Less generic notification

Question

Less generic notification

niwla23 opened this issue 2 years ago · comments

Alwin Lohrie commented 2 years ago

Avoid duplicates

This enhancement request has not already been raised before
Enhancement request is specific for Android only, for general issues / questions that apply to iOS and Android please raise them in CWA-Wishlist
If you are proposing a new feature, please do so in CWA-Wishlist

Current Implementation

Exposure notifications are currently sent like this:

Suggested Enhancement

Tell the user what the app wants. Example:
You had contact with an infected person.

Expected Benefits

The current notification looks like something you would easily swipe away, first time I saw it I thought it was a changelog or something.
It will also reduce the time it needs for the message to actually reach the user if it is in the notification title

Internal Tracking ID: EXPOSUREAPP-12909

VladimirII · Answer 1 · Sun Mar 20 2022 21:22:26 GMT+0800 (China Standard Time)

Agree, for changes in the certificate it took always a second or third look to know what the notification is about.

Lars · Answer 2 · Mon Apr 25 2022 14:04:17 GMT+0800 (China Standard Time)

Thanks for your enhancement request @niwla23. We have created an internal ticket for it and will raise this topic internally.
Internal Tracking ID: EXPOSUREAPP-12909

Corona-Warn-App Open Source Team

Tim · Answer 3 · Mon Apr 25 2022 14:10:00 GMT+0800 (China Standard Time)

This also affects iOS and should be moved to the wishlist.

Mike McCready · Answer 4 · Mon Apr 25 2022 14:33:17 GMT+0800 (China Standard Time)

@larswmh

I seem to remember that the text in notifications is deliberately non-specific because the notification could be read by somebody other than the device owner. The non-specific message leads to a specific message in the app. The latter can only be read by unlocking the phone, which ensures that only the intended recipient can read the detailed information. The reason behind CWA notifications often involves health data, and this data needs to be specially protected.

This all depends on how the phone is set up: if the device had lock-screen security applied, if notifications are shown when the device is locked, etc.

Alwin Lohrie · Answer 5 · Tue Apr 26 2022 02:04:22 GMT+0800 (China Standard Time)

@larswmh

I seem to remember that the text in notifications is deliberately non-specific because the notification could be read by somebody other than the device owner. The non-specific message leads to a specific message in the app. The latter can only be read by unlocking the phone, which ensures that only the intended recipient can read the detailed information. The reason behind CWA notifications often involves health data, and this data needs to be specially protected.

This all depends on how the phone is set up: if the device had lock-screen security applied, if notifications are shown when the device is locked, etc.

How is this health data? The app shows a potential risk of being infected because you were in the same room as an infected person.
If someone actually cares they probably won't have notification content enabled on lock screen. I understand that you should not show the result of a covid test in the notification (though I don't think anyone would care). How could showing a risk status in the notification be a problem?

Mike McCready · Answer 6 · Tue Apr 26 2022 02:39:13 GMT+0800 (China Standard Time)

@niwla23

How is this health data? The app shows a potential risk of being infected because you were in the same room as an infected person.

This is the official legal definition according to the Data Protection Impact Assessment / (Bericht zur Datenschutz-Folgenabschätzung für die Corona-Warn-App):

"7.1.4 Gesundheitsdaten

Gesundheitsdaten sind personenbezogene Daten, die sich auf die körperliche oder geistige Gesundheit einer natürlichen Person, einschließlich der Erbringung von Gesundheitsdienstleistungen, beziehen und aus denen Informationen über deren
Gesundheitszustand hervorgehen (Art. 4 Nr. 15 DSGVO), wobei auch Informationen über Krankheitsrisiken einer Person als Gesundheitsdaten gelten (vgl. Erwägungsgrund 35). Daher wäre beispielsweise auch die Angabe, dass ein Nutzer einen bestimmten Risikostatus hat oder sich testen ließ, als Gesundheitsdatum einzustufen. Denn aus diesen Informationen geht
hervor, dass eine erhöhte Wahrscheinlichkeit einer COVID-19-Erkrankung des Nutzers besteht. Gesundheitsdaten sind besondere Kategorien personenbezogener Daten im Sinne von Art. 9 Abs. 1 DSGVO."

Mike McCready · Answer 7 · Tue Apr 26 2022 14:14:20 GMT+0800 (China Standard Time)

Perhaps there could be a way to relax the strict health data protection imposed by the app if the user says that they do not want this applied? That would however make the app more complicated if an option is added for this purpose. It could also be problematic considering that the app can store data (tests and certificates) for multiple named people and each person would have to give their permission to relax the data protection.