Cwa-wishlist: User warning when Android security patch level is too low

Created on 18 Jun 2020  路  3Comments  路  Source: corona-warn-app/cwa-wishlist

For security reasons, the app should warn the user when the android patchlevel is too low, especially before enabling bluetooth.

Internal Tracking ID: EXPOSUREAPP-2173

android feature request mirrored-to-jira
Source
picture AlptraumSAP
😕1

Most helpful comment

A user using an insecure OS generally has more severe problems than Bluetooth. It is not the task of Apps to warn users that the foundation they are running on is insecure.

picture akuckartz on 18 Jun 2020
👍5

All 3 comments

This could potentially scare users from using the app.
I see the security aspect though.

There are settings to have Bluetooth LE beacon scanning active, even if Bluetooth itself is "switched off", however the app doesn't recognize this and warns about disabled Bluetooth.

Either Bluetooth is always on, even when "turned off" (thus enabling beacon scanning) and this wouldn't fix that

or

The app (/API) needs to be able to work with BLE scanning only without displaying a warning about disabled Bluetooth.

I don't know if the vulnerabilities only affect classic BT

tomjschwanke picture tomjschwanke on 18 Jun 2020

A user using an insecure OS generally has more severe problems than Bluetooth. It is not the task of Apps to warn users that the foundation they are running on is insecure.

akuckartz picture akuckartz on 18 Jun 2020
👍5

Thanks for this proposal. We'll move it into the cwa-wishlist repository where it might be available for feedback for a wieder audience.

tkowark picture tkowark on 22 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Lurkars picture Lurkars  路  3Comments
ST4YHealthy picture ST4YHealthy  路  3Comments
achisto picture achisto  路  3Comments
Marvodor picture Marvodor  路  3Comments
dwd0tcom picture dwd0tcom  路  3Comments