eu-digital-green-certificates / dgca-wallet-app-android Goto Github PK
View Code? Open in Web Editor NEWRepository for the dgca wallet app for android.
License: Apache License 2.0
Repository for the dgca wallet app for android.
License: Apache License 2.0
Hi,
I just scanned my certificate and the app is asking a TAN Code. I have no idea what it is or what does TAN stand for. It's been supposedly sent to me via e-mail or else, but how (I mean, who has my contact info) and by who is this code supposed to be sent?
I scanned the QR Code (the EU one, not the French 2D-DOC) provided on paper in France by our health insurance system.
Thanks for any info on the matter.
Wallet App version 1.0.7-acc and 1.0.7-tst
OS: Android 11
Wallet App 1.2.4-acc (20)
Samsung S20+
actual result
Pressing CANCEL button does not work
expected result
Pressing CANCEL button should result in going back to last screen (or to main menu)
@Hendrik-Schmidt-Schierhorn-TSI what do you think?
In iOS is the same issue.
Environment
Android Samsung s20+
wallet app-tst-release-signed-1.0.4.apk
Steps to reproduce:
Expected result:
options menu is displayed
Actual result
white screen is displayed
PS. functional it works but I cannot see where and for what I have to click
There wer problems reported, that the claiming of a certificate has some errors:
a) If somebody tries to import a certificate and the TAN is not inserted (or canceled), the certificate is imported in the app
b) The new generated TAN is not visible after a valid import
c) Deletion of a certificate ?
Can you please evaluate this reports to crosscheck if there is any bug or a missing functionality:) Thanks:)
Field "Test Result" in Certificate of type TEST conatins a seemingly random 9-digit number.
The field "Test Result" in Certificate of type TEST should contain the value "DETECTED/UNDETECTED".
Galaxy XCover 4, Modellnummer: SM-G390F
After changing the IssuerWebApp to another URL, no TANs are found to claim the qr-code
valid TAN should claim the qr-code
For REC Certificates Only the Ones which Are Valid at Least 2 Days After the Day of Travel Are Found During Checkin/Booking. But Certificates which expire one or two days after the day of travel are not offered by the wallet app although the names match.
For Example -- travel date is 08. October 2021 and in the wallet app are REC certificates which expire on:
A) 08. October 2021;
B) 09. October 2021;
C) 10. October 2021;
D) 11. October 2021;
E) 12. October 2021.
All the data (incl. Name ) are identical in all of the certificates, only the expiry dates differ as shown above. Given a travel date of 08. October 2021, the wallet app matches only certificates D) and E). See attached Video.
All certificates should be matched because they are all valid with respect to the date of travel.
Wallet App Version 1.2.3-acc (19)
Galaxy XCover 4, Android 9
Upon claiming the following QR Code, all previously saved certificates got deleted.
The logs are attached. The event happaned around 10:29 o'clock, 15.07.22.
Initial state: one or more certificates are already claimed and successfully saved on device
Step 1: Scan attached Code
Step 2: Type in Tan
Step 3: Press save -- > the screen "No certificate available is shown" (attached Image)
After saving all previously saved certificates are deleted and no certificate is saved.
Furthermore, once in this state -- no other certificate can be saved any more on the device.
Certificate is successfully saved additionally to the rest of previously saved certificates.
Wallet App 1.1.0-tst
Galaxy XCover 4, Android 9
When validating a booking code against certificate the injured rule should be displayed when status NOK.
Actual behaviour:
Validating this 1/2 vaccination certificate against DEV-TEST validation service (https://4b49927aadc0653d.dcc-validation.eu/) the new fixed behaviour shows the correct NOK (red) status in the wallet app but it does not show the injured rule.
Expected behaviour:
Please add the injured rule like it is in iOS:
!Please note the acc and test validation service has the old behaviour and the status is app i shown as OPEN (yellow icon). So you have to check and test against DEV-TEST validation service
Thank you for making an open source application that is avilable on F-Droid.
I am using version 1.0.7-tst.
When attempting to add my EU Digital Covid certificate issued in Germany I can scan the code and the application correctly reads the details. However, I get the above error when hitting "save".
It should be able to add the certificate just fine.
Is this because of a syncing issue or something else? My certificate was issued a few hours ago.
## Describe the bug
When I scan a QR Code at next step should be displayed the details informations of the certificate.
Steps should be like in iOS wallet app. the behaviour on iOS is according to spec, on Android it is not.
