update "your phone is rooted" nagscreen with a warning that the app is intentionally crippled and useless on rooted phones.
r00t- opened this issue · 16 comments
- i found that i am infected with covid
- i was hoping i could warn others through the app, that's the reason i've been running it since it was released
- there is no mandatory (and "free") pcr-test (yielding a digital certificate) for infections anymore
- the app now offers an option to generate a warning without any certificate
- but only when trying to use that feature, i am told i am not allowed to because my phone is rooted
- the
appfaq tells me i should get a certificate from a test centre instead.- it's a near-impossible task to find one that is still open (because 90+% are closing, and few update their websites).
- i still managed to find one, and went there to pay the 15eur "rooting tax" you are imposing on me, to work around this bug
- but they told me they can not generate digital quick-test certificates anymore.
- (i did not ask if they could for a pcr test - i would not be willing to pay that much "rooting tax".)
=> the (previously pointless) nagscreen should contain a warning that the app is now intentionally crippled and almost completely useless on rooted phones. to at least give users the chance to switch to a crippled (non-rooted) phone for using the app.
First of all, I'm sorry to hear that you are infected. I hope you recover well and soon!
- There has been a change in the testing laws which took place on March 1, 2023 (see my issue corona-warn-app/cwa-website#3415) so that the basis for testing and reporting results has gone away. If you need help from a doctor and the doctor thinks you need a test, they can still do that.
- The FAQ [Google/Android]: Can I use the app on a rooted device? explains that rooted devices are not supported and that "warn others without a TAN" will not work.
I understand your criticism that you were not well informed. The app could have done a better job.
The app is going into ramp-down phase now, as we have learned, so at some stage more of the functionality will be disabled.
If you need help from a doctor and the doctor thinks you need a test, they can still do that.
i asked the doctor, and they told me i would have to pay for any test.
this screen should have been updated together with the FAQ.
it doesn't mention any reduction in functionality,
and you can't expect users to re-read the FAQ everytime you re-show them the same unchanged warning.
Perhaps it is not too late to get the root warning text updated before version 3.2 of the app is released?
Also I notice that the link "FAQ on App Security", which links to https://www.coronawarn.app/en/faq/results/#root_detection_android, does not mention the restriction that a rooted device cannot be used to Warn without TAN.
adding a screenshot of the error message (i was typing up the original ticket on my phone on the way back from the test-centre):
this doesn't even mention the rooting as the cause, i'm just assuming it's that. (i installed the original unmodified apk, and not using any patching.)
(even if the cause was something else, the user should be warned earlier.)
@r00t- Where did you get the APK from? APKs are not officially supported, only apps that were downloaded from the Play Store.
Where did you get the APK from?
copied from another phone's /data/app/, which loaded it from the play store.
There was a design decision to use SafetyNet on Android devices to prevent misuse of the feature "Warn without TAN". Unfortunately this is not compatible with rooted devices.
APK_PACKAGE_NAME_MISMATCH is an error message from the SafetyNet check.
The fact that rooted devices have never been supported has been around for quite a while. The developers however have not actively prevented a rooted phone from being used with the app. It is just not possible for this function.
You made valid points about the messages, etc. however I don't expect that much, if anything, will now change because of that. "Not supported" really refers to what the developers do. The support you are getting at the moment from me is voluntary community support.
as stated in the title,
my only complaint here is that if restrictions are imposed on rooted devices, AND a message about rooted devices is already displayed, it should at alert users of the severe restriction in usefulness of the app, before it's too late.
(and also the the suggestion to obtain a test certificate is probably useless.)
i would just submit a merge request to amend the message:
https://github.com/corona-warn-app/cwa-app-android/blob/622e880dcf120a60d5d8eea06c3f17efe620f4ca/Corona-Warn-App/src/main/res/values/strings.xml#L1995but i'm pretty sure that would not be useful, as it will require rewording anyway to satisfy whatever review processes are in place.
i would just submit a merge request to amend the message:
... but i'm pretty sure that would not be useful,
That's correct that it wouldn't be useful. See PR Checklist
- The PR can not contain changes in localization files, e.g.
values-[LANGUAGE-CODE]/strings/*and/orassets/*). Localizations are usually provided and approved by the UA team.
You can wait to see if you get a response from the developers here.
i asked the doctor, and they told me i would have to pay for any test.
You can read the (German-language) information for doctors from the "Kassenärztliche Bundesvereinigung KdöR" under
The links were already in the other link corona-warn-app/cwa-website#3415 I posted. This is just for convenience to repost them directly here.
- This issue was also discussed in #5813
The root warning only concerns itself with data protection issues. It does not discuss functionality.
The enhancement would be to give a better experience to root users, when root is detected, the app user should be warned that the app is not supported on rooted devices and that if it is used in this environment then certain functions such as "warn others without a TAN", optional data donation and survey features, which depend on SafetyNet are not available. The message should link to the FAQ article https://www.coronawarn.app/en/faq/results/#rooted_devices with further information.
The app can still be used to receive warnings on a rooted device, however the function to warn others is not available.
The removal of the process for receiving test results through form OEGD and 10C after Feb 28, 2023 means that the only warning process remaining is from non-root users who use "warn others without a TAN". (Note that this functionality is planned to be withdrawn on May 1, 2023 as part of the ramp-down plan.)
This issue should be changed from
bug