Hi!

Is it possible to access aggregated data stored for analytics? If so, how can one do that?

Apparently, the API link from documentation is broken, although I am unsure if that is the right place to find the answer.

For educational and research purposes.

https://github.com/nhsx/covid19-app-system-public/blob/a41ee3c966c4f59ff0b1e7c3ff8aeb70b1c2d312/src/static/risky-post-districts.json#L2

Hi,

Is postDistricts in the above code snippet supposed to be an object or array?

Describe the bug
In: covid19-app-system-public/src/static/exposure-configuration.json

The latest commit reduces the V1 risk threshold to 3 mins, but durationLevelValues zeroes out all interactions under 15 mins.

To Reproduce
(Interested on-looker reading through the code - apologies if I'm getting the wrong end of the stick)

Check: CKV_AWS_76: "Ensure API Gateway has Access Logging enabled"
FAILED for resource: aws_apigatewayv2_stage.this
File: /src/aws/libraries/submission_api_gateway/main.tf:35-46
Guide: https://docs.bridgecrew.io/docs/logging_17

To Reproduce
Steps to reproduce the behavior:

1. Install https://github.com/bridgecrewio/checkov (Checkov is a static code analysis tool for infrastructure-as-code.)

Expected behavior
Previously failed steps pass

Describe the bug
In TransmissionRiskLevelApplier.kt I see the following:

// COV-3804: We don't want keys from before 2 days prior to onset of symptoms
private const val PRIOR_DAYS_THRESHOLD = -2

Is this choice of -2 days in sync with the corrected version of He et al. (2020) ?

Expected behavior
In their recommendation they write: Therefore, from a contact-tracing viewpoint, it may be adequate to enquire about close contacts up to 3 days before the index first shows symptoms. So

private const val PRIOR_DAYS_THRESHOLD = -3

seems a more natural choice? Or how is the -2 motivated?

Hi there,

Will you ever integrate the Gateway Service?
It's being implemented by several countries. I belive this could be very useful for people travelling abroad for work or for holidays purposes.
I use to go abroad quite frequently and I would find it really helpful.

Thank you.

Check: CKV_AWS_52: "Ensure S3 bucket has MFA delete enabled"
FAILED for resource: aws_s3_bucket.this
File: /src/aws/libraries/conpan_s3/main.tf:5-37
Guide: https://docs.bridgecrew.io/docs/bc_aws_s3_24

Check: CKV_AWS_52: "Ensure S3 bucket has MFA delete enabled"
FAILED for resource: aws_s3_bucket.this
File: /src/aws/libraries/repository_s3/main.tf:9-36
Guide: https://docs.bridgecrew.io/docs/bc_aws_s3_24

Check: CKV_AWS_52: "Ensure S3 bucket has MFA delete enabled"
FAILED for resource: aws_s3_bucket.this
File: /src/aws/libraries/analytics_s3/main.tf:7-51
Guide: https://docs.bridgecrew.io/docs/bc_aws_s3_24

Check: CKV_AWS_52: "Ensure S3 bucket has MFA delete enabled"
FAILED for resource: aws_s3_bucket.destination
File: /src/aws/libraries/submission_s3/main.tf:89-106
Guide: https://docs.bridgecrew.io/docs/bc_aws_s3_24

To Reproduce
Steps to reproduce the behavior:

1. Install https://github.com/bridgecrewio/checkov (Checkov is a static code analysis tool for infrastructure-as-code.)

Expected behavior
Previously failed steps pass

The documentation states a threshold of 15mins at 2 metres. However the "API Mode 2" code has never looked consistent with that. It's as if there's either a weirdly simple bug in the app, or the public documentation is quite misleading.

Am I missing something here?

https://covid19.nhs.uk/risk-scoring-algorithm.html

For each encounter, a score is calculated as follows:

• Estimated within 1m of the other device: total time spent within 1m
• Estimated 1m or beyond from the other device: sum of [total time at each distance / distance squared]

The risk threshold for the app has been set to identify high-risk encounters based on [...] where an individual has been within 2 metres of someone who has tested positive for Coronavirus for at least 15 minutes.

(15min * 60) / (2m * 2m) = 225 points. But the risk threshold is 100 points, not 200:

  "v2RiskCalculation": {
    "daysSinceOnsetToInfectiousness": [0,0,0,0,0,0,0,0,0,1,1,1,2,2,2,2,2,2,1,1,1,1,1,1,0,0,0,0,0],
    "infectiousnessWeights": [0.0,0.4,1.0],
    "reportTypeWhenMissing": 1,
    "riskThreshold": 100
  }

https://github.com/nihp-public/covid19-app-system-public/blob/b0871e684c526/src/static/exposure-configuration.json#L86

I've chased through the public app code. I can't judge how it determines the distance, but I can look at what it does with the result. It looks very consistent with the algorithm above.

