Please improve transparency - apps diverged from documentation, possibly safety-critical feature missing #302
Comments
kbobrowski
added
bug
|
As always @kbobrowski's issues are second to none in terms of clarity and importance. I totally second this issue. Hats off, also for the way in which you make sure that your issue is focused on positive outcomes and that you are not criticising the maintainers. Great lesson for me. |
|
thanks @corneliusroemer - we are all in the same team, fighting against the virus |
tkowark
added
app android
|
What is the status of this? Are the currently shipped iOS and Android apps using the 24h period and max notification delay can therefore be up to 48h? What was the reason to switch to 24h? |
|
I agree that a potential 48 hour delay is too long to be effective. Given the fact that this could lead to exponential spread within this time frame, is is rather unacceptable. Shorter feedback loops also allow for greater App acceptance. Hotfix! |
|
You can check out the details in #236. As far as I understand, the Exposure Notification API has rate limits on API calls. Apparently, discussion on whether or not those rate limits allow shorter than 24h update intervals is still ongoing. This ticket is about requesting a documentation change, as far as I understand. |
|
Explanation of technical details behind these long delays was provided by SAP here: https://github.com/corona-warn-app/cwa-backlog/issues/2#issuecomment-647740143 - it boils down to specific restrictions imposed by Google / Apple on the number of times matching with diagnosis keys can be performed a day. Factor which plays a role here is that Google and Apple frameworks are not consistent, Google allows to call its framework 20 times a day with multiple files (but these files should belong to coherent batch - framework cannot be just called with any combination of downloaded files). Apple has hard limit of 15 files that can be submitted a day. It seems that these issues were discovered late in the development process. Important factor here is that there is a formal requirement that both iPhone and Android apps developed by SAP should behave consistently when it comes to delay in exposure notification: https://github.com/corona-warn-app/cwa-backlog/issues/2#issuecomment-647777484 Good news is that Google is working on an update which would allow to pass files from different batches in one call, which would allow short (~ 3 hours) notification time without making deep changes to current architecture. Not sure what is Apple approach to it - whether they will push similar update as well. |
MarlisFriedl
added
the
mirrored-to-jira
|
@kbobrowski Is this issue obsolete and can be closed now? |
|
I have just checked the linked Jira issue. Jira Ticket is flagged as: Developer comment: |
(note: this in not a duplicate of https://github.com/corona-warn-app/cwa-backlog/issues/2, but it needs some introduction)
First, I would like to state that so far I had very good experience discussing the project with SAP, especially when it comes to transparency, nevertheless I think that there is always room for improvement.
Android app (cannot speak for iOS, maybe someone else can check) was launched with (what I consider) safety-critical feature stripped off shortly before launch. Original design assumed frequent querying of the data of infected people from the servers (so called Diagnosis Keys), as documented in multiple places in solution architecture: here, here and here. This was reflected in the implementation up to about 10 days before launch, when downloading only daily bundles of Diagnosis Keys has been introduced (dropping downloading of hourly bundles). Furthermore, querying interval for new bundles has been increased from 2 hours to 24 hours.
As a result, delay between infected person notifying the system about infection and contact person receiving exposure notification can be as large as 48 hours. In original design it used to be about 3 hours.
In the first answer of official FAQ the Federal Government states that:
I can refer those interested in technical discussion about this issue here: https://github.com/corona-warn-app/cwa-backlog/issues/2, but as the subject of this issue I would like to propose to implement transparency features which would satisfy following user stories:
As the user of the app, I would like to know how much time it takes from the moment infected person shares data with the system, to the moment I am informed about contact with this infected person, if this contact was epidemiologically relevant. This is critical for safety of my family, friends, and people around me.
As the user of the app, I would like to be kept up to date with any temporary or permanent obstacles which affect performance of the system (e.g. increased time to notify me about exposure). I would like to know the reasons for it explained in as clear language as reasonably possible, and I would like to see a roadmap SAP is taking to resolve it.
As the user of the app, I would like see that official documentation always reflects what is implemented in the code, so I don't have to read through the code to fully understand limitations of the system.
As the software engineer supporting development of CWA, I would like to be informed in depth about technical details related to obstacles which affect performance of the system (like significantly increased delay in exposure notification), to be able to support SAP team with solving it. Discussion about these technical details should be transparent, and conducted in open GitHub issue, or at least a summary of such discussion should be published as GitHub issue (it may be more practical for a team to discuss it in person first).
As a first step in this direction, it would be great to describe in depth details behind a decision to increase this notification time up to 48 hours: why initially much shorter notification time was considered, and what triggered the change. Hopefully the discussion will continue in https://github.com/corona-warn-app/cwa-backlog/issues/2.
Please also note that I'm not suggesting that SAP is not transparent, nor I'm directing this issue against any SAP employees. Furthermore, I understand the dynamism of developing app with such short delivery deadlines - I'm not opening this issue to complain that launched apps may be still rough around the edges (that's normal), but just to indicate the need for more communication about critical issues, including described issue and any future issues that may arise (I've almost missed this delay issue, if server with test data was not online before app launch, or under different domain than production version I would probably learn about it much later, or not at all).
Thank you!
Internal Tracking ID: EXPOSUREAPP-1567
The text was updated successfully, but these errors were encountered: