StopCovid
- The short name or acronym of the project
-
StopCovid
- The release version of the software application. If there is no official version number, use 20YY-MM-DD-unstable
-
1.1.0 on Google Play store and 1.1.1 on App Store
- Main organisation(s) behind the technology
-
Within the project, coordinated by Inria, the members of the StopCovid project team are involved in their field of expertise:
- Inria : coordination and transmission protocol, privacy-by-design;
- ANSSI : cybersecurity
- Capgemini : back-end architecture and development;
- Dassault Systèmes : SecNumCloud qualified sovereign data infrastructure;
- Inserm : health models;
- Lunabee Studio : development of mobile applications;
- Orange : application distribution and interoperability;
- Santé Publique France : integration and coordination of the application in the global strategy of contact tracing;
- Withings : connected objects.
- The web address of the source code of the project
-
https://gitlab.inria.fr/stopcovid19/accueil
- Are all components of the project publicly available under an OSI Approved Licence?
-
No
-
https://www.inria.fr/en/stopcovid-source-code
https://www.inria.fr/en/faq-technical-aspects-stopcovid-application - Pointers to other sources of information, e.g. whitepapers, architectural designs
-
Overview of source code for StopCovid app components and documentation -> https://gitlab.inria.fr/stopcovid19/accueil
Repository of the underlying protocol ROBERT -> https://github.com/ROBERT-proximity-tracing/
Protocol specification, white paper and other technical documentation -> https://github.com/ROBERT-proximity-tracing/documents
Scientific resources about underlying protocol ROBERT -> https://gitlab.inria.fr/stopcovid19/accueil/-/blob/master/SCIENTIFIC_RESOURCES.md
- Official description of the data flow and the overall architecture
-
https://github.com/ROBERT-proximity-tracing/documents/raw/master/ROBERT-specification-EN-v1_1.pdf
Our proximity tracing scheme relies on an App installed on each mobile phone, supported by a back-end server. In a such distributed architecture, two considerations are important (1) where the data are stored and (2) where the status of the user (at risk or not) is verified. In our scheme, the data to be stored is shared between the App and back-end server. The data collection of proximity contacts is performed and stored locally on each App.
This proximity contacts are never revealed to the server except when a user is diagnosed COVID-positive. In this specific case, upon agreement from the user and authorisation from the health authority, the App shares, anonymously, with the server the proximity contacts that it has collected during the estimated contagious period, typically the last 14 days. This data is used by the back-end server to compute an exposure risk score for each of the individuals, defined as anonymous identifiers, who have been in contact with this infected user. Users periodically probe the server to know whether their risk score indicates that they are at risk. As a result, users only learn one bit of information from the server (“at risk” or not “at risk”). They don’t get any information about other users and, in particular, they don’t learn who potentially exposed them. The back-end server only maintains the list of exposed users (through anonymous pseudonyms as no personal information are maintained on the server) with their risk scores. These risk scores can easily be adapted according the evolution of the pandemic or the evolving knowledge of the epidemiologists on the COVID-19 virus. -
Symptom reporting Self-diagnosis Proximity Alert Exposure notification Geo-restrictions/geo-fencing Contact diary Honeytracing
-
- Upload the logo of the project if available. Non-essential, but pretty.
-
-
General principles
E.g. Bluetooth, Bluetooth Low Energy, Near-Ultrasound, Ultrasound, LIDAR, 802.11x, Zigbee, infrared, visible light, UV. More than one answer is possible. -
Bluetooth
- Select the technical protocol(s) supported by the application. If the protocol is not yet inthis list, please save this page, navigate to the protocols list and add before proceeding.
-
ROBERT DESIRE
- Is the application based on a published technical specification for contact tracing (eg DP3T, BlueTrace, Google-Apple)?
-
Yes
-
- Is there evidence of the (epidemiological) effectivity of the application? Please add any links to information on studies or trial runs that showcase that the technology proposed .
-
-
Legal/licensing information
Are all components of the project publicly available under OSI Approved Licence(s)? If you know which license(s), please use SPDX identifiers. -
The source codes of the StopCovid project are published in 2 forms: In a public code deposit. In this case, they are published in MPL 2.0, unless otherwise specified in the file headers. Snapshots of the code of certain components including development are not open to contributions. In this case, they are published under an ad hoc license, which does not allow them rebroadcast (in original or modified form), or their exploitation. To avoid misunderstanding the exact license is specified in the LICENSE.md file at the root of the code of each component. https://gitlab.inria.fr/stopcovid19/accueil/-/blob/master/LICENSE.md
- If not all components used are open source, please provide a technical description of these components suitable for publication, and any third party security analysis. Provide contact details of each technology supplier.
-
Submission Code Server Client API - This component specifies the client API of the Submission Code Server.
Submission Code Server - This component provides the following services: Generation of short and long codes: for health professionals (laboratories, doctors...) and verification and code consumption by the server side of the StopCovid platform.
