Open source becomes norm in health public software

German private contract tracing app becomes open source after being procured by regional governments

Published on: 31/03/2021

One of the positive developments of COVID-19 was a readjustment toward the expectation that government developed apps using sensitive data should be made available as open source. The OSOR has reported about European COVID-19 tracing apps and the Belgian and Slovenian government forking the German tracing app. Yet, this expectation now seems to extend to apps adopted by the government.

In Germany, the currently proprietary Luca-App, developed by the start-up Nexenio has caught the attention of multiple regional governments. The app’s purpose is to enable contact tracing at public venues and events, such as restaurants and concerts. Unlike the government-procured Corona-Warn-App (CWA), Luca does not use Bluetooth-assessed proximity to determine infection risk, but a QR-code enabled check-in with a phone’s camera at the entrance of a venue.

Additional approach to reduce transmission

The advantage of this approach is that the phone’s contact tracing does not need to be constantly enabled to look for contacts and that an effective contact linking is possible also at bigger venues without direct proximity.

This system is hoped to support the re-opening of the leisure sector. A number of regional governments in Germany, such as Mecklenburg-Vorpommern, have decided to adopt the Luca-App and cover the costs of its usage by venues within its borders.

Public money

As public money is now the majority of revenue toward the app, this has led to calls that the proprietary code should be made available as open source, similar to the Corona-Warn-App. The Luca-App saves detailed location data of its users and thus sensitive data. To improve the trust toward the app, the code should be made available publicly, Henning Tillmann, co-chairperson of the German digital association D64 demanded.

Public code

The CEO of the Luca-App, Patrick Hennig confirmed that the source code should be made publicly available by the end of March, so that the code can be inspected by third parties. While first a restricted license was used that did not allow the freedoms of an open source license, the developers of the Luca-App promised the app would be made available under the GPLv3, a OSI compliant license. For now, only the code of the Android app has been published and now the code of the iOS app and the backend software.