-
Notifications
You must be signed in to change notification settings - Fork 285
App does not work if the device UTC time differ more than 2h from the correct UTC time #1097
Comments
Somewhat related: corona-warn-app/cwa-wishlist#88 If this issue is affecting both iOS and Android it should probably be moved to the documentation repo. |
Hi @Tho-Mat, thank s for sharing your content. We will keep and discuss this point with our development team and will come back to you as soon as possible. Thank you. Best, Corona-Warn-App Open Source Team |
Hello @Tho-Mat Hello @daimpi , if both of you agree I would close this issue here because this topic is similar to corona-warn-app/cwa-wishlist#88 . Based on corona-warn-app/cwa-wishlist#88 the community discuss this with our development team and I will come back to you as soon as possible. Thank you. Best, Corona-Warn-App Open Source Team |
@Marco2907 |
I also don't think closing this issue is right… If anything I think this issue here should probably be moved to the documentation repo, as it affects both iOS and Android. |
Hi @daimpi , sorry for the late response and misunderstanding, I will keep this issue to discuss with our development team. I will come back to you as soon as possible. Thanks, Corona-Warn-App Open Source Team Internal Tracking ID: EXPOSUREAPP-2591 |
This may be the next wrong time issue |
At the moment 2 of 4100 users that submit their keys seem to use the wrong time. |
And again corona-warn-app/cwa-server#764 (comment) So, if the assumption of wrong date/time is right, this should be fixed soon. |
and again... |
@JoachimFritsch |
and another |
Hi @Tho-Mat , thanks for raising this. We are currently looking into this with CWA Engineering and our partners in order to better understand the impact of this. As you already suggested, we could interact with an external time server to check whether system time is off by more than e.g. 2 hours. While this sounds simple, integrating external services requires lots of iterations and approvals, depending on their service agreement. Alternatively, we could share the server time with the client, for example in an HTTP header, but this also comes with the challenge of accuracy on slow network, etc. My assumption is that in the end, we might only be able to inform users about the side effects of incorrect time settings and the risks associated with this. We’ll keep you posted as we proceed in the discussions. Oh, and btw, I think 5 of 4871 is rather 0,1% than 1% 😉 |
On the other hand with the missing 6 only those users are counted that have a time far in the future. One easy solution would be to transmit the device time with the key-upload. Theoretically the server then could refuse the data, if device time is incorrect. What about: Time-share sounds nice for the moment. Best solution could only be made by Google/Apple, if they save the correct time and not the But at the moment we do not have this, so a solution has to be found with the things we can make ourselves. |
|
don't understand me wrong. With What are the plans to solve this? |
A question on this missing key. |
@ndegendogo |
again we got the issue on: Does anybody know when the first IOS14.0 beta was released, that supports cwa? |
Beta 4 was the first iOS 14 version which supported ENF afaik. I think it was released around the time when I made this post to update the respective FAQ entry (4th August). |
Or, possibly to Apple's new implementation of the ENF that supports the API version 2. |
@thomasaugsten |
Hi I have first results here and it looks like Google and Apple following this +-2h window. I will create tickets to help the users with an incorrect time |
What do you mean about tickets? It is not enough to just add a new entry to the FAQ. Nobody with incorrect time will read it. |
@thomasaugsten |
Ticket mean we created a backlog item to create a design to warn people with incorrect time and please them to correct the time. |
@thomasaugsten |
They use the device time set by The user |
While IMHO the published code can’t be the production code, I think this shows what Google is doing with the 2 hour window: https://github.com/google/exposure-notifications-internals/blob/e953a09dd3c20c04dfa29e362eef461890dac25c/exposurenotification/src/main/java/com/google/samples/exposurenotification/matching/ExposureMatchingTracer.java#L648 The expensive operation is AES, not the 16 byte comparison. |
Not really solved, but improved with 1.7.0: The app will now show a message to the user if the device time is not correct. |
Thanks, @Ein-Tim. |
HI @Tho-Mat This has been fixed already in release 1.11. Related internal ticket EXPOSUREAPP-2998.I suggest closing this issue. Corona-Warn-App Open Source Team |
Also related: EXPOSUREAPP-3065 |
Describe the bug
According to:
corona-warn-app/cwa-server#723
@michael-burwig reports: "We do not check whether an end device has its time set correctly."
As far as I understand:
The correct UTC-time of a device is very important.
If the times of two meeting devices defer more than 2h, i.e. |t1-t2|>2h then no key-match will be found, if one of them reports his/her/its infection.
Moreover: if the device of the infected user with an UTC-time & date ti that defers more 2h from the correct UTC-time tu, i.e.
|ti-tu|>2h, then all of the transmitted keys are invalid / useless for others.
On the other hand, if the device time of an CWA user is wrong, he will receive the keys but no match will be found, also.
Note: Even the device shows the correct time and date the UTC-time may be wrong.
I assume IOS and Android devices are effected?
Expected behaviour
The user-set device time should not be important for value matching.
I could not find any information about that.
Possible Workaround
As long as the OS uses the (user-set) device time and not the correct time (from internet, GPS or mobile network) to store the received BT-keys and their own active day-keys, the CWA app should check if the device time is set correct.
The user should be informed that he has to set his device-time to the correct value to ensure the app will work.
This could be done by calling an external time server or a one to be implemented on the CWA server.
Additional context
https://blog.google/documents/69/Exposure_Notification_-_Cryptography_Specification_v1.2.1.pdf page 9
https://app.slack.com/client/T019BKJF80K/C0194ML0MLN/thread/C0194ML0MLN-1598688186.242400
Thanks to Michael Huebler and Paul-Olivier Dehaye
Internal Tracking ID: EXPOSUREAPP-2591
The text was updated successfully, but these errors were encountered: