[META] Shaping the corporate Identity

[HerrBert233]

Hi, I wanted to post this here to not blow up the main thread, as an answer to this post: https://github.com/corona-warn-app/cwa-app-android/issues/75#issuecomment-645896814 where you also asked for support. Especially you asked for support for corporate identity and explained the difficulties with your limited resources.

I was quite surprised that you shut down the discussion about legacy devices here I don't see why it should bring in additional effort to compile your app with an Android 5 SDK so that also Android 5 users could install your app (which would be an unique selling point of your approach then). I want to emphasize: Doing so could be an important strategic decision.

I'm just trying to give you the arguments you need to create a corporate identity that will attract a lot of people for your project. To be realistic, I don't think the idea to just replicate an existing functionality in a FOSS way will attract a lot of people (unfortunately). You have to identify shortcomings of the existing solution and how your approach would solve them. If you go around and tell that currently ~20% of Android users are locked from the app and with your solution, you could bring the majority of them also on board, this could be identified as a game changer. Here is how I would make the argument: The app is only effective if we have 70% (or 60%, this is under debate) coverage. This is what research tells us. This sounds more or less realistic. But subtracting 20% with incompatible phone means 87% from the remaining compatible phones have to install the app to reach 70% overall coverage. This is a much, much higher bar. I don't think we will come close to this. So whether we leave out 20% of all users or not can make the difference between success and failure. Just imagine what's on stake. "Failure" can mean a new, drastic lockdown which would be devastating for the economy. "Success" could mean we could avoid a second wave and start to rebuild our economy. If you make this as the main talking point of your corporate identity, you will be successful and attract a lot of supporters also from outside the FOSS community.

Of course it is unclear whether the app will be of such high importance. But our world is chaotic. Small changes can have a big effect (butterfly effect). So you cannot disprove that maybe those additional 20% could just avoid that we get over the tipping point that would start a second wave. It is possible with small probability, so it is not a lie.

We are building a corporate identity here, not a scientific lecture, we do not have to take all evidence equally into account. It's ok to emphasize those evidence that supports our hypothesis. Our goal is to strengthen FOSS. This is a noble goal. It is never a bad thing to get people to support FOSS. Always remember this. So I would advise you to stop talking your project down. Be confident, be bold. You are doing great things here, you probably save free open source Android (as someone else pointed out).

Here: Our government is telling blank lies: "aber es gibt da technische Gründe, die durch ein politisches Wollen der Bundesregierung nicht wegzuwischen sind." They say it is technically not possible to support the older phones, but it is! As outlined here: https://github.com/corona-warn-app/cwa-app-android/issues/75#issuecomment-647097384 the largest blocker is the Android version, not missing Bluetooth LE. Most phones have Bluetooth LE. You could emphasize this and maybe even make it to the news headline this way.

Maybe there are also other arguments to make. Like how relying on a Google API is a big privacy impact. How Google could secretly log all requests to that API to create an ultimate movement profile of every citizen. But here I wanted to focus on the strategic decision to explicitly advertise this project for older (Android 5 and below) operating systems could help to build a large coalition to secure the future development of this project. I was trying to spin public opinion in a way that many others and maybe SAP and Telekom would have officially supported your project, it already worked, here: https://github.com/corona-warn-app/cwa-app-android/issues/75#issuecomment-647106402 This was a reaction directly to my post. Quote: "What I can't believe is, that the SAP earns 9.5 mio € for this App and is not able to support developers to build a Google API free version" This is the mindset I wanted to create.

[JayFoxRox]

Especially you asked for support for corporate identity

I felt like this was mostly about artwork and consistent styling / communication.

I was quite surprised that you shut down the discussion about legacy devices here I don't see why it should bring in additional effort to compile your app with an Android 5 SDK so that also Android 5 users could install your app (which would be an unique selling point of your approach then). I want to emphasize: Doing so could be an important strategic decision.

I disagree for multiple reasons:

• Most people update their phone every couple of years; Android 5 userbase is small.
• Most phones that are stuck on Android 5, probably don't support Bluetooth LE; shrinking your userbase further.
• Those with phones on Android 5, can likely upgrade to LineageOS (or similar).
• Stock Android 5 includes the Google apps, so users would be fine with LineageOS (or similar) and OpenGApps.
• Security issue because Android 5 is old and unsupported (you don't want to encourage people to stick there).
• Additional workload.

