Cwa-app-android: Zero key count - No risk ever detected (false negative)

@bl00dymarie

Orbot is a VPN app, correct? In which case it should not interfere with the Bluetooth Low Energy signals.
If CWA is not giving any error message and it is showing that it updated today then you can assume that the network connection to the server is working.

It's difficult to know if the app is really working. If you want to check that you are receiving Bluetooth signals, I found that Beacon Scope is easy to use and it shows Exposure Notification beacons from other devices.

PS If you have a second Android device available to install it on you can also use Beacon Scope in Transmit mode to simulate transmitting an Exposure Notification.

Will have a look, thanks for the suggestion @MikeMcC399!

There might be an issue with Exposure Notifications update and the cause might be the same as reported here #1516

Could you go to Settings > Google > COVID-19 exposure notifications > Exposure checks and check if there were any updates in the last days.

Could you go to Settings > Google > COVID-19 exposure notifications > Exposure checks and check if there were any updates in the last days.

Normally the app should report if it hasn't been able to do the exposure checks for a while. Nevertheless it's a good idea to check the Google logs and rule out this source of a problem.

I used Bluetooth tracking while being on public transport and I can confirm, my phone is tracking and detecting a LOT, see screenshot.

:eyes: Looking into Settings > Google > Covid
Nevertheless I have never received any risk exposure before Sept 26th either... so I am not sure if that's the ONE problem/bug?!

@bl00dymarie
It's good that you added the screen shot, which shows:

"Letzte Überprüfung auf eine mögliche Begegnung mit einer infizierten Person: 26. September um 08:03"

On my phone I see
"Letzte Überprüfung auf eine mögliche Begegnung mit einer infizierten Person: heute um 02:13"

Could you export the exposure logs and post the file here?

Tap "Überprüfung auf mögliche Begegnungen"
Drei-Punkte-Menü aufrufen
Überprüfungen exportieren

Then add a .txt extension to the file all-exposure-checks.json before you post it here.

@bl00dymarie:

gotcha - my device received the latest exposure updates at about the same time. In my case it was on Sept 24th.

Can you tap on "Überprüfung auf mögliche Begegungen" and check if there were any updates in the last days.

So it seems the daily updates were done (last 14 days), but the matching functionality (?) might not work!

:exclamation: No keys/Schlüssel, no matches/Treffer! :exclamation:

thanks for the hint where to find the logs, there is nothing more to see in the logs unfortunately, the most recent log is:

{
  "timestamp":"25. November 2020, 03:36",
  "keyCount":0,
  "matchesCount":0,
  "appName":"Corona-Warn",
  "hash":"random-hash"
},

@bl00dymarie
I have seen keyCount zero reported on a rooted device before and on an Android 11 emulator.

Is your device rooted by any chance?

You could check your network access to the key by installing the
Warn-App-Companion.

Another check would be to open https://svc90.main.px.t-online.de/version/v1/diagnosis-keys/country/DE/date in a browser and see if a list of dates is shown. (You might have to zoom in to read the dates.)

Not rooted, no!

@bl00dymarie
CWA Android 1.7.0 is in the process of being released and I expect it will appear on Google Play Store soon.

There are enough changes between 1.6.1 and 1.7.0 to make it worthwhile you checking whether 1.7.0 works better on your device. (See details of v1.7.0 release here.)

Dear @bl00dymarie, @MikeMcC399

Thanks for contributing here. Regarding the update to CWA 1.7.1 (for both iOS and Android): Please note that it is a staged rollout. Over the next two days, 100% of the users should have received the update.

We would appreciate very much your (hopefully positive) feedback regarding this issue over the next few days! Otherwise, we will create an internal tracking number.

Best wishes,
DS

Corona-Warn-App Open Source Team

Thanks for the update @dsarkar, will keep you posted as soon as I update the app to 1.7 on my Android.

Unfortunately there a no good news, the problem still remains, the status quo is:

New update installed on Nov 26, version is now 1.7.1, the new version now comes with 3x checks per day
Exposure logs are still completely empty, keyCount is still 0 for every single check "keyCount":0.

This creates a false feeling of security/safety when in the end the software is not reliable. I would encourage you to look into this, and I am happy to continue to support if needed. Have you tested this on a physical device that is running on Android 7 or/and Android 6 since this is the minimal Android version officially supported?

Thanks!

@bl00dymarie

New update installed on Nov 26, version is now 1.7.1, the new version now comes with 3x checks per day
Exposure logs are still completely empty, keyCount is still 0 for every single check "keyCount":0.

Since I could reproduce the issue with keyCount=0 on an Android 11 emulator, I submitted this problem as https://github.com/corona-warn-app/cwa-app-android/issues/1752. It may not be the same root cause as on your device, but at least it may be a starting point for investigation.

Did you follow my suggestion in https://github.com/corona-warn-app/cwa-app-android/issues/1561#issuecomment-733747345 about installing Warn-App-Companion or opening https://svc90.main.px.t-online.de/version/v1/diagnosis-keys/country/DE/date ? If yes, what were the results?

Thanks for the hints, I did open the t-online URL on my device and it gave me back an array of strings of the last couple of days which doesn't explain the issue here correct me if I'm wrong?!

@bl00dymarie

Thanks for the hints, I did open the t-online URL on my device and it gave me back an array of strings of the last couple of days which doesn't explain the issue here correct me if I'm wrong?!

