before saving it to wallet app.

In the release before wallet 1.2.4 (20) all is fine with the same certificate:

Feature description

• Enter TAN
• Create local key pair
• Send DGCI + signature, TAN and public key (of newly generated key pair) to backend
• Claim certificate to wallet

Environment
Android Samsung s20+
wallet app-tst-release-signed-1.0.4.apk

Steps to reproduce:

1. Create vaccination certificate per issuance web app
2. Claim certificate by wallet app
3. Click on claimed certificate and open it
4. Click on the 3 points for options screen

Expected result:
options menu is displayed

Actual result
white screen is displayed

PS. functional it works but I cannot see where and for what I have to click

Change Grand Permission to Grant Permission

Feature description

• initial project setup
• reuse libraries where applicable

Describe the bug

The app crashes when one tries to import a photo from the camera via

1. Add new;
2. Import image;
3. Take photo.

ATTENTION: the bug manifests ONLY after a fresh install and BEFORE one has tried to scan a QR Code.

Expected behaviour

No app crash.

Technical details

Galaxy XCover 4, Android 9
Wallet App 1.2.0-acc

Possible Fix

Additional context

Current Implementation

App is likely only planned to be released in Google Play Store.

Suggested Enhancement

It would be great to see this Android app on F-Droid!

F-Droid is an Android app store specifically for free/libre open-source apps. It would be great if your app could be released there, as it is the number one for getting FLOSS Android apps for many people.
F-Droid also builds all apps from source (optionally even reproducible), so downloads from there can be trusted.

The app developer FAQ or the quick start guide may help you to get started.

BTW a release on F-Droid could also bring some (more) popularity (in case that is intended), as it will show up in the app (new apps are featured there).

Expected Benefits

The benefits are trust (that the code shown here is the code you deliver), security (as untrusted modification of the code is nearly impossible then and you make an independent analysis possible) an increased user base/alternative installation options combined with an increased robustness by not having a single point of failure (Google Play Store) for app delivery.
And also, as said, popularity/marketing if it is visible in the main F-Droid store.

See also corona-warn-app/cwa-app-android#1483 for the same issue for the German Corona-Warn-App that explains more advantages especially of reproducible builds.