So your target audience with Android 5 are users with a niche phone model, a niche OS, a niche set of political or moral opinion, reluctant to update to community-made tooling (potentially including your own!), and willing to risk their security. I don't think you'll have much luck attracting developers for this.

I'm aware you heard the BT LE argument, but you are contradicting yourself in your linked post:

To summarize: Bluetooth Low-Energy was introduced a long time ago, 2009 it was officially part of the standard, but Android 6.0 (minimum required) was introduced much more recently in 2015, and given the slow update cycle, even phone from 2016 may not have received that update.

So you expect a hardware standard from 2009 to be in 2009 phones, but you assume that a software change is not distributable within a year?

The lack of BT LE hardware support is probably an actual issue. Even if the standard is older, then phones might not have it, or it might be broken / untested. They might never had official drivers, so adding support would be tricky and would require changes to the operating system.

If you go around and tell that currently ~20% of Android users are locked from the app

Didn't cwa-android maintainers already say that even the number of LineageOS / custom-ROM people is very very small? Even that group is still supported, if the user is willing to install Google products on their phone.

So 20% sounds way too high.

According to https://gs.statcounter.com/android-version-market-share/mobile/germany the marketshare of Android 5 and below is only about 4% - and a bunch of those devices likely don't support BT LE. Android itself is also only 70% marketshare: https://gs.statcounter.com/os-market-share/mobile/germany

So we are talking about less than 2.8% of all people - most of them also already have a working solution with LineageOS (or similar) and OpenGApps. These are still millions of people - but still, in the bigger scheme of things it's probably not relevant.

With Android 11 coming in Q3 2020 we can assume that the marketshare of older releases will get even less important.

So I would advise you to stop talking your project down.

It's not talking down. It's factual discussions. It also didn't shut down the idea of supporting other features / versions of Android. It simply said we should focus on the most important group of people right now (which are custom ROM users without Google license / account - for whatever reason).

Our government is telling blank lies

I don't think that's the case here. Given the marketshare, reports about status of BT LE hardware and software support, and responsibility of shipping out updates for such drivers. You can't expect companies (or the community) to ship a firmware for a 10 year old device after having stopped support years ago. So as long as people stick to Android 5 and the shipped drivers (without BT LE - even if the hardware might support it), then you can't do anything about it. These people have LineageOS as alternative, but you can't expect Seibert to get into the details of custom ROM flashing, only to support the CWA.

Quote: "What I can't believe is, that the SAP earns 9.5 mio € for this App and is not able to support developers to build a Google API free version" This is the mindset I wanted to create.

The logic shown in the post you talk about only considers salary - not infrastructure cost, time spent on design, communication with other companies, art creation, opportunity cost, responsibility, profits, marketing, .. - it's hard to put a price-tag on these things (or whatever was part of that 9.5 million EUR pool).

It also doesn't consider limitations of partnerships with Google and Apple and what an app can do (vs. a driver / custom ROM / rooted phone).

I was trying to spin public opinion in a way that many others and maybe SAP and Telekom would have officially supported your project

I thought that SAP and Telekom were surprisingly open to the idea.

Also "spinning public opinion" does not produce code - and there are many requests and wishes here (not just your post, but in general), so I can see why frustation would set in (as seen in one of the issues recently).

[haitrec]

Here is how I would make the argument: The app is only effective if we have 70% (or 60%, this is under debate) coverage. This is what research tells us.

Please provide sources when bringing in scientific claims here. It is not clear to me, to which papers or scientists you refer. In particular, the 56% from the Oxford paper are not a hard minimum for effectiveness of such apps:
"But the researchers who produced the original study say their work has been profoundly misunderstood, and that in fact much lower levels of app adoption could still be vitally important for tackling covid-19. [...] The Oxford models found that 'the app has an effect at all levels of uptake'" (technologyreview.com).

[HerrBert233]

Most people update their phone every couple of years; Android 5 userbase is small.

Other sources say 15% marked share for Android 5. It's hard to measure the true distribution.