- If the project is known to be encumbered by (software) patents or other intellectual property claims by any of its creators or known third parties, please indicate which. Also, feel free to list any defensive publications.
-
-
Platforms, build environment
On which platforms can the application(s) run? -
Android 5+ Android 6+ iOS
-
Smartphone
- Location(s) of the app(s) in various app stores (F-Droid, Google Play, Apple Store, Jolla Store, etc).
-
Not yet available, but would be downloadable from the Apple Store and Google Play Store.
- What external libraries and SDKs does the application depend on?
-
================================================================================
Apache 2.0
================================================================================Component: Kotlinx Coroutines
License Text URL: https://github.com/Kotlin/kotlinx.coroutines/blob/master/LICENSE.txt
Source Code: https://github.com/Kotlin/kotlinx.coroutinesComponent: Timber
License Text URL: https://github.com/JakeWharton/timber/blob/master/LICENSE.txt
Source Code: https://github.com/JakeWharton/timber================================================================================
BSD 3-Clause
================================================================================Component: Android Scanner Compat Library
License Text URL: https://github.com/NordicSemiconductor/Android-Scanner-Compat-Library/blob/master/LICENSE
Source Code:================================================================================
Apache 2.0
================================================================================Component: Truth
License Text URL: https://github.com/google/truth/blob/master/LICENSE
Source Code: https://github.com/google/truth================================================================================
EPL 1.0
================================================================================Component: JUnit 4
License Text URL: https://github.com/junit-team/junit4/blob/master/LICENSE-junit.txt
Source Code: https://github.com/junit-team/junit4================================================================================
LGPL 3.0
================================================================================Component: Zohhak
License Text URL: https://github.com/piotrturski/zohhak/blob/master/LICENSE-LGPL-3.0.txt
Source Code: https://github.com/piotrturski/zohhak================================================================================
MIT
================================================================================Component: Mockito
License Text URL: https://github.com/mockito/mockito/blob/release/3.x/LICENSE
Source Code: https://github.com/mockito/mockitoComponent: Mockito Kotlin
License Text URL: https://github.com/nhaarman/mockito-kotlin/blob/2.x/LICENSE
Source Code: https://github.com/nhaarman/mockito-kotlinComponent: Robolectric
License Text URL: https://github.com/robolectric/robolectric/blob/master/LICENSE
Source Code: https://github.com/robolectric/robolectric - Which tools (IDE, etc.) are necessary to build the application from the available sources?
-
- Do different builds of the application yield the same bits?
-
-
- Is the user in control when some or all bits of the application are replaced?
-
-
- Is the update mechanism compatible with the requirements of TUF (https://theupdateframework.io/security), including resilience against rollback attacks, extraneous dependencies attacks and handling vulnerability to key compromises?
-
-
Security
-
- If the developers have published or adopted a dedicated threat model for their app, provide a web link.
-
- If there have been in-depth security analyses of the application(s) and/or underlying protocols, provide web links to publicly available reports. One line per report.
-
- If there are known security weaknesses or shortcomings that are currently unresolved, please provide a link to CVE's/bug reports or other available sources.
-
- Is the temporary data stored by the solution protected by modern, strong cryptographic means
-
No
-
https://github.com/ROBERT-proximity-tracing/documents/raw/master/ROBERT-specification-EN-v1_1.pdf 5.2 HELLO Message Collection
- Exposure of interfaces with critical system level security flaws.
-
-
Privacy
General impact assessment
Has a Data Privacy Impact Assessment (DPIA) or equivalent privacy analysis been conducted in relation to the technologies used or proposed by the project? A DPIA is a formal assessment of privacy risks users are to be exposed to. Provide a link to the outcome of this assessment, and any updates or responses or mitigations that have been implemented since in response to the findings of the DPIA. : Provide web addresses of the DPIA and any follow ups. -
- Provide links to other noteworthy articles and reports regarding or mentioning the project.
-
https://deepai.org/publication/a-survey-of-covid-19-contact-tracing-apps
https://www.cnil.fr/en/publication-cnils-opinion-stopcovid-mobile-application-project
https://www.cnil.fr/en/publication-cnils-opinion-french-contact-tracing-application-known-stopcovid
- Are there any special provisions made for protection of the information of minors, or legally incompetent people?
-
https://www.economie.gouv.fr/stopcovid-faq#
-
Mobile app specific questions
Does the solution have complete governance/run-time control over client-side hardware while in deployment, including the OS? Or is there shared tenancy, and are there other applications running? -
No
-
https://github.com/ROBERT-proximity-tracing/documents/raw/master/ROBERT-specification-EN-v1_1.pdf 2.2 System Overview
- Use of the solution does not require the use of an online account which is traceable to individuals. E.g. a vendor account which needs to be activated before a mobile phone can be used.