In iOS steps are like this:
in User Story 2: Import Green Certificate in the Wallet App, is a second optionally way to import the cerificate by a deep link which was sended by SMS or email.
Optionally you can use a deep link instead of a 2D Code to initiate the certificate import in the
wallet app. The deep link can look like:
dgc://example.authority.com?token=ey… & [publickey]
In this case the token is received with the link, and the public key must be replaced by the key
of the new generated key pair of the certificate container in the wallet app. The deep link can
be delivered by SMS, Email or by presenting another 2D Code for scan.
You find it in specification: https://ec.europa.eu/health/sites/default/files/ehealth/docs/digital-green-certificates_v4_en.pdf on page 12
Yesterday you've released v1.0.1 – versionCode
of the APK is still set to 1
like with v1.0.0, so Android won't recognize it as an update.
versionCode
was increased since the last release – no matter how much as long as it's "bigger".
$ aapt d badging app-release-signed.apk | grep versionCode
package: name='dgca.wallet.app.android' versionCode='1' versionName='1.0.0' compileSdkVersion='29' compileSdkVersionCodename='10'
You see it even identifies as v1.0.0.
Thanks for fixing 😃
Actual:
for all certificates is displayed: "share the vaccination certificate 2 ..." seems to be hard coded
Expected:
The correct certificate naming should be displayed
vaccination certificate 1 of 2
vaccination certificate 2 of 2
test certificate (or test result certificate - if this is easier)
recovery certificate
When we try to export a DCC Certificate from the Android Wallet App via NFC onto the iOS wallet app, no certificate is seen in the destination app (iOS Wallet) although it says "Fertig". See attached Screenshot.
The chosen certificate is shown in the wallet app in the iOS device.
No certificate is to be seen in the iOS wallet App.
Android Wallet App 1.2.2 acc
Galaxy XCover 4, Android 9
Implement the usage of the dynamic context content. The claimDomains should be used for claiming.
[
{
"co":"DE",
"claimDomain":"http://ibm.blabala.de"
"pubKey":"MIIj234ksedfioweikseipo234jk234jksdfklsdfjksdfjklsdfsdjfsdfj"
},
{
"co":"ES",
"claimDomain":"http://ibm.blabala.de"
"pubKey":"MIIj234ksedfioweikseipo234jk234jksdfklsdfjksdfjklsdfsdjfsdfj"
}
]
Implement certificate deletion functionality
Environment
Issuance Web Portal https://issuance-dgca-test.cfapps.eu10.hana.ondemand.com/
Android Phone
Wallet App 1.0.5.-tst
Steps to reproduce the issue
Scan a QR Code
Enter TAN
Click the Arrow to get into the QR Code
Click on the 3 dots to access the Menu for
Details and Delete options are White Font on White Background.
Please can this be fixed
Best Regards
Panayiotis Savva
fun getSecurityKeyWrapper
fun getSecurityKeyWrapper
the keyStore
is first queried for a certain key pair. If it is found, it is wrapped in aSecurityKeyWrapper
and returned. Otherwise, a new key pair is generated and also returned. But why is this new key pairkeyStore
(for later retrieval)?The app crashes when one tries to import a photo from the camera via
ATTENTION: the bug manifests ONLY after a fresh install and BEFORE one has tried to scan a QR Code.
No app crash.
Galaxy XCover 4, Android 9
Wallet App 1.2.0-acc
Build fails with
e: /src/dgca-wallet-app-android/app/src/main/java/dgca/wallet/app/android/di/DecoderModule.kt: (90, 75): No value passed for parameter 'x509'
In the WalletApp it is not clear which timezone is shown
In the Test-QR-code should be clearly shown that it is the UTC-timezone as it is in the ios-version.
create Testcertificate with location time-zone (for example 8:00 AM german time) as seen on screenshot:
Open WalletApp
Scan the created test-certificate with location time-zone (for example 8:00 AM german time)
insert valid tan
you find a different timezone without a hint
add the hint (UTC) the Date of collection and Date of Test Result
In the WalletApp it is shown the Label "Country of Vaccination"
In the Test-QR-code should be written"Country of Test".
Change Label to "Country of Test"
A valid test certificate is created with the selected valid values “Rapid immunoassay” for “Type of Test” and “Roche (SD BIOSENSOR), SARS-CoV-2 Rapid Antigen Test” for “RAT Test name and manufacturer”. Certificate is claimed and saved in the Android WalletApp. The test result is not detected.
Android Wallet App 1.1.0-tst
The same behaviour was observed with Android Verifier App 1.1.6-RC1
App is likely only planned to be released in Google Play Store.
