Since this Tuesday, June 16, 2020, a contact tracing app for the containment of the corona virus provided by the German government is also available in Germany. Scientists from the Horst Görtz Institute for IT Security support the decentralised concept on which the application was developed. The option that the source code can be accessed online openly for reasons of transparency is also viewed positively by them. "The Corona-Warn-App basically complies with current data protection standards, even though we see room for improvements in detail. Nevertheless, we would prefer the German government to enact a law that strictly limits the purposes for which the app can be used," explain Dr. Martin Degeling from the Chair of Systems Security and Maximilian Golla from the Max Planck Institute for Security and Privacy Bochum.
"I have just downloaded the App for myself and I hope that many other people will take this step as well. Only a broad acceptance of the app will help to trace infection chains effectively," adds Prof. Thorsten Holz, speaker of the HGI.
Dates are stored decentral
The application has been developed on the basis of the technical concept "DP-3T". Here, the devices exchange randomly generated cryptographic keys via Bluetooth, which are sent every two and a half to five minutes (rolling proximity identifier). The data is stored decentral on the users' end devices. If users have tested positive for the Covid 19 virus, the server can be notified via TAN or QR code. The server distributes a list of infected IDs, which can be checked locally by the mobile devices to determine if a contact with one of these IDs has taken place and for how long. Based on this, the risk is evaluated and a warning is displayed.
Discussions on "PEPP-PT" and "DP-3T" concepts
There had been some discussions about the development of the app in advance. Numerous international scientists, among them many HGI researchers, and computer security experts criticized the originally planned concept "PEPP-PT" in an open letter due to data protection concerns (read more about it here). The public appeal has had an effect, and the German government has decided to change course in favour of the "DP-3T" (Decentralized Privacy-Preserving Proximity Tracing) basis. (You can find out how this works here).
The download is free and the use of the app is voluntary.
General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.