-
No
-
https://github.com/ROBERT-proximity-tracing/documents/raw/master/ROBERT-specification-EN-v1_1.pdf 2.2 System Overview
- Is use of the solution tied in any way to the use of (an) account(s) with any third party, other than national?
-
Yes
-
https://github.com/ROBERT-proximity-tracing/documents/raw/master/ROBERT-specification-EN-v1_1.pdf 2.2 System Overview
- Does the application make use of fixed, traceable, device specific identifiers or accounts, like phone numbers, IMEI, etc?
-
No
-
https://github.com/ROBERT-proximity-tracing/documents/raw/master/ROBERT-specification-EN-v1_1.pdf 3.3 Application Registration (Application Side)
- Is the solution free from telemetry/tracking?
-
No
-
https://github.com/ROBERT-proximity-tracing/documents/raw/master/ROBERT-specification-EN-v1_1.pdf
- Does the application request/require OS privileges to e.g. recent contacts, the address book, location based services, the camera, etc.?
-
-
- For each of the requested permissions explain how the data or the funcitonality that can be accessed through that permission is used by the application. Specify whether this access is merely local, or whether information obtained through this is shared centrally.
-
- Is there any location data (or equivalent) stored?
-
No
-
https://www.economie.gouv.fr/stopcovid-faq#
- Does the application or device have a built-in kill-switch where it ceases to function after a predetermined point in time, to avoid unnecessary risk exposure?
-
-
- Users can choose to expose whether or not they are infected, even under pressure or threat
-
Yes
-
https://github.com/ROBERT-proximity-tracing/documents/raw/master/ROBERT-specification-EN-v1_1.pdf A. Towards Probabilistic Notifications
- Can the user determine when data is uploaded
-
Yes
-
Privacy (Bluetooth related)
-
- Is the privacy and the security of the user of the solution safe from compromise related to external observability of device-specific Bluetooth identifiers?
-
Yes
-
https://github.com/ROBERT-proximity-tracing/documents/raw/master/ROBERT-specification-EN-v1_1.pdf 5.1 HELLO Message Broadcasting
- Is a fixed Wifi MAC address broadcast by the solution?
-
No
-
https://github.com/ROBERT-proximity-tracing/documents/raw/master/ROBERT-specification-EN-v1_1.pdf 5.1 HELLO Message Broadcasting
- Is the Bluetooth ID of the user (or a derivation that can be easily linked back to it) broadcast?
-
No
-
Detailed privacy related attributes
-
https://github.com/ROBERT-proximity-tracing/documents/raw/master/ROBERT-specification-EN-v1_1.pdf 5.1 HELLO Message Broadcasting
- The application only shares anonymous attributes.
-
Yes
-
https://github.com/ROBERT-proximity-tracing/documents/raw/master/ROBERT-specification-EN-v1_1.pdf
- Can the user of the app review and redact their data, or decide to not upload some data?
-
-
-
No
-
https://github.com/ROBERT-proximity-tracing/documents/raw/master/ROBERT-specification-EN-v1_1.pdf 6.1 Upload by the Application
- Does the application request/require privileges to e.g. recent contacts, the address book or other user-specific data?
-
No
-
https://play.google.com/store/apps/details?id=fr.gouv.android.stopcovid
- Is the real identity (or a strongly linked attribute) stored outside of the user device?,
-
No
-
https://github.com/ROBERT-proximity-tracing/documents/raw/master/ROBERT-specification-EN-v1_1.pdf 4. Generation of the Ephemeral Bluetooth Identifiers
- Is the phone number of the user (or a derivation that can be easily linked back to it) stored outside of the user device?
-
-
-
No
-
2.2 System Overview
- Is there any location data (or equivalent) stored externally?
-
-
- Is the wifi mac addres of the user (or a derivation that can be easily linked back to it) stored outside of the user device?
-
-
- Is the Bluetooth ID of the user (or a derivation that can be easily linked back to it) stored outside of the user device?
-
No
-
https://github.com/ROBERT-proximity-tracing/documents/raw/master/ROBERT-specification-EN-v1_1.pdf 5.1 HELLO Message Broadcasting
- The solution is guaranteed to never leak information about IP addresses of users to the backend.
-
-
Available third party analysis
-
- Relevant publications on the judicial aspects of the application(s) and protocol(s)
-
https://www.economie.gouv.fr/stopcovid-faq
- Studies and analyses of the technical aspects of the application
-
https://www.inria.fr/en/faq-technical-aspects-stopcovid-application
-
Customization and usability aspects
Is the application ready to be used with multiple languages (i18n) if translated strings are provided? -
-
- Give the web address of any accessiblity certifications by an accreditated certifcation instance. If there are more than one, put each link on a new line.
-
- Has the assistive technology been designed to not expose users with disabilities with additional privacy risks?
-
-
Backend
-
- Select where and how the data produced by the solution is hosted
-
- If an external back-end technology is used in conjunction with the application or device, please provide a link to its repository or home page
-
- Any other relevant remarks and considerations