by ProteGO-Safe

ProteGO-Safe / android

Aplikacja Android

139 Stars 45 Forks Last release: about 1 month ago (4.4.0) GNU General Public License v3.0 506 Commits 19 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

STOP COVID - ProteGO Safe Android app


Project overview

This is an Android application for STOP COVID - ProteGO Safe project and it implements two main features: * User daily triage - //TODO description to be provided or linked to main documentation// * Contact tracing - module that is fully based on Exposure Notification API provided by Google and Apple and it's goal is to inform people of potential exposure to COVID-19

Applicaiton is structured based on Clean Architecture pattern and Presentation (UI) layer is almost fully realized with a single Fragment (HomeFragment) with a WebView control that loads a website application called 'PWA'. PWA is responsible for GUI, user interaction and 'User daily triage' feature. A website app interacts with a native code through the JavaScript bridge and is described widely here. Native application business logic is implemented in a HomeViewModel and it decides what kind of UseCase should be executed based on application state. UseCases are defined in a Domain layer and they call methods from proper repository. Repositories implementations are either in a Data module (responsible for everything that is data related - storing, fetching or manipulation) or Device module (device specific APIs not directly related to data).

App implements contact tracing module that is based on ExposureNotification API (EN) and we can extract couple of features related to this: * Controlling EN: start, stop, check if device supports it, check what is its state * Uploading Temporary Exposure Keys (TEKs) of positively diagnosed user verified by the application: authorize user for TEKs upload, get TEKs from EN, add proper verification data (using SafetyNet API), upload data to the Cloud Server. * Downloading periodically files with batch of TEKs of positively diagnosed users (that recently uploaded their TEKs): execute periodic task responsible for downloading recently created .zip files (it fetches list of available files from CDN, selects only not yet analyzed files and downloads only these ones) * Providing files to EN API for detecting exposures: get proper configuration for risk calculation (Exposure Configuration), fire EN API with list of downloaded files and configuration, delete analyzed files * Receiving information about detected exposures: register broadcast receiver about exposures, get information about exposures, store part of information (day of exposure, risk score and duration that is in 5 minutes intervals but max 30 minutes) * Reporting risk level to the PWA: extract risk scores of saved exposures and calculate risk level, pass risk level to PWA * Removing historical data: remove information about exposures older than 14 days

Project structure

This is multi-module Android Studio Project. It can be compiled with gradle commands, or from Android Studio user interface.

Project modules

  • app - all the classes related to the Android UI such as view models, adapters, views, dependency injection
  • domain - in this module we place all objects that will interact with other layers
  • data - contains everything related to data persistence and manipulation
  • device - has everything related to Android that’s not data persistence and UI

Build Variants

Application has 3 flavours matching environments: Prod, Stage, and Dev.

Flavours have different:

  • Firebase configurations
  • URL for PWA

There are two build types: release, and debug.

Setup of the app

To get started on the app, setup and configure the following: 1. ./

  1. Firebase - google-services.json

Config parameters in

| Name | Description | | ---------------------------------- | ------------------------------------------------------------ | | STAGINGGETACCESSTOKENENDPOINT | Endpoint for HTTPS call to validate PIN and get proper access token for TEKs upload (development type of application) | | STAGINGUPLOADBUCKETENDPOINT | Endpoint for HTTPS call to upload TEKs (development type of application) | | STAGINGSTORAGEBUCKETENDPOINT | Endpoint for CDN with Diagnosis Keys (development type of application) | | STAGINGSAFETYNETAPIKEY | SafetyNet device attestation API Key (development type of application) | | PRODUCTIONGETACCESSTOKENENDPOINT| Endpoint for HTTPS call to validate PIN and get proper access token for TEKs upload (production type of application) | | PRODUCTIONUPLOADBUCKETENDPOINT | Endpoint for HTTPS call to upload TEKs (production type of application) | | PRODUCTIONSTORAGEBUCKETENDPOINT | Endpoint for CDN with Diagnosis Keys (production type of application) | | PRODUCTIONSAFETYNETAPIKEY | SafetyNet device attestation API Key (production type of application) | | SHAREDPREFERENCESFILE_NAME | File name for Shared Preferences storage |

Firebase and google-services.json

Setup Firebase for the different environment. Download the google-services.json for each of environment and put into proper directory:

Prod: ./app/src/prod/google-services.json

Stage: ./app/src/stage/google-services.json

Dev: ./app/src/dev/google-services.json



Added translations for English and Ukrainian languages

Updated UI


Updated UI


Updated app name

Updated UI

Added validation of Temporary Exposure Keys before upload

Getting and setting application language/locale (not supported by UI yet)


Updated GIS recommendations


Updated PWA

Passed app version to PWA

Updated certification pinning


Updated PWA


Increased connection timeouts

Handled upload errors

Updated PWA


PWA GUI migrated to offline version (local assets)

Migration of PWA data from previous versions added

Improved device verification check (missing Google Play services handled properly)

Risk level thresholds added as configuration

VPN connection problem fixed (still valid for keys upload)

Improved download files process (omitting not existing files)


Security fixes added: - Migration of Firebase Cloud Functions to HTTP calls - Certificate pinning for HTTP calls and PWA application - Preventing app screen recording/taking screenshots - Warning about rooted devices displayed on first app launch - In-app updates added

Config changes


Exposure Notification API added

OpenTrace module fully removed together with all collected data

New types of communication with PWA via JS Bridge


Fixed wrong condition for battery optimization check for Android 5

SafetyNet check disabled


Improved Bluetooth module operation

Added support for deleting all data collected by Bluetooth module


Added OpenTrace module for collecting BLE contacts


Basic version with PWA, and notifications

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.