Corona-Warn-App - Thomas Klingbeil
rc3-mcr - IT-Security - 12/30/2020
The German Corona-Warn-App was published on June 16, 2020 and has been downloaded more than 23 million times since then. Data privacy and security have been and are of most importance in this project – even when they are invisible to most users. In this session, Thomas Klingbeil, Solution Architect of the Corona-Warn-App, will shed some light on aspects such as plausible deniability and the risk calculation and show their influence on the overall architecture.
When looking at an mobile app, many people forget about the backend. However, especially when designing this component of the overall system it is very important, that it is not possible to learning about users' behaviours and the situation they are in, by observing the data traffic. For the Corona-Warn-App this specifically applies to the test results and the sharing of diagnosis keys in case of a positive diagnosis. To protect users (i.e. to create plausible deniability), the Corona-Warn-App uses a playbook, which simulates a realistically looking communication between mobile app and backend, even if there is no need for communication at that point of time. In this session, Thomas Klingbeil will shed light on those and other mostly invisible aspects of the app (e.g. the risk calculation).