Exposure check history retained for more than 14 days #1020
Comments
|
The count increased today from 223 to 237 (difference of 14), which shows that counts stemming from a period previous to the last 14 days are incorrectly not being aged out. |
|
Hello @MikeMcC399, thank you for reaching out. Also, it is important to know that Google is managing the COVID-19 exposure notifications in your Android settings. This is something we cannot influence with our Corona-Warn app. After you have shared the JSON file, we can verify that the calls are either from the past 14 days or from even more days than just the last 14 days. Thank you, Corona-Warn-App Open Source Team |
|
Dear LMM @GPclips, Thank you for your response. Unfortunately the issue Exposure Checks only show 100 entries in the log (Android) #941 reported by @daimpi means that the json file cannot be used to successfully investigate this issue (#1020). Not only are the Exposure checks in the "Export exposure checks" function, and in the UI display, limited to 100, they are also the most recent exposure checks. They therefore only go back 7 days until Aug 7. We are however interested in the older Exposure checks, which are not shown nor exported. Here is an Excel analysis of the timestamps and the number of records exported:
Here is the file which you requested in any case: Google @nic0lette advised in https://github.com/google/exposure-notifications-internals/issues/3 that issues with the Exposure Notification System need to be passed through the Public Health Authority/App developer in my region, so that is why I am reporting the issue here. The Google UI is a useful interface for checking the detailed working of the exposure notification part of the German CWA app, so it makes sense to try to get bugs and limitations in this interface addressed by Google. |
ghost
assigned 
|
I remember that before the Exposure Check log was limited to 100 entries, it contained 17 days. Can we ask the Google developers to change the text into "Überprüfungen innerhalb der letzten 17 Tage"? |
There is an inconsistency in the information which Google displays, and I agree that it seems like 17 days is being reported. So either Google ENS needs to say that 17 days are reported, and to change the text which says "Random IDs are automatically deleted after 14 days" or the number of checks displayed needs to be limited to 14 days. |
|
I can now provide a log file all-exposure-checks 2020 08 26.zip with 16 day's entries. This is from a mobile device running Exposure Notification System 16203302004. The issue #941 which limited the number of exportable exposure checks to 100 records has been solved and is closed. The text on Google's Exposure Notification System page on the mobile device |
|
After installation of CWA 1.5.0 today, October 19, 2020 need to wait at least 14 days to check new exposure check sums. |
|
Fingers crossed! |
|
Hi @MikeMcC399 The issue that i described https://github.com/corona-warn-app/cwa-app-android/issues/1535 appears in the "version 17203915000" of the exposure notification system. |
|
@vaggelisdouros Due to a reset on my device on Oct 23, 2020 I lost the previous exposure checks from the logs. I am now waiting to see what happens in the next days. It currently says 14 checks in the past 14 days and I'm expecting that number to increase then stop as older entries are aged out. |
|
I can confirm that on my device it now says
And the oldest entry is 15 days old (today: 05.11., oldest entry: 21.10.) I guess the expected/correct behavior would be to see the oldest entry to be 14 days old which would mean "15 checks in the past 14 days". But tbh: I don't mind the current behavior, given that this additional entry which slightly extends over the RPI retention period could sometimes be helpful for debugging and/or understanding how ENF is working. My device:
|
|
@daimpi In the meantime we understand what the exposure check log means, the entries have been reduced to one per day, they are sorted by date, and the limit on the number of entries which can be exported has apparently been increased to 300. I am also not concerned if ENS saves 16 instead of 14 days worth of logs. We may however want to document a final case together and put it to the Open Source Team to see if they are willing to address it to Google, but I think it is a cosmetic level of severity only with no impact to the core functionality of CWA. |
|
@svengabr, @GPclips and Open Source Team Please consider passing this report to Google or if you consider it unimportant please close the issue . The Google Exposure Notification System (including the latest Version 18204215000) on Android says in the user interface: The example log of exposure checks shows that the history of an individual exposure check is deleted after 15 complete calendar days have expired. In the table below, the entry for 23 October 2020, 18:04 was present in the log when it was viewed yesterday, 7 November 2020 and then was no longer present when the log was viewed one day later, today, on 8 November 2020. The date 23 October 2020 is 16 days before the current date 8 November 2020. So if the statement "Random IDs are automatically deleted after 14 days." is supposed to be applied also to exposure check logs, then it should say 15 days, not 14 days.
|
We're probably dealing with a discrepancy here:
I.e. the statement "Random IDs are automatically deleted after 14 days" is in principle correct b/c it refers to (1) but I can see how this might confuse users b/c they are not able to see the TEKs/RPIs (unless they have rooted their device) and instead are only presented with the EN log entries (2). But tbh I would rather focus on the text which is written next to the number of checks (the part you can tap on to get the detailed list of checks - underlined in red). It says "x checks in the past 14 days" but that is indeed not correct and should probably read "in the past 15 days". The other text you mention ("Random IDs are automatically deleted after 14 days") is a bit further down in the description (underlined in blue) and given that it's technically correct I'm not too worried about it tbh.