Most phones that are stuck on Android 5, probably don't support Bluetooth LE; shrinking your userbase further.

Most phones have, I have provided list in my other post.

Those with phones on Android 5, can likely upgrade to LineageOS (or similar).

No, most phones don't have this alternative any more. LineageOS is another failing open source project. Steve Kondik was very good spokesman, he attracted lots of supporters with his great and bold vision for a free Android alternative. But then some developers came along, thought he was not "pure" enough regarding FLOSS, then they forked and made LineageOS. Now they are indeed the most "pure" you can be, but they are constantly reducing the number of supporting devices because less and less people are using and developing it. I think there are now only a fraction of the phones once supported by CynaogenMod. You should learn from their mistakes.

Security issue because Android 5 is old and unsupported (you don't want to encourage people to stick there).

You have to make some compromises, not everything can be "pure" and ideal.

Additional workload.

How much? Download Android 5 SDK, compile with this SDK, done?

Also "spinning public opinion" does not produce code - and there are many requests and wishes here (not just your post, but in general), so I can see why frustation would set in (as seen in one of the issues recently).

People who believe in your vision do.

Please provide sources when bringing in scientific claims here. It is not clear to me, to which papers or scientists you refer.

https://www.tagesspiegel.de/politik/corona-app-fuer-deutschland-wird-das-smartphone-bald-zum-virendetektor/25705388.html

[poschi3]

How much? Download Android 5 SDK, compile with this SDK, done?

If you believe that's the only thing to do, feel free, do it. If the CoraLibre SDK is almost complete and working, then make a pull request.

[JayFoxRox]

Other sources say 15% marked share for Android 5. It's hard to measure the true distribution.

(See my previous post, I'm only going to reiterate here - Click to unfold)

--- Yes, and that's worldwide. So that probably includes many phones which were sold to poor countries from the richer nations (like Germany), or secondary phones. Again: It also doesn't consider the hardware and driver availability (see my previous post). Even if these phones have all the necessary hardware, it might still be a separate project to even have them support CoraLibre, by making a new custom ROM - and that's what LineageOS (and similar) are already partially taking care of. ---

How much? Download Android 5 SDK, compile with this SDK, done?

That doesn't sound like you have developed software before. By that logic we can also support MS DOS 5 by just downloading the MS DOS 5 SDK and recompiling the code for it.

So I concur with @poschi3.

Security issue because Android 5 is old [...]

You have to make some compromises,

You should never compromise on safety or security. In fact, compromising in this area can lead to huge trust issues which would actually hurt the CWA acceptance (which, quite frankly, is more important than the tech limitations).

[regarding LineageOS] they are constantly reducing the number of supporting devices

They keep removing devices, but also adding new devices. A recent changelog shows many more added, than removed devices. This is a normal development lifecycle: I'd love to have GTA V on Playstation 1, but it's not a viable option. Instead we get it on newer consoles.

No, most phones don't have this alternative any more.

If the device is removed, that code still exists and the binaries still work.

So removal is mostly about removing bottlenecks for new code + avoiding code fragmentation + avoiding maintenance overhead. You also can't really test new code on a device which only very few people still own (as the device itself becomes rare, and then you also need an overlap with one of the few people who are willing to still maintain, develop and test on their device).

If there would be enough developers who are willing to upstream their changes, then I'm sure that LineageOS would keep the support going.

It feels like you are advocating the use of old and unsupported software (Android 5), yet, you are not willing to accept any existing old community-made project (which is also unsupported by now.. as expected). This is very contradictory.

Most phones have, I have provided list in my other post.

Okay, let's go through them (only for LineageOS - which is just one of many ROMs):

• Sony Xperia Z/Z1/Z1C: Supported according to this.
• Samsung Galaxy S3: Neo supported by mainline, Supported according to this.
• Samsung Galaxy S4: Supported by mainline.
• HTC One S/M7: Supported according to this.
• Asus ZenFone 1st gen: Not sure.
• LG Optimus 4X: Appears to have something according to this.

These are sub-optimal choices as you still have to trust a third-party vendor (LineageOS contributors - mainline or otherwise). But this is even true for CoraLibre until an extensive code-audit is done. So you can't be certain that code is safe to use. Your other choice is to stick to Android 5 - which is probably confirmed to be insecure in 2020. So by not going with a custom ROM to upgrade (for CWA or otherwise), you are choosing "almost definitely unsafe" to "potentially safe".

