The missing spacing becomes obvious at least in Swedish when using a particular screen width (iPhone 6 / iPhone X), when the word "som" comes too close to the checkmark. 20 points of offset would be enough to fix it, as seen on the right image.

Currently the exposure date is stored to UserDefaults, but looks like it's not used for anything. Even though Apple says "This property may report a date of relative precision, such as within one day of the actual event." maybe this date info could be fetched from UserDefaults on an jailbroken iPhone and then used to figure out who the infected person was?

Edit: Noticed that it's used for figuring the retention time. Could this still be a privacy issue?

I installed the app after updating iOS to 13.7. When I first opened the app I accepted the terms and continued. Then I got the system permission prompt about enabling exposure notifications and I chose Enable.

However on the main screen the app says "Koronavilkku ei käytössä" and tapping the button "Ota käyttöön" below it does nothing. Also if I try to enable exposure notifications from the settings I can tap "Ota käyttöön" button but after returning to the main settings page the status still says "Ei käytössä". I have tried both restarting and reinstalling the app, but to no avail.

When this View gets initialized with the active UITextField, the keyboard is blocking the info label on the iPhone SE 1st Gen

Hello there,

(cross posting from THLfi/koronavilkku-android#25)

First, congrats on launching the app and more importantly, massive kudos for open sourcing it (including the backend)! 👏 🎉 Having done that, you've done a great service to the general public and it makes it much easier to trust the application and install it.

However, it took a while for me to learn that this was indeed open source. There's no mention of the fact on the website (and not sure how well this has been communicated to the media, perhaps it's mentioned somewhere) and no links to the Github org/repos. I feel this is absolutely worth higlighting on the website as well as in communications (which I suppose is outside the scope of these repos, but nevertheless).

It'd be great if the website contained a mention of that as well as links pointing here. Perhaps even add who has audited the app (and how)?

(also, any obstacles to open sourcing the website repo? would be happy to make a PR to add ^ if that existed)

Again, thank you for your work and opening the repos to the public 🙏 ❤️

I'm writing this enhancement request as an end-user of the Koronavilkku application, using iPhone X with iOS 14.

The problem:

Yesterday (22.10.2020) I randomly opened up the Koronavilkku application. In the front page, there was a warning of coronavirus exposure. It did not display any timestamp when the warning was triggered - I must have missed the original notification, so now I was not able to know when the warning has been issued. So I went to see the exposure check logs in iOS settings and noticed number of 0 key matches in recent 14 days. And this seems to be a bug in the iOS side. So the problem is this - if the end user misses the banner notification (which can easily happen), there's no way to get alerted again unless the user actively chooses to open the app as I did.

Suggested solutions:

1. keep sending frequent app notifications (e.g. 4 times a day, during daytime) until the end user opens up the Koronavilkku app and acknowledges the alert by clicking "Understood" button (or whatever suits best)

2. in case of active exposure warning, display the timestamp when the exposure notification was issued.

Summary

From my personal experience - as I did miss the exposure alert notification, I was attending to some closed gatherings with my trusted people. I would have not done so if I would have not missed the notification. And when I noticed this alert too late, without timestamp it was not clear whether the alert was fresh or e.g. 9 days old. As a side note: the alert had been cleared this morning, so I'm now calculating that the notification was sent 10+ days ago.

Thank you for your good work and effort!

IOS own functionality shows that there's two key matches (avainosumien määrä) but Koronavillu app says that there's no matches ("Ei havaittu altistumisia" ja tarkistettu viimeksi: 2 minuttia sitten.).

I have rebooted IOS but no changes.
app & phone info:
Koronavilkku 1.0.1 (232)
iPhone 11 Pro Max with IOS 14.0

Description

Siri search does does not find the Koronavilkku app when searching for "corona". Corona with "C" as opposed to "K" is the correct spelling in some of the languages the app is localised for.

To Reproduce
Steps to reproduce the behavior:

1. While on the iPhone home screen, pull down to reveal Siri search
2. Type "Corona" in the search field

Expected behavior
I'd expect Siri search to find the Koronavilkku app. it does not find it.

Not sure if this is a bug since I'm not particularly familiar with the setup, but thought I'd report this just in case.

Settings > Privacy > Health > COVID-19 exposure logging > Exposure checks > Export

When viewing exposure checks on iPhone, we expected to see how many other devices using KoronaVilkku the phone has come into notable contact with, and is now checking for exposure as a result. This seems to report the same information regardless of user however.
Not sure if this is a bug in functionality or just an oddity in reporting exposure check data, but checked keyCounts and hashes are identical between two iPhone users and one Android user in different locales in Uusimaa (albeit hash doesn't match in Android device).

iPhone 1
{ "Build" : "17G80", "ExportVersion" : 1, "ExposureChecks" : [ { "Hash" : "FDD34C6170CB06668BE36457178908925ADE485B21366281981FE5BABD77C696", "RandomIDCount" : 6, "MatchCount" : 0, "DataSource" : "fi.thl.koronahaavi", "Timestamp" : "2020-09-03 07:20:17 +0300" }, { "Hash" : "7CA1AD8DA7964C70E4EA6903780CABC7F224209111F9F12AE0FB28065D864B5A", "RandomIDCount" : 19, "MatchCount" : 0, "DataSource" : "fi.thl.koronahaavi", "Timestamp" : "2020-09-04 08:48:21 +0300" } ], "DeviceProductType" : "iPhone8,2" }

iPhone 2
{ "Build" : "17G80", "ExportVersion" : 1, "ExposureChecks" : [ { "Hash" : "FDD34C6170CB06668BE36457178908925ADE485B21366281981FE5BABD77C696", "RandomIDCount" : 6, "MatchCount" : 0, "DataSource" : "fi.thl.koronahaavi", "Timestamp" : "2020-09-03 07:42:58 +0300" }, { "Hash" : "7CA1AD8DA7964C70E4EA6903780CABC7F224209111F9F12AE0FB28065D864B5A", "RandomIDCount" : 19, "MatchCount" : 0, "DataSource" : "fi.thl.koronahaavi", "Timestamp" : "2020-09-04 07:24:22 +0300" } ], "DeviceProductType" : "iPhone8,4" }

Android
{"timestamp":"September 3, 2020, 08:45", "keyCount":6, "matchesCount":0, "appName":"Koronavilkku", "hash":"\/dNMYXDLBmaL42RXF4kIklreSFshNmKBmB\/lur13xpY="}, {"timestamp":"September 4, 2020, 09:00", "keyCount":19, "matchesCount":0, "appName":"Koronavilkku", "hash":"fKGtjaeWTHDk6mkDeAyrx\/IkIJER+fEq4PsoBl2GS1o="}

Perhaps I'm expecting the wrong thing from Exposure Check reporting, feel free to close this if this is the intended functionality.

I'm running iOS 13.6.1 on iPhone SE 2020.
Installed Koronavilkku same day it was initially released. Now running 1.0.1 (232).
Koronavilkku is not doing exposure checks periodically. The only check is done 3. Sep 2020 (6 keys).
Tried to uninstall & reinstall the app and reboot the phone with no help.
App seems to be in good state ("Koronavilkku käytössä").

Koronavilkku reports a possible exposure. Nevertheless, all of the log entries (altistustarkistukset) for the past two weeks have zero key hits (avainosumien määrä 0). The timestamp of the newest log entry is after the exposure became visible in the app.

If I have understood correctly, an exposure can only be reported if there is match found between the keys in my phone and the ones on the server (from infected people). Thus, there should be at least one key hit in the logs.

• Device: iPhone 8
• OS Version: iOS 14.0.1
• Koronavilkku: 1.1.0 (289)

Hi!

I've had few colleagues wonder if there's going to be an English language version available soon? I took a look at the localization in this project at it seems that translating them shouldn't be a huge task, so is this something you would be open to receiving a pull request of?

I'll do the work if you guys give the 🟢

We're about to have 4h of sunlight a day soon. This would improve the UX.

Just wondering if Russian localization is planned or maybe it is already in progress?
Also, volunteering to help with it, if any help is needed.

Since Apple released the exposure notification support (at least used in Britain) for iPhone 6/5s in December (with the OS version 12.5) would it be possible for Koronavilkku to work on these older iPhones, too?
https://www.bbc.com/news/technology-55317202

The substance of this issue is identical to an issue in the Android app repo and should be dealt with similarly: THLfi/koronavilkku-android#22

This is also why I am not repeating the same explanations here.

The iOS app is distributed with at least three open source dependencies with their own licenses (as far as I've looked into this, SnapKit, ZipFoundation and TrustKit which are under MIT and Apache-2.0). These licenses require that the original copyright and license notices are retained in any redistributions of the code.

I'm able to create a notice document based on this information and make a pull request for adding the document into this repo. However, full compliance with the licenses would require that the notice information is linked to from the application, much like with the Terms of Use and Privacy Policy currently. This would require hosting the notice document somewhere and creating a link to it from the app (e.g. "Avoimen lähdekoodin oikeudelliset tiedot" / "Legal Notices for Open Source Software"). At minimum, you could just link to the file in the GitHub repo.

The Android app needs a similar feature, but currently I do not have enough information on what dependencies (or parts thereof) are actually distributed with the Android app.

When application posts exposure keys or does the dummy posting of random generated keys, payload must always contain exactly 14 keys, otherwise firewall and/or backend will reject the call. When random keys are generated using secure random functions in iOS it is possible for generation to fail due to variable conditions in OS (see https://developer.apple.com/documentation/security/1399291-secrandomcopybytes for more details). This forces caller to check if random function has actually created secure random bytes and if not results must be discarded.

When it comes to actual app's logic, random generation must never fail as this would prevent dummy posting and, in worst case, posting the actual exposure keys to backend. To ensure keys can be sent in all situations, implementation had hardcoded payload for failed random generation. This poses a risk that enables malicious actor to send payloads containing only hardcoded keys and it would be difficult to infer at the backend if these keys are from legit applications or from other source.

As a remedy we should change the random string generation to use SystemRandomNumberGenerator which might be less secure, but would never fail. On Apple platforms it uses arc4random_buf(3) which can be considered secure enough for the purpose we’re using it for.

Related function:

Issue originally reported by community member Marko Buuri (Twitter: @BuuriMa)