Public security test «SwissCovid Proximity Tracing System» 2.0

Vulnerabilities in the «COVID-19 certificate system»

Please use our special form to report vulnerabilities in the COVID Certificate app.

The SwissCovid app will soon be supplemented with the NotifyMe app, to be used for checking in for meetings and events. The source code of the SwissCovid app will thus be expanded. This code is also available to the public and is to be subjected to a public security test. The public security test for the supplementary code will start on 9 June 2021. It goes without saying that vulnerabilities in the existing source code can still be reported.

Please help us by reporting any vulnerabilities.

New components for SwissCovid 2.0

App backend CrowdNotifier:
https://github.com/SwissCovid/swisscovid-cn-backend
QR-Code Web-Landingpage:
https://github.com/SwissCovid/swisscovid-qr-landingpage

Existing and adapted for SwissCovid 2.0

Android repository:
https://github.com/SwissCovid/swisscovid-app-android
iOS repository:
https://github.com/SwissCovid/swisscovid-app-ios
App config backend:
https://github.com/SwissCovid/swisscovid-config-backend
Covidcode backend:
https://github.com/admin-ch/CovidCode-Service

Existing, not adapted

App backend ExposureNotifications:
https://github.com/DP-3T/dp3t-sdk-backend
Covidcode Frontend:
https://github.com/admin-ch/CovidCode-UI

The public security test will be carried out by the National Cyber Security Centre (NCSC) and aims to provide full transparency. Test results are to be reported via the NCSC website, where there is a form for entering detailed information. The NCSC will receive these reports, evaluate their contents, prioritise them according to their criticality and, if necessary, arranges remedies. Existing feedback is publicly available on the NCSC website and is updated regularly.