It would be great to see this Android app on F-Droid!
F-Droid is an Android app store specifically for free/libre open-source apps. It would be great if your app could be released there, as it is the number one for getting FLOSS Android apps for many people.
F-Droid also builds all apps from source (optionally even reproducible), so downloads from there can be trusted.
The app developer FAQ or the quick start guide may help you to get started.
BTW a release on F-Droid could also bring some (more) popularity (in case that is intended), as it will show up in the app (new apps are featured there).
The benefits are trust (that the code shown here is the code you deliver), security (as untrusted modification of the code is nearly impossible then and you make an independent analysis possible) an increased user base/alternative installation options combined with an increased robustness by not having a single point of failure (Google Play Store) for app delivery.
And also, as said, popularity/marketing if it is visible in the main F-Droid store.
See also corona-warn-app/cwa-app-android#1483 for the same issue for the German Corona-Warn-App that explains more advantages especially of reproducible builds.
Hi all, big thanks to all for making this project open-source.
Slovakia e.g. declares to have functionality that allows wallet app to share/display QR codes with 'anonymized' data (my guess is that the QR e.g. does not contain a person's name or date of birth).
I am interested only in the technical point of view of this question - so do you know about ways how this could be accomplished, please?
I checked the default JSON schema, where "nam" (person's surname and given name) and "dob" are required.
So I think the only way, how this could be accomplished, is that issuer would always issue 2 kinds/2 versions of certificates for a single test, single vaccination, or single recovery "event":
I see no point, in a solution where the wallet removes personal data (like 'tampering certificate'), as the signature for the verifier would become invalid.
Could you suggest other ideas (if any) / or tell me if I am wrong somewhere with the solution above, please?
I am not a representative, nor a member of any official working group - so I do not want to waste the time of any of you if you are currently under pressure.
Thanks.
The request is to have expired certificates automatically purged from the Wallet.
Display the Expiry Date on the main screen that shows all loaded certificates as to ensure the holder is aware of when the specific certificate expires.
It also has the benefit of not holding this information (even for spouse or dependents, parents, etc.) once they expire, and thus no longer useful. This is a security consideration.
According to the specification (p. 25)
DGCs will be imported by scanning a base45-encoded QR code and decoding CBOR to JSON.
Afterwards, it is symmetrically encrypted in the app’s sandbox and the symmetric key is stored in the system’s keychain.
However, the actual cipher used is RSA_ECB_PKCS1_PADDING, hence asymmetric. The relevant call chain is as follows:
[WalletRepositoryImpl.kt] claimCertificate(...)
---> [WalletRepositoryImpl.kt] keyStoreCryptor.encrypt(qrCode)
---> [DefaultKeyStoreCryptor.kt] getSecurityKeyWrapper(keyStore).encrypt(qrCode)
---> [SecurityKeyWrapper.kt] getCipher(...) = Cipher.getInstance(RSA_ECB_PKCS1_PADDING)
As stated in the specification, a symmetric encryption algorithm should be used.
Added information of used open source libraries
There is no option to select the country when scanning a certificate. Once claimed, the validity can be checked only for Belgium as it is fixed as the destination country.
Wallet App 1.1.0-tst
Galaxy XCover 4, Android 9
The 1.0.8-RC-1 build for acc was used for scanning QR codes from the dcc-quality-assurance
repository. For example:
After the scan a screen requests a TAN code. No matter what it is entered in this field the user gets navigated in the next screen where all the details of the QRCode are displayed.
Since we are not in the position to provide the TAN code related to the QR code in question we should not have access to its details.
Should we prevent this?
N/A
A REC Certifiacte does not get saved (claimed) in the wallet app after a fresh new installation.
ATTENTION: The Bug manifests only after a fresh install of the app while no other certificates have been saved and it happens only aproximately 3 out of 5 times -- that is, it seems to be sporadic. Attached is a Video and the Logs.
LOGs are attached.
Uploading video_after_install.mp4…
REC certificate is saved.
Galaxy XCover 4, Android 9
Wallet App 1.2.0-acc
If a wrong or incomplete TAN is entered when claiming the certifacte, no error message is shown and it seems like the Certificate was claimed.
Then, when I try to save it again a "Bad request" is shown.
The same behaviour was observed when using a TAN twice or trying to save a certificate with a TAN which belongs to a different certificate.
Video is attached.
Android Wallet App 1.0.8-tst
Galaxy XCover 4, Android 9
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.