That was just a primitive test to check that your device can access the server where the keys are stored. If you saw the array of dates, then it shows that you have basic connectivity. These are the dates currently returned by https://svc90.main.px.t-online.de/version/v1/diagnosis-keys/country/DE/date:
["2020-11-20","2020-11-21","2020-11-22","2020-11-23","2020-11-24","2020-11-25","2020-11-26","2020-11-27","2020-11-28","2020-11-29","2020-11-30","2020-12-01","2020-12-02","2020-12-03"]

We have to wait for feedback from the Open Source Team now concerning further troubleshooting.

Dear @bl00dymarie, @MikeMcC399, and community

Thank you all for your contributions. We have updated this specific cfor the developers the Internal Tracking ID EXPOSUREAPP-4130 (https://github.com/corona-warn-app/cwa-app-android/issues/1752). Best wishes, DS

Corona-Warn-App Open Source Team

Dear @bl00dymarie and community,

same problem here (Lenovo K10 device, Android 6.0):
"Letzte Überprüfung auf eine mögliche Begegnung mit einer infizierten Person: 24. September um 03:02"
Daily logfiles always show Key Count: 0
Following the svc.90 ... link mentioned above I get all dates of the past 14 days.
CWA version is 1.7.1, Google Play Services version 20.47.13

CWA 1.9.1 is just being rolled out according to https://www.coronawarn.app/en/blog/2020-12-16-corona-warn-app-version-1-9/ although I am not seeing it myself yet in Google Play Store.

CWA 1.9.1 significantly changes the way that exposure checks are done. It will be worth checking to see if the issue here is fixed by this version, even if I haven't seen any feedback from the developers that they found and fixed this issue.

There are at least 4 other friends of mine who are affected by the same problem. They only became aware of the problem when I pointed it out to them.I think that a lot of users have this problem as well - but no one notices it.
I find it very dangerous that the app shows a green status despite this problem.
The government has spent a lot of money on an app that does not work properly even after months. Of course, with such a large project there are many challenges and not all requirements can be implemented immediately.
But if we have an app that is not able to communicate a malfunction to the user after this long development time, then there is a fundamental problem.

@bl00dymarie:
I also had the same problems with CWA as you.
I gave up hunting for this problem and installed an alternative version of CWA: https://codeberg.org/corona-contact-tracing-germany/cwa-android
With this version there are no problems and I was also informed yesterday about a risk exposure. CWA still does not show any risk....
CCTG is based on the same code base as CWA, but does not use Google's Exposure Notifications API, but uses the free microg library. It seems that CWA is not using the Google API properly...

@hackfix

It seems that CWA is not using the Google API properly...

You can only guess that is the cause.

In any case, as I wrote in https://github.com/corona-warn-app/cwa-app-android/issues/1561#issuecomment-746905810 "CWA 1.9.1 significantly changes the way that exposure checks are done." which means that the calls to the Google API have also been changed to replace Legacy v1 mode with ExposureWindow mode starting with this version.

I wholeheartedly agree with you @hackfix!

Instead of disqualifying my statement, the developers should finally do their homework.
Some people who (unfortunately) are not getting paid for their work have done what the paid developers are not able to do.

Sorry to be so hard - but this project is burning my taxes too.
Anyone who gets money for a tax-funded project has to take criticism from the taxpayer as well.

Hello @hackfix, as a maintainer of CCTG, I would like to clarify some technical aspects you mentioned:

It seems that CWA is not using the Google API properly...

• microg provides the same method calls as the Google API. We have not changed how those methods are being called, we only swapped the Google API with the microg implementation. Thus, this seems unlikely to me.

With this version there are no problems and I was also informed yesterday about a risk exposure. CWA still does not show any risk....

• As Marvin explains, this can happen because CCTG via microg and CWA via Google Play Services do scan regularly, but not at exactly the same point in time. This means that it could be the case that both apps are working properly even though they are displaying somewhat different risk scores.

@fynngodau:
Thanks for your feedback!

microg provides the same method calls as the Google API. We have not changed how those methods are being called, we only swapped the Google API with the microg implementation. Thus, this seems unlikely to me.

At first glance, I agree with you. But I think we should also take a deeper look.
CWA worked until some months ago (-> #1516). So maybe there's a slight change in Google's API that's making the difference on some devices -> https://developers.google.com/android/exposure-notifications/doc-change-log
And maybe this change also wasn't re-implemented by microg,

As Marvin explains, this can happen because CCTG via microg and CWA via Google Play Services do scan regularly, but not at exactly the same point in time. This means that it could be the case that both apps are working properly even though they are displaying somewhat different risk scores.

As I highlighted here #1516, on my device CWA is not successfully downloading and/or pushing the diagnosis keys to the Google API.
So without keys I will never get any risk scores from CWA.

@hackfix Can you please create a bug report and send it to me. We will forward this google and they will check the issue
https://developer.android.com/studio/debug/bug-report

Absolutely no! Don't get me wrong, but I think you guys should create this bug report. I'm not part of the development team and I'm not getting paid for doing this.

@hackfix Google calls his log file bug report. We need this zip file from your device because we cannot reproduce this on our devices. I will handle the communication with Google. We need only your help to create the file and send it via e-mail.

@bl00dymarie Maybe you can support us with a log file to find out why the Google ENF is not working on your device.

thanks for the hint where to find the logs, there is nothing more to see in the logs unfortunately, the most recent log is:

{
  "timestamp":"25. November 2020, 03:36",
  "keyCount":0,
  "matchesCount":0,
  "appName":"Corona-Warn",
  "hash":"random-hash"
},

@bl00dymarie Please follow this manual from google:
https://developer.android.com/studio/debug/bug-report
and send the zip file via e-mail
thomas.[email protected]