You should see on the main page if the certificate is a test certificate, a vaccination certificate or a recovery certificate

Like this:

Edit: This should only be an option in the settings

admin-ch/CovidCertificate-SDK-Android#47 replaced module with jar. How to build the jar from source? When will it be available in Maven Central? Thanks!

Use fingerprint/biometric check to open the app, this helps to verify the owner of the cert.
As backup use code/password

Since the Fix in Issue #74 the App does not slow down at all, but the new problem is the following:

1. I open the Swiss-Covid-App
2. I tap on "+"
3. I select the QR-Code option
4. I scan a random QR-Code found in here: https://duckduckgo.com/?q=sample+qr+code&iar=images&iax=images&ia=images
5. The App shows, that the scanned code is not valid
6. I use my personal QR-Code and try to scan it
7. The App does not show the Certificate-Details

When i leave the scanner and re-enter it again to scan my certificate directly, my personal data is shown correctly.

According to the answer of user Astagi in this issue regarding the Italian's app Verifica C19: ministero-salute/it-dgc-verificaC19-android#87
The QR codes posted by the Italian Team in the link mentioned in the issue should not pass verification but they are successfully validated by Covid Certificate.
Either the certificates are invalid as claimed by such user and then the bug is in the Swiss app, or the bug is in the Italian app, or some of the apps embed such test codes somewhere.
Any clue?

edit: or keys revoked and Covid Certificate (as the EU and other national apps) still have revoked keys (I have all updated versions of all apps)?

Hello,

How we can add front camera to system?

Also , is there any way to add time counter for result popup page. I mean can we automotize it as closing result page and opening camera screen after 5 seconds etc..?

Repro Steps

1. Download certificate (zh.vacme) (after second shot)
2. Click on "Import PDF"
3. Select the PDF

Expected Results

It imports the PDF

Actual Results

Popup with the following text:

Error

Covid certificate format is invalid.
(PDF|NCF)

Environment

Android 11 (OxygenOS 11.0.11)
OnePlus 7 Pro
OS language: English
App: Version 2.0.0

I hope this helps in reproducing and fixing the issue.

By the way: I really like that this app is open source and that you allow reporting issues via GitHub!

FAILURE: Build failed with an exception.

* What went wrong:
A problem occurred configuring root project 'CovidCertificate'.
> Could not resolve all artifacts for configuration ':classpath'.
   > Could not resolve ch.ubique.gradle:ubdiag-android:7.0.2.
     Required by:
         project :
      > No matching variant of ch.ubique.gradle:ubdiag-android:7.0.2 was found. The consumer was configured to find a runtime of a library compatible with Java 8, packaged as a jar, and its dependencies declared externally, as well as attribute 'org.gradle.plugin.api-version' with value '7.0.2' but:
          - Variant 'apiElements' capability ch.ubique.gradle:ubdiag-android:7.0.2 declares a library, packaged as a jar, and its dependencies declared externally:
              - Incompatible because this component declares an API of a component compatible with Java 11 and the consumer needed a runtime of a component compatible with Java 8
              - Other compatible attribute:
                  - Doesn't say anything about org.gradle.plugin.api-version (required '7.0.2')
          - Variant 'runtimeElements' capability ch.ubique.gradle:ubdiag-android:7.0.2 declares a runtime of a library, packaged as a jar, and its dependencies declared externally:
              - Incompatible because this component declares a component compatible with Java 11 and the consumer needed a component compatible with Java 8
              - Other compatible attribute:
                  - Doesn't say anything about org.gradle.plugin.api-version (required '7.0.2')

Could you please take a look? Thanks!

Expired or revoked certificated should automatically be hidden by putting them in a separate place.

• Disallow Screenshots for the app
• Use a counter or something other to make sure nobody just can make a picture of the displayed data

In the example of the Canton of Bern, it is possible to download the COVID certificate as a PDF directly via https://be.vacme.ch. This must then be uploaded to the Cert app.

With a connection between vacme and the Cert-App, the individual data could be transferred directly. Thus, an upload of PDF files would no longer be necessary.

Maybe there is already a API which could be used?

Hi,

is it welcome to add Hilt or Dagger2 support and increase the test coverage?
[WIP] - demo branch

In case of doubts is there any channel that I could use to clarify any issue?

Another question, I see that "org.jetbrains.kotlin:kotlin-serialization:$kotlin_version" was added to the project, but moshi is used instead.

Any plan to move to serialization or it was added for another reason?

Using 2.2.0 on android 10 (from Google Store)

All is fine except that the 2 options certificat light and exporter are inactive for my 2 French QRCode.

Is this expected for non-swiss certificate ?

Google Pay provides the possibility to use the COVID-Certificate inside the App. Is there any plan fo this integration (maybe automatically)?

See: https://support.google.com/pay/answer/10890261

Maybe this would also be an approach to do so on Apple Pay / Wallet-App? By using integrated Shortcuts like Buttons or Direct-Payment-Features the Code could be opened easier and faster.

@goebelUB Any news on the issue. I think users of F-Droid are the core audience for the certificate light. And it is still not available.

While testing the Scanner-Function i experienced some big issues while scanning a simple QR-Code from other Webpages and Apps.

It seems like the App can't handle the data contained in the Code correctly. On my Main-Device (Huawei Mate 20 running Android 10) the App crashed and did also slow down my phone at all.

Maybe a stack-overflow?

In the Verifier App, the verify chain includes this decompressor, seemingly without a size limit for the decompressed byte array.

By including a specially crafted byte array as QR Code that decompresses to a very large byte array, could this lead to a DoS attack (i.e. a crash of the app after running out of memory)?

Please add in the Readme or App document a chapter about android requirements:
a) HW requirements if any
b) minimum Android version where the app can run - testing on old smartphone like on Android 4.4 could be helpful here
c) any external SW dependencies.

Scanning valid a valid paper QR-Code vaccination Certificate generates "an unexpected error"

The Name, First Names and Date of Birth are correctly extracted from the QR-Code.

This is a lineageOs android without google tools and a simple wifi connection.
Using the european checker on f-droid, the certificate is valid.

this is with Version 2.5.0 (2500) (Verifier)

How can I get better logs?

Hi, is it OK if we add this app to F-Droid? It seems to be fully FOSS so it would be good to be on there.

Would you accept a PR to add Fastlane metadata? Cf https://gitlab.com/snippets/1895688

Thanks for your work and for releasing it as free software :)

When downloading the "Covid certificate check" app I get the "Covid certificate" app and vice versa

Is there any possibility to build the APKs? I do always get strange error messages:

`Could not determine the dependencies of task ':wallet:compileAbnDebugJavaWithJavac'.

Could not resolve all task dependencies for configuration ':wallet:abnDebugCompileClasspath'.
Could not resolve project :sdk.
Required by:
project :wallet > project :common
> No matching configuration of project :sdk was found. The consumer was configured to find an API of a component, as well as attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'version' with value 'abn', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm' but:
- None of the consumable configurations have attributes.`

Keystore and everything is set up properly!

The language of the app is set to the phone's default and cannot be changed. This could cause problems at borders/during voyages.

Language should be changeable by user.

Hi !
Some dedicated android qr scanner (such as data logic memor 10) provide qr data as text input
It would be nice if the verifier app was compatible with this to allow quick scan.

thanks,
Téo

When importing my German QR code it shows all the data, but also a "Certified with invalid signature" warning.

From what I understood there is a PKI with a Europe-wide root CA, so I guess it should be easily possible for the app to trust all certificates with signatures that can be tracked to that root CA.

Hi,

In the covid certificate page (after clicking the QR code and scroll down a bit), I found the order of the text is a bit weird. It is like

2/2
**Dose**

I am not sure if it is intended, or it should be like:

**Dose**
2/2

Thanks in advance!

Is this App compatible with Huawei HMS? Or is Google Service needed?

I compiled both WALLET AND VERIFIER apk's if anyone want to test, debug, control UX, text etc

https://github.com/steveacab/Verifier

The files are not signed and made from Android Studio.

Huawei downlaod button on the Readme.md is misaligned and is not using the same style as the Google Play and F-Droid (white edges).

Here you can find the correct button with the same style and sources for the button: https://github.com/aha999/DownloadButtons/#huawei-appgallery

The Covid certificate light uses a different type of QR code pattern, with smaller dots, making it harder for devices to read. You need better lighting conditions and less movement. I think it would be a good idea if Covid certificate light would use the standard QR code pattern as well and use a different indicator to distinguish itself from the regular Covid certificate.

I have had my jabs in two separate EU states:

• first one in the Netherlands
• second jab in Poland

Since the healthcare systems of both countries are disconnected, in both cases the cert says the following:

Vaccine dose: 1 out of 2

And as a result, I have two certificates, both incomplete. A deeper look in the data shows the following: (check this file out for the specification of what each field means):

{
    "dn": "1", // obviously, because both countries think this is my first jab 
    "sd": "2", // cause it's 2 vaccines you need in both countries in order to be fully vaccinated
    "mp": "Comirnaty", 
    "dob": "<My date of birth>",
    "fn": "<My full name>" ,
    "co": "<NL or Poland>" 
}

What I'd expect is that everything being the same (including my name and dob), these 1/2 doses from the two different EU member states should be detected to make a single valid certificate. After all, 1 + 1 is 2, right?

Current behavior

To add a certificate, the user needs the QR code on paper or as a PDF on a second device in order to scan it.

Expected behavior

Next to the "ADD" functionality with the barcode scanner via camera, it would be useful if an option to "ADD FROM PDF" would exist.
This would solve the issue in case no paper or second device is available at the time.

wallet-prod-1.0.0-1001-signed.apk is clearly not built from tag v1.0.0-versionCode-1001-wallet, but from later commit 8b31f3e instead.

You could use/mention apksigcopier (used by F-Droid) either in addition to or instead of apkdiff.py 😸

On the normal certificate, when you open it, the app automatically increases the screen brightness. This is pretty useful.
However, when you convert it to a certificate light and open it, the screen brightness doesn't increase automatically.

Phone: Galaxy S10 with Android 11

Since yesterday's update the app crashes right after opening. It does render the UI but immediately crashes.
Got a shot from the local logcat, seems related to the local encrypted storage.

Attaching a screenshot with the backtrace.

Dear team,

It would be great to get a notification when a transfer request has been fulfilled. Transfer requests are the recommended way in Zurich for receiving vaccination certificates issued for people vaccinated abroad, but the requests take an unpredictable amount of time to be processed, requiring frequent manual checks to see if the certificate has finally arrived. I assume a notification would also be useful for receiving test certificates.

For the time being, the verifier app only shows name and birthday after scanning a QR code.
Oddly, it does so independent if a light certificate or a normal certificate was scanned.
In my view, this behavior is desirable only for light certificates.
For normal certificates, it should display all information that are contained in the QR code (i.e. type of certificate, expiration date, etc.)
Otherwise it would be way to easy to for example forge a vaccinated certificate, by creating your own certificate with your desired expiration date and simply replacing the QR code with a currently valid test certificate.
Hope this makes sense, what I try to describe.

Hello,

It would be a good practice to replace the deprecated class MasterKeys by MasterKey as per https://developer.android.com/reference/kotlin/androidx/security/crypto/MasterKeys (Java: https://developer.android.com/reference/androidx/security/crypto/MasterKeys)

Any way of changing the valid vaccination offset?? I tried to change it in sdk-android but i cant compile it and use it without the marven dependencies.

A lot of comments on the Playstore say that the apps cannot be founded. And it's true. If you search "covid certificate" you can find only "swiss covid" app. Neither the wallet and the checker can be founded.

Are there any COVID-Certificates given to test the Functionalities of the QR-Codes and also its security?

This would also be helpful to check things up like the 'hackability' or encryption.

what i should do for i can resolve it

Since Covid certificate QR codes are meant to be read by various devices, I think it would be a good idea to have the app switch the phone brightness to 100% automatically when viewing a particular certificate. This would be similar to QR code based ticketing applications, such as the SBB app.

Hi,

At my build, I get "The COVID certificate does not have a valid signature" message on the result screen.

Same QR Code, but there is no that kind of alert/error message on the official android app.

It would be a bit more user friendly if the valid certificates are shown first and the expired ones at last. I tested me once after my vaccination and now I have to scroll to the right each time I need to show the certificate.

So i have the trust keys of my country. Where can i add them so the verifier starts working??

I have a mobile phone (android 7.0) and tablet (android 6.0).

Both phone and tablet have swiss covid cert app (v 2.3.0) installed from the google play store.

Both fail to import the Swiss vaccine certificate downloaded from vacme.

An error is reported on the tablet: COVID certificate format invalid. (PDF/NCF)

No error is reported on the phone - the app just closes.

I am able to use the "Scan QR code" option on the tablet to read the QR code from the camera and store it in the app. This option does not work on my phone but my phone does have a terrible camera.

I am able to view the pdf on my laptop, phone and tablet. The QR code is clearly visible. The QR code must be a valid code because the camera on my tablet can read the QR code using the app.

Verifier app says QR code ,which was verified successfully before, has not got valid signature sometimes.

Can you add the support for Android 5.1.1 for the wallet app ?
I have the case in my family who have a Samsung J3 from 2016 who can't download the app.

Thanks and best regards