TracePrivately
A functioning app using Apple's contact tracing framework, as documented here:
https://www.apple.com/covid19/contacttracing
7 May 2020: App is now updated for iOS 13.5 beta 2 changes. The framework now has a more defined structure for how the server should work, so we'll likely be making some additional changes to further integrate with protocol buffers.
Note: To run the app the Apple framework, a special entitlement is required, only available to authorized organizations. More Info
This app will be evolving quickly as I'm trying to publish new functionality as quickly as possible.
Objectives
- Create a fully-functioning prototype that governments can use as an almost-turnkey solution that they can rebrand as necessary and use
- Implement correct security and privacy principles to maximise uptake of said government apps
- Remain open source for independent verification
- Properly use the Apple / Google contact tracing specification
- Accessible to as many users as possible:
- Localized to many langauges
- Adopt correct accessibility principles and functions
- Support older devices
- Be easily configurable to suit needs of different jurisdictions:
- Different privacy statements
- Different data gathered for positive diagnoses
- Different server/authorization needs
- Different thresholds to define a contact (attenuation and duration)
- Create a functioning server prototype that can be used as a basis for more robust solutions that fit into governments' existing architecture.
How Can You Help?
There are a number of ways you can help. You can:
- We need non-English translations: https://github.com/CrunchyBagel/TracePrivately/issues/30
- We need an Android implementation: https://github.com/CrunchyBagel/TracePrivately/issues/32
- We need testing (download, install, try the app - submit any issues you find). Pull requests with unit tests also welcome.
- Suggestions, ideas, thoughts about any aspect of the app.
Instructions
Key Server
The mobile app communicates with a server to retrieve infected keys. API specification: https://github.com/CrunchyBagel/TracePrivately/blob/master/KeyServer/KeyServer.yaml
Current server options:
- PHP: This project contains a reference implementation in PHP: https://github.com/CrunchyBagel/TracePrivately/tree/master/KeyServer
- Ruby: https://github.com/tatey/trace_privately by @tatey.
- Includes a 1-click setup process for quick deployment
- Vapor (Swift): https://github.com/kevinrmblr/traceprivately-server
- Go: https://github.com/dstotijn/ct-diag-server
- Create your own, either according to the above OpenAPI specification or by creating your own adapter implementing
KeyServerAdapter
.
iOS App
- Configure
KeyServer.plist
to point to your server- The endpoints are constructed by joining
BaseUrl
with each corresponding endpoint value. - Authentication is optional. Remove the
Authenticaftion
key to disable. Otherwise, the types available are:receipt
: Submit the App Store receipt data to theauth
endpoint. This data isn't available in developmentdeviceCheck
: Submit the info fromDeviceCheck
to theauth
endpoint. This is only available from iOS 11.
- The endpoints are constructed by joining
- Configure
ExposureNotifications.plist
to control how exposures are scored.- This is based on weighting of attenuation, duration, days since exposed and risk level.
- Defaults in app are based on Apple's example in their documentation.
- Refer to Apple's documentation for more info: https://www.apple.com/covid19/contacttracing
- Configure
SubmitConfig.plist
if you want the user to submit additional information with a positive diagnosis.- This system is extensible and localizable.
- You will need to configure your server to save and use this data accordingly.
- For example, your workflow for approving new infected keys may involve reviewing this data before approving the submission.
- Build and run in Xcode
Workflow
If you're using the sample PHP implementation, it goes something like:
- App: Enable tracing in the app
- App: Submit that you're infected
- Server: Approve submission using the
./tools/pending.php
and./tools/approve.php
scripts.
Those keys are now in the infected list so they can be matched against.
Localizations
If you can help translate the app, please help our crowd-sourced effort here:
https://traceprivately.oneskyapp.com/collaboration/project?id=170066
Currently available in: English, French, Spanish (ES, MX), Portuguese (PT, BR), German, Chinese (Simplified and Traditional), Croatian, Serbian, Japanese, Estonian, Latvian, Dutch, Italian, Ukrainian, Hindi, Arabic, Catalan, Hebrew.
Screenshots
- Updated Demo Video (21-Apr-20): https://youtu.be/EAT3p-v2y9k
- Original Demo Video (17-Apr-20): https://youtu.be/rVaz8VQLoaE
This screenshot shows how you can use the start/stop tracing shortcuts with automations. User is still manually prompted to start tracing, but this will initiate it automatically when you leave home:
Other
- Please submit suggestions and pull requests so this can function as best as possible.
- Refer to the
KeyServer
directory for information about the server-side aspect of contact tracing. - Android? If you would like to build a clone of this iOS app in Android we can include or link to it from this repo.
License
Refer to the LICENSE
file.