Also it's important to remember, we are talking about apps here:

• None of these CWA related projects will add non-existent hardware to old phones.
• None of these CWA related projects will add a new OS or revive OS support.

You can complain about the lack of these efforts, but this is not the place for it (also I disagree about supporting 10 year old hardware when it keeps changing so much; it's just not economical, and maybe not even ecological).

Also "spinning public opinion" does not produce code

People who believe in your vision do.

From what I can tell, your approach brings a lot of theories and speculation into what should be factual discussions. You also seem to prefer tech statements from non-tech people over statements from tech-people: this is unprofessional and will likely scare away interested developers. You also make dangerous suggestions which could hurt the reputation of these projects and sacrifice a novice users personal computer security.

Most importantly, you are derailing the discussions and distract from actual work being done. In these discussions, you took up developers (some maintainers) time despite an overwhelming amount of contra-arguments (which you didn't seem to understand or respect). You also derailed good discussion about isolated problems, by bringing a "planned obsolesce is bad" argument into it, then explaining how to ~"spin a story" and other unrelated things. This is not how one should behave on an issue tracker.

You seem to be new to open-source (or GitHub at least), so I'd recommend to just follow ongoing discussions instead of getting too involved (yet). If you aren't even a developer, then you probably shouldn't even be here.

[HerrBert233]

Ok, ultimately you need to decide.

I just thought (and still think) this is a low hanging fruit for gain a lot of support. This topic gained a lot of traction in the media. Even Christian Drosten was asked in his podcast what about the old phones, isn't it a problem that support is missing. He avoided to answer directly but just said the corona app and a widespread use is crucial for containing the virus. One could easily interpret this as a hidden "yes".

You don't need to actually implement legacy support (right now), but you should use talking points like this: An open source implementation makes it possible to add support for older phone / opens the door for backporting to older phones, etc. You should avoid the impression that you don't care about older phones, or that you think it is a bad idea for whatever reason. You should mention that you support this idea. "We encourage and support every attempt to backport our project to older Android versions although we don't have the capacity right now to do this ourselfs" sounds much better than "we just focus on Android 6 and later" although the content is equivalent! The latter one, to be honest, sounds cold-hearted and not very welcoming. You want to welcome people with different mindsets, don't you?

You also don't need to promise that every phone will work with this. Some will, though. Just say "our project could expand the availability of the Corona app". Focus on the things you can do, not on those you can't.

It doesn't matter how many new users you actually can achieve. You just need to create the vision that you are fighting to support every phone as much as possible. That you are fighting for those left behind by the government. This is what attracts supporters. I mean, how successful was the current strategy if you already, after just a few weeks, mention a "full halt" of the project? I hope that this will not happen and that this project becomes very successful! I just don't think this cold-hearted wording will be so helpful for your mission...

[JayFoxRox]

I just thought (and still think) this is a low hanging fruit for gain a lot of support.

If it really is, it will happen. But most developers around here seem to agree that it isn't a low hanging fruit. And then the fruit is tiny and doesn't even taste good. It might also be a fruit hanging in the neighbors garden.

Even Christian Drosten was asked in his podcast what about the old phones, isn't it a problem that support is missing. He avoided to answer directly but just said the corona app and a widespread use is crucial for containing the virus. One could easily interpret this as a hidden "yes".

I think it's very very exceptionally clear that he did not avoid the question. I feel you are being manipulative if you extrapolate his statements this way.

Just to provide context, here is the question, and what Drosten said (German):

Tatsächlich gibt es jetzt einiges an Klagen darüber, dass die App auf etwas älteren Smartphones gar nicht läuft und viele davon ausgeschlossen sind. Halten Sie sie trotzdem noch für wirksam, oder muss man da vielleicht auch noch mal nachsteuern?

Ich muss auch da sagen: Das ist nicht meine Wissenschaft. Ich bin kein Computerwissenschaftler. Die gibt es, und die müssen das kommentieren. Ich habe keine Ahnung von dieser Technik. Ich habe so ein Smartphone und da läuft das Programm drauf. Mehr kann ich kaum dazu sagen. Will ich auch nicht, weil das einfach nicht Teil meines Fachs ist. [...]

The context for his reply is very clearly the underlying question: ~"is this a widespread issue with old phones and is this a problem".

His reply, as one could predict, is just that he's not qualified to answer.

This isn't a "yes" or a "no" - it's a very clear: "you'd have to ask a computer scientist".

Those computer scientists tell you: It's not a widespread issue; it's not a fixable issue if people are unwilling to use existing solutions. Because it probably can't be fixed by an app (that is deployable to stock ROMs), it might not even be fixable by CoraLibre. It is fixable in custom ROMs - which do exist already.

An open source implementation makes it possible to add support for older phone / opens the door for backporting to older phones, etc.

This is not a fact. This is speculation.

The lowest supportable version would probably be Android 4.3 (to my knowledge, that's when BT LE was added), but probably not on all phones, and wether you can even deploy to those phones is tricky.

I'm not even sure I fully understand how CoraLibre will work (how will deployment work, how can it gain permissions that play store has, but aren't available to normal apps etc.). Because of this, I could imagine that CoraLibre will depend on a custom ROM or rooted phone anyway. So wether you continue to use hacked vendor ROM of Android 5.0 or go to LineageOS with OpenGApps, probably isn't relevant.

You should avoid the impression that you don't care about older phones, [...]

I don't think anybody said that we don't care for old phones (generally). It's just not a priority, and this might not even be the place to fix it.

[...] or that you think it is a bad idea for whatever reason.

It is a bad idea, so it's fair to say that. Documenting why it is a bad idea is important. And I feel this has been done by now. But you refuse to accept this new information. Maybe you don't refuse, but simply don't comprehend / understand the technical side of this - which is why you probably shouldn't get involved (this is comparable to why Drosten said he wouldn't get involved in the podcast).

Adding support in CoraLibre might not be possible. Again: you are barking up the wrong tree. CoraLibre might not be the right project to add support for this. There is underlying software (other projects) which also have to implement this.

Even if it's primarily a task that can be implemented in CoraLibre, then it's just too much work for little gain, so it's unlikely to happen.

There are also enough alternatives for people on old phones.

A better idea is to document how to turn old / incompatible phones into compatible phones.. with existing tooling. I feel that there should be better documentation how to get (trusted / reviewed) custom ROMs and how to re-install the Google apps (although this might technically be illegal). But these are independent efforts, outside of CoraLibre. Although one could use the current situation to sensitize people for the underlying political, ethical and technical issues (of trusting a single vendor - Google and Apple in particular) and why we should prefer CoraLibre over the Google Play store solution.

Let's also not forget that you can buy a new phone with CWA support for less than 20 EUR. I could also imagine that we'll have cheap hardware tokens in the future (for people without phones, in areas where phones are banned or impractical).

From what I can tell, CoraLibre is primarily interesting for people without Google License / unwillingness to use Google products. Stock Android 5 is not in that target audience (because those people do have a Google License and are willing to run Google products; so they can upgrade to a custom ROM with Google products - and CWA will work if their hardware supports it).

I'd certainly feel more comfortable if my phone didn't need a Google account, and if I didn't have to run some black-box that might upload my EN storage to some Google server (I'm not saying this is happening, but it's hard to verify that this isn't happening either - we'll just have to trust Google).

Anyhow, I digress.

You just need to create the vision that you are fighting to support every phone as much as possible.

But this is not what this project does. I feel like this is a non-goal.

Anyhow, the community recognizes these issues and made custom ROMs (like LineageOS) - those can run CWA just fine, even on old phones. That solves most of the issues, except reliance on Googles binary blobs.

That you are fighting for those left behind by the government.

It's not the governments fault.

It's an issue with Google and Apple policies. However, their policies do make sense. You are implying that Google and Apple (or even the German government) are letting people die to sell new products. That's an outrageous claim. If there were no technial issues, then Google and Apple likely would support older phones. And I could imagine that we might even see them adding such support (if it's doable and useful).

It's also an issue with hardware vendors not pushing updates on phones which could theoretically support the app. Installing custom ROMs is not possible on some phones, or it's very