Earlier today, the highly anticipated COVID-19 tracing app for Germany, called Corona-Warn-App, has been released.
The Corona-Warn-App is based on the DP3T (Decentralized Privacy-Preserving Proximity Tracing) architecture and the joint specification by Apple and Google for privacy-preserving exposure notification, which implements this architecture as an API for official public health providers to draw upon.
The app is developed and published as open source under the Apache License. It has already been under extensive scrutiny, particularly of course in terms of security and privacy. So far, reviews have been favourable and security experts approve of the design. There are potential attack vectors but those are largely theoretical because implementing those isn’t economically feasible.
Personally, I’m pleasantly surprised by the result and the development process.
I have often criticised the unnecessary delays regarding the tracing app for Germany and made fun of the fact that development was awarded to Deutsche Telekom and SAP.
However, the results so far and the way they’re published (as open source without restrictions) and documented look really good.
From my personal, albeit so far limited, assessment both the code quality and the state of the documentation in particular is remarkably good. The code is largely compliant with common conventions and best practices, which allows new developers to quickly find their way.
You can have a look at various aspects of the architecture, security considerations, and requirements here:
The README files for each Corona-Warn-App sub-projects are particularly good and welcoming to new developers. They allow you to get up and running quickly by telling you exactly how to run and try out the software as well as how to contribute or find out more about specific areas of interest.
Like I mentioned in an article more than 3 years ago: Creating and maintaining a README file to both onboard new developers and to get users started with your software easily is a vital part of high-quality software development. The README files mentioned here are a prime example of that.