(Note: the above applies during the 6 peak days where someone is considered "100% infectious". During the other 9 days of the window, they are considered "40% infectious", so the threshold would be about 17 minutes instead of about 7.)

Describe the bug

The self-isolation end date in the app disagrees with the instructions sent by NHS Test & Trace by 1 day, and by the date implied by the NHS guidelines by 2 days.

To Reproduce

Develop symptoms on one day (say the 6th for example). Check the NHS guidelines for self-isolation, which suggest isolating until, and including the 16th.

Receive a positive PCR test result on the 8th, along with instructions to self-isolate until, and including the 17th.

Open the app to find a big flashing alert telling you to isolate until 23:59 on the 18th.

Expected behavior

A single, definitive date for the end of self-isolation.

Screenshots

The Architecture Guidebook mentions scenarios and decisions but both are missing from the repo.

Are these documents intended to be public?

To Reproduce
Browse to https://github.com/nhsx/covid19-app-system-public/blob/master/doc/architecture/ag-architecture-guidebook.md#quality-scenarios-and-decisions
Click "current scenarios" or "Architectural Decision Records ADRs"

Expected behavior
The scenarios or decisions are displayed

Actual Behavior
404 page

Hey. I've noticed that this repository is still open: https://github.com/nhsx/COVID-19-app-Documentation-BETA
Looking at PRs and issues on other repos, it sounds like you've changed the design a lot since that repo was last updated.

So is that repo still up to date? And if not, perhaps you should archive it? I was a little confused this morning whilst trying to look through your source code repositories for design docs.

Do the docs in this repository (https://github.com/nhsx/covid19-app-system-public) now cover all of the architectural design?

P.S. Sorry for raising this here rather than there. It seems I can't raise issues in that repository.

Check: CKV_AWS_28: "Ensure Dynamodb point in time recovery (backup) is enabled"
FAILED for resource: aws_dynamodb_table.this
File: /src/aws/modules/federation_keys_processor/main.tf:34-43
Guide: https://docs.bridgecrew.io/docs/general_6

To Reproduce
Steps to reproduce the behavior:

1. Install https://github.com/bridgecrewio/checkov (Checkov is a static code analysis tool for infrastructure-as-code.)

Expected behavior
Previously failed steps pass

The API contracts for all exposed endpoints based on a small number of patterns.

The "API contracts" link results in a 404 page.
Content missing.

Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled"
FAILED for resource: aws_s3_bucket.this
File: /src/aws/libraries/conpan_s3/main.tf:5-37
Guide: https://docs.bridgecrew.io/docs/s3_16-enable-versioning

Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled"
FAILED for resource: aws_s3_bucket.this
File: /src/aws/libraries/repository_s3/main.tf:9-36
Guide: https://docs.bridgecrew.io/docs/s3_16-enable-versioning

Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled"
FAILED for resource: aws_s3_bucket.this
File: /src/aws/libraries/analytics_s3/main.tf:7-51
Guide: https://docs.bridgecrew.io/docs/s3_16-enable-versioning

Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled"
FAILED for resource: aws_s3_bucket.this
File: /src/aws/libraries/distribution_s3/main.tf:5-33
Guide: https://docs.bridgecrew.io/docs/s3_16-enable-versioning

Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled"
FAILED for resource: aws_s3_bucket.this
File: /src/aws/libraries/submission_s3/main.tf:6-49
Guide: https://docs.bridgecrew.io/docs/s3_16-enable-versioning

Check: CKV_AWS_18: "Ensure the S3 bucket has access logging enabled"
FAILED for resource: aws_s3_bucket.destination
File: /src/aws/libraries/submission_s3/main.tf:89-106
Guide: https://docs.bridgecrew.io/docs/s3_13-enable-logging

Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled"
FAILED for resource: aws_s3_bucket.this
File: /src/analytics/libraries/analytics_s3/main.tf:5-32
Guide: https://docs.bridgecrew.io/docs/s3_16-enable-versioning

To Reproduce
Steps to reproduce the behavior:

1. Install https://github.com/bridgecrewio/checkov (Checkov is a static code analysis tool for infrastructure-as-code.)

Expected behavior
Previously failed steps pass

Describe the bug
Error when moving from an old iPhone to a new one

To Reproduce
Steps to reproduce the behavior:

1. Install the covid app
2. Migrate to a new iPhone
3. Go to the covid app
4. See error

Expected behavior

In the covid app you will see the below error:
Unfortunately, you can't run this app.
This could be due to:
A restriction in your settings (for example, if this is a company phone)
Another app on your phone is using the same technology and stopping the app from working.

