Functioning of the application
System for exposure notification on COVID-19 disease
For its functioning, the application requires the Google/Apple Exposure Notification (GAEN) system, which is part of the operating system and is installed independently of the application. The system can only be activated after an installation of an application.
Temporary exposure keys and rolling proximity identifiers
GAEN generates a temporary exposure key every day from which a random rolling proximity identifier is generated every ten minutes. This is a condensed value of the temporary exposure key and is additionally encrypted together with a time interval.
Exchange of random rolling proximity identifiers
Through Bluetooth Low Energy technology, smart devices exchange random rolling proximity identifiers, and, on the basis of the Bluetooth signal strength, the application assesses the distance between two devices.
Storage of temporary exposure keys and rolling proximity identifiers
All important data is found in GAEN. The received rolling proximity identifiers are stored for 14 days. After 14 days, GAEN deletes the user’s temporary exposure keys and the rolling proximity identifiers received from other devices.
Once the mobile device transfers the list of all available temporary exposure keys of users who have confirmed their infection, the exposure notification system checks locally if any of the keys match the locally collected rolling proximity identifiers. In case of a match, the risk is assessed, and the user receives further instructions.
#OstaniZdrav does not collect data on user's location or movement
The #OstaniZdrav app does not track the user's location, and it does not have permission to do so. A notification that appears during the application's installation is only a requirement of the Google Android system. The Bluetooth system can only detect other phones in the immediate vicinity of the user's phone if the user has turned on their location function. This does not mean that the app installed on smartphones using Bluetooth automatically tracks the location of the user's phone.
In order for it to work, the #OstaniZdrav app must be able to detect devices in immediate vicinity. Therefore, the location function must be turned on in the general system settings. However, the app will never use GPS locations and will not record the user's location, which is also stated in the Data protection information.
This can be verified by following these steps:
- Find the location function in your phone’s settings.
- In location settings select App permission.
- A list of apps appears. You can see the apps that you have allowed to use your location. You can also give or refuse permission for apps to use your location. #OstaniZdrav does not need such permission and will not appear on the list.
More technically savvy users or experts can also confirm that the app really does not use the location data by checking publicly available source codes on the Github portal or by checking the app’s security settings in detail. It is recommended that users check for themselves which apps installed on their phones they have allowed to access location, and further that they only give such permission to apps they trust or for which access to location is really necessary.