Cwa-documentation: Transparent Control off saved Data at anytime?

Yes, you will be able to en- or disable the functionality or the whole app at any time. It is explicitly mentioned in our scoping document (currently only in German, see https://github.com/corona-warn-app/cwa-documentation/blob/master/translations/scoping_document.de.md#nutzung-im-regelprozess) and also in the Exposure Notification FAQ by Apple and Google.

Please also see this FAQ for related aspect of data security and privacy of the Bluetooth keys as they are managed by the respective operating system. Moreover, we will outline more details how the operating systems and our apps will interact in the upcoming Architecture Document.

That is not what I am asking!
I am asking if I can read the Data at any time.
I had read the Documentation and the FAQs before im asking, but found nothing on that.
Thanks.

It would make no sense for you to read the cryptographic keys (from you or other people), as they contain no critical information.

Why would you want to access them?

Edit: It would basically be a long list of UUID-like Strings (the exact format is documented in the specification), so they don't make any sense to a user. They are only useful if they are compared to a server database in order to find out whether you had contact with an infected person.

First this is my thing if exactly this long List I want to be possible to read at any time.
If this makes sense is not your point of interest.
Or do you try to implement security by obscurity?
Than you can completely forget the App.

How is an open source development approach „security by obscurity“?

This has nothing to do with security by obscurity, as the list of IDs is not security-related. It would be an unnecessary feature, as this list - as I already pointed out - would bring no additional value to the user, but only expands development time and adds an additional, unnecessary button to the user interface. Therefore, I don't think that such a list would make sense. If you want to know how this list is generated, you can look it up in the specification. Seeing a list of random IDs just doesn't make sense to me.

If you don't want to clarify your request that's okay, but then there's nothing to discuss about as well :smile:

Edit: And as @ceedee666 perfectly pointed out, you will be able to look up how the IDs are stored in the app's source code here on GitHub, so there's no need for extra UI :)

If it is not security related why I can´t read it?
If it is neccessary or not is my thing.
I think it is Crucial to trust the App.

With this approach you will get 60% App usage guaranteed.

1. Because it would add unnecessary user interface which has to be developed by SAP (time=money).
2. You can look up how they are stored on GitHub. You don't need the app UI to validate this.
3. Most users won't care about or understand the implementation by Apple/Google, only an informed minority will bother. And this minority is also competent enough to go on GitHub and have a look there.

Hi,

by design of the frameworks from Apple and Google (and for privacy reasons), it is not possible for an app do get access to the identifiers a device has recorded. Access to identifiers the device has created is also restricted.

Kind Regards,
Daniel

Thanks for the clarification what you were referring to, @JPRuehmann. However, as @danielburkard mentioned, this requirement is in the domain of the libraries which are provided by Apple and Google. Please address this requirement to those two companies.