In the exposure notification settings you will the exposure logging status set as inactive but still connected

Screenshots
If applicable, add screenshots to help explain your problem.
https://postimg.cc/gallery/BJ3vw4G

Desktop (please complete the following information):

• OS: iOS
• Browser safari

Smartphone (please complete the following information):

• Device: iPhone 11 Pro Max -> iPhone 12 Pro
• OS: IOS 14.1
• Browser safari

** Temp Fix for users **

• Select turn of exposure notifications in settings
• Go back to the covid app and it works

** Potential fix **

• Add a link to the exposure notification settings page with steps to disable exposure notifications in an attempt to fix

In the Architecture guide, the link about the GAEN framework under the Functional and technical domains is broken, i.e. this link:

https://static.googleusercontent.com/media/www.google.com/en//covid19/exposurenotifications/pdfs/Android-Exposure-Notification-API-documentation-v1.3.2.pdf

As per recent ticket closures; "As this is not the primary working copy of the source code, we cannot apply the patch to this repository, otherwise it will diverge from the upstream code."

Where is the primary working copy of the source code?

The NHS reports that the source code for the app is made available and links to this repository from this page:
https://faq.covid19.nhs.uk/article/KA-01157/en-us?parentid=CAT-01028&rootid=CAT-01024

Either the code is open source or it isn't. If the primary working copy of the source code is not available, then the app is not open source. Please can you clarify.

Describe the bug
Cloudfront appears to use US resources

To Reproduce
web_acl.tf has
data "aws_wafv2_web_acl" "this" {
name = var.waf2_web_acl
scope = "CLOUDFRONT"
provider = aws.us_east
}

provider "aws" {
alias = "us_east"
region = "us-east-1"
}
Expected behavior
data "aws_wafv2_web_acl" "this" {
name = var.waf2_web_acl
scope = "CLOUDFRONT"
provider = aws.eu-west
}

provider "aws" {
alias = "eu-west"
region = "eu-west-2"
}

Check: CKV_AWS_86: "Ensure Cloudfront distribution has Access Logging enabled"
FAILED for resource: aws_cloudfront_distribution.this
File: /src/aws/libraries/cloudfront_download_facade/main.tf:10-89
Guide: https://docs.bridgecrew.io/docs/logging_20

Check: CKV_AWS_86: "Ensure Cloudfront distribution has Access Logging enabled"
FAILED for resource: aws_cloudfront_distribution.this
File: /src/aws/libraries/cloudfront_upload_facade/main.tf:11-197
Guide: https://docs.bridgecrew.io/docs/logging_20

Check: CKV_AWS_86: "Ensure Cloudfront distribution has Access Logging enabled"
FAILED for resource: aws_cloudfront_distribution.this
File: /src/aws/libraries/cloudfront_submission_facade/main.tf:11-273
Guide: https://docs.bridgecrew.io/docs/logging_20

Check: CKV_AWS_86: "Ensure Cloudfront distribution has Access Logging enabled"
FAILED for resource: aws_cloudfront_distribution.this
File: /src/aws/libraries/cloudfront_distribution_facade/main.tf:11-331
Guide: https://docs.bridgecrew.io/docs/logging_20

Check: CKV_AWS_86: "Ensure Cloudfront distribution has Access Logging enabled"
FAILED for resource: aws_cloudfront_distribution.this
File: /src/aws/libraries/cloudfront_conpan_facade/main.tf:20-99
Guide: https://docs.bridgecrew.io/docs/logging_20

To Reproduce
Steps to reproduce the behavior:

1. Install https://github.com/bridgecrewio/checkov (Checkov is a static code analysis tool for infrastructure-as-code.)

Expected behavior
Previously failed steps pass

The condition in this line will never be triggered since it is subsumed by the if; any number greater than 500 is already greater than 300. Perhaps replace the elif by an if.

In this line. I guess this file is not (yet) used in anger 😄

Check: CKV_AWS_34: "Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS"
FAILED for resource: aws_cloudfront_distribution.this
File: /src/aws/libraries/cloudfront_conpan_facade/main.tf:20-99
Guide: https://docs.bridgecrew.io/docs/networking_32

To Reproduce
Steps to reproduce the behavior:

1. Install https://github.com/bridgecrewio/checkov (Checkov is a static code analysis tool for infrastructure-as-code.)

Expected behavior
Previously failed steps pass

The 'Contact Tracing' setting is switched off and remains switched off even after trying to switch it on

1. Open the app
2. Try to enable Contact tracing by clicking the greyed switch
3. Choose an option (4 hours, 8 hours, 12 hours or Don't remind me), same with any of them.
4. Contact tracing remains off.

After clicking that switch I'd expect Contact tracing to be on.

• Device: iPhone 11
• OS: iOS 14.01.1

Bluetooth is on and I tried after rebooting the phone too.