NOTE: This README is also available in German. Thank you for understanding that the German version might not always be up-to-date with the English one.
HINWEIS: Diese README ist ebenfalls auf Deutsch verfügbar. Bitte haben Sie Verständnis, dass die deutsche Version nicht immer auf dem gleichen Stand wie die englische Version ist.
About this Project
We are developing the official COVID-19 exposure notification app for Germany, called "Corona-Warn-App". This project has the goal to develop an app based on technology with a decentralized approach - heavily inspired by the DP-3T (Decentralized Privacy-Preserving Proximity Tracing, see this comic for concept explanation) and TCN protocols and based on the Privacy-Preserving Contact Tracing specifications by Apple and Google. Like DP-3T and the TCN Protocol, the apps and backend infrastructure will be entirely open source - licensed under the Apache 2.0 license! The apps (for iOS and Android) will collect pseudonymous data from nearby mobile phones using Bluetooth technology. The data will be stored locally on each device preventing access and control over data by authorities or anyone else. We will meet the applicable data protection standards and guarantee a high level of IT security. By doing so, we are addressing people's privacy concerns and thereby aiming to increase the adoption of the app.
Who We Are
The German government has commissioned SAP and Deutsche Telekom to develop the Corona-Warn-App for Germany as open source software. Deutsche Telekom is providing the network and mobile technology and will operate and run the backend for the app in a safe, scalable and stable manner. SAP is responsible for the app development, its framework and the underlying platform. Therefore, development teams of SAP and Deutsche Telekom are contributing to this project. At the same time our commitment to open source means that we are enabling -in fact encouraging- all interested parties to contribute and become part of its developer community.
We'd like to thank all the partners who have been involved in this enormous project from the beginning. The project would not be where it is today without all the exploration and great work that had already been done around the PEPP-PT approach by partners on a European and national level. We will build on top of some of these components and appreciate how everyone is dedicated to making this new approach successful. Moreover, we would like to thank GitHub for their great support.
In this project we are strictly observing the principles of the General Data Protection Regulation (GDPR) to protect the users’ privacy. We are processing necessary data only - exclusively for the purpose to let users know if they have come into close contact with other infected users, without revealing each other's identity. The compliance with these regulations is safeguarded by several procedures, e.g. by implementing technical and organizational measures adhering diligently to the high standards of the GDPR. Of course, the app will provide users with a comprehensive privacy statement to be as transparent and clear as possible. As we are developing the app as an open source project, the community can review it. We appreciate your feedback!
Code of Conduct
We are building this application for Germany. We want to be as open and transparent as possible, also to interested parties in the global developer community who do not speak German. Consequently, all content will be made available primarily in English. We also ask all interested people to use English as language to create issues, in their code (comments, documentation etc.) and when you send requests to us. The application itself, documentation and all end-user facing content has - of course - been made available in German. Apart from the initial release in English and German, other languages have been added over time including Bulgarian, Polish, Romanian and Turkish. See the FAQ available languages entry for more details. We also try to make developer documentation available in German, but please understand that focusing on the Lingua Franca of the global developer community makes the development of this application as efficient as possible.
This repository contains the developer documentation and related content.
The project scope has been agreed on jointly by Deutsche Telekom AG and SAP SE as contractors and the German Federal Government and the Robert-Koch-Institut as clients. The project scope might change over time as new requirements need to be included or existing ones change. We appreciate feedback to all elements of this project scope document. However, additional features or any other content changes beyond fixes to grammatical issues or typos need to be aligned on by these partners before they can be included in the document. Thank you for your understanding!
The technical documents are intended for a technical audience and represent the most recent state of the architecture. The solution architecture and concepts might change over time as external dependencies (e.g. the framework provided by Apple/Google) are still changing and new requirements need to be included or existing ones change. We appreciate feedback to all elements of these technical documents.
- Corona-Warn-App - Solution Architecture
- Corona-Warn-App Server Architecture
- Corona-Warn-App Verification Server Software Design
- Corona-Warn-App Verification Portal Server Software Design
- Corona-Warn-App Test Result Server Software Design
- Corona-Warn-App Mobile Client (Android) Architecture
- Corona-Warn-App Mobile Client (iOS) Architecture
- Criteria for the Evaluation of Contact Tracing Apps
- Corona-Warn-App Security Overview
- Corona-Warn-App Backend Infrastructure Architecture Overview
- How does the Corona-Warn-App identify an increased risk?
- Epidemiological Motivation of the Transmission Risk Level (PDF), (Rmd file), (bib references)
- Corona-Warn-App Data Privacy Impact Assessment/DPIA (PDF, German), DPIA Annex 1a, DPIA Annex 1b, DPIA Annex 1c, DPIA Annex 2, DPIA Annex 3, DPIA Annex 4, DPIA Annex 5, DPIA Annex 6, DPIA Annex 7 and DPIA Annex 8
- Exposure Notification API Testing
- Event Registration
To be published:
- System Operation
For an easier understanding of the used acronyms and special terms in our documents please see our glossary.
|cwa-app-android||Native Android app using the Apple/Google exposure notification API.|
|cwa-app-ccl||Common Covid Logic (CCL) for Android and iOS.|
|cwa-app-ios||Native iOS app using the Apple/Google exposure notification API.|
|cwa-dcc-server||Backend implementation of the process to issue EU Digital Covid Certificate.|
|cwa-documentation||Project overview, general documentation and white papers.|
|cwa-event-landingpage||Landing page for CWA which opens if the user does not have the app installed.|
|cwa-event-qr-code||Utility to generate QR codes for Event Registration.|
|cwa-hotline||Contains all issues reg. the hotlines of the CWA.|
|cwa-icao-transliteration||A simple transliteration of non-latin letters into latin for the CWA.|
|cwa-kotlin-jfn||JsonFunctions Engine - DCC Logic.|
|cwa-log-upload||Counterpart of the log upload in the app.|
|cwa-parent||Repository containing Maven files for parent project and dependency building blocks.|
|cwa-map-backend||Backend of map.schnelltestportal.de.|
|cwa-map-operators-frontend||Frontend for test center operators to manage their test centers in a simple way.|
|cwa-map-public-frontend||Public frontend of map.schnelltestportal.de.|
|cwa-ppa-server||Backend implementation for the privacy-preserving analytics server.|
|cwa-quick-test-backend||Backend implementation of the rapid antigen test portal and API for participating partners.|
|cwa-quick-test-frontend||Frontend implementation of the rapid antigen test portal for participating partners.|
|cwa-quicktest-onboarding||Documentation about onboarding procedure for rapid antigen test partners.|
|cwa-registrierung||Registration portal for the rapid antigen test portal|
|cwa-server||Backend implementation for the Apple/Google exposure notification API.|
|cwa-testresult-server||Receives PCR test results from connected laboratories.|
|cwa-verification-iam||The identity and access management to interact with the verification server.|
|cwa-verification-portal||The portal to interact with the verification server.|
|cwa-verification-server||Backend implementation of the verification process.|
|cwa-website||The official website for the Corona-Warn-App.|
|cwa-wishlist||Community feature requests.|
|dcc-rule-translation||Translations of Booster Notification Rules.|
Copyright (c) 2020-2023 Deutsche Telekom AG and SAP SE or an SAP affiliate company.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
You may obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the LICENSE for the specific language governing permissions and limitations under the License.
The "Corona-Warn-App" logo is a registered trademark of The Press and Information Office of the Federal Government. For more information please see bundesregierung.de.
How to Contribute
Please see our CONTRIBUTING.md for details on how to contribute, our team setup, the project structure and additional details which you need to know to work with us.