|
|
@daimpi |
|
I have feedback from Google that they will look at this issue with the number of days held in the exposure check log exceeding 14 days and will review fixing it in a future version of ENS 😁 ! That will take time of course. In the past they have done monthly updates. Although this may seem a trivial point, it is a data privacy problem if data is not purged according to the privacy notice Section 9. Especially if there is a match recorded in the exposure check log, then that data must be deleted after 14 days. |
|
@MikeMcC399 thanks for the info 🙂. Tbh I'm not too concerned about privacy implications of those older entries given that they are even protected by biometrics. I think they could even be helpful with some debugging in certain circumstances as I said above. But tbh I can live with it either way 😉. |
|
I think, I have a related issue. After reinstalling the app on 3rd of november (because of 9002 errors, resets and crashes after that) the exposure logs never aged out. So the log now keep 17 days instead of 14 and perhaps even more the next days. Otherwise the app works fine. Here is the log off all my exposure checks: exposure_checks_20-11-2020.txt Exposure Notification System: 18204217000 |
Your problem is not the generic problem that this thread was opened to track and resolve, which is that generally Android devices are keeping the log data for 16 days before aging them out. Strange behaviour has been reported by other users with devices which have not had Google Play services pre-installed. Is your Huawei P8 Lite device licensed for Google Play services or did you have to install it manually? If you want to pursue this issue further I think it would be better to open a separate issue for it. |
|
@JoFriede "... In addition, sideloaded Google apps will not work reliably because we do not allow these services to run on uncertified devices where security may be compromised. Sideloading Google’s apps also carries a high risk of installing an app that has been altered or tampered with in ways that can compromise user security. To check if your device is certified, open the Google Play Store app on your Android phone, tap “Menu” and look for “Settings.” You will see if your device is certified under “Play Protect certification.” You can learn more on android.com/certified." You might want to check if that applies to your device. You can get to this Google notice through |
|
Thank you for your effort! According to Google Play Store, my device is certified. Because my device is a little bit older, I think it is not affected by this prohibition of collaboration with Huawei. Still no log entry has been deleted till now. |
|
Today January 16, 2021 it is easy to spot the length of the exposure check history without difficult date calculations. 😀 The Exposure check list starts at today 16 JANUARY and goes back to 1 JANUARY which is not consistent with the text at the top of Exposure checks which says: "This data shows when the app asked your phone for data in the past 14 days and doesn't necessarily indicate an exposure. Open the app for details." Jan 16 to Jan 1 is 16 days (or 15 days if you don't count today). Google is still examining whether this will change, but the slow rate of progress shows it has not been given a high priority. |
MikeMcC399
changed the title
|
Another three months has elapsed and still no change. I'm now using ENS Version 18210915000. I've sent mail once again to Google's feedback address to see what they are doing. They said they were looking at it, but that seems to be as far as they progressed.
|
|
No change in current ENS version v1.8 (212002104). ENS still keeps 16 days of history although it says it only retains 14 days. |
|
The last time that Google responded to me on this issue was on Jan 11, 2021. After that they have no longer responded to several requests for an update. Given that their last response is more than 6 months ago I am going to close this issue as unresolvable. If, by any chance, Google does reply to me, or if the Open Source Team picks up the issue and resolves it with Google, then we can re-open it and add any new information into the issue. Users can manually delete random IDs through the Google UI (COVID-19 Exposure Notifications > three-dot symbol > Delete random IDs) if they wish to erase the data for some reason, although obviously that removes the ability to use the history of random IDs when carrying out exposure checks until new random IDs are recorded again. The original issue was that the UI says that only 14 days of data are kept, whilst it seems that in fact the last 16 days of data (including the current day) are kept. |
Avoid duplicates
Related to:
Describe the bug
After running CWA continuously for more than 14 days, Google Exposure Notifications System shows the number of checks to be higher than 14 days x 14 exposure checks per day = 196.For instance:
"223 checks in the past 14 days"
The Google Exposure check log shows up to 16 day's history although the Google Exposure checks UI says "This shows when the app asked your phone for data in the past 14 days and doesn't necessarily indicate an exposure."
Expected behavior
https://www.coronawarn.app/en/faq/#multiple_exposure_checks describes how a check is performed for each of the previous 14 days.Google Exposure Notifications System UI says that "Random IDs are automatically deleted after 14 days or delete them at any time".
If the exposure checks are currently being carried out at the most once per day, then the number of checks shown should not be more than 14 days x 14 exposure checks per day = 196.Any checks related to a period earlier than 14 days ago should be removed from the history and not be reported.Steps to reproduce the issue
Technical details
Exposure Notifications System:
16203016000v1.8 (211515000)CWA:
1.2.12.2.1Android:
1011Mobile device: Samsung Galaxy A50 SM-A505FN
Possible Fix
Google Exposure Notifications System should purge all data and history older than 14 days before displaying status and historical information regarding exposure checks.
Note
The exposure check parameters of CWA changed with version 1.6.
Edit: Details updated to correspond to current versions of CWA and Google ENS.
Updated steps to reproduce, due to change in Google UI.
Internal Tracking ID: EXPOSUREAPP-2217
The text was updated successfully, but these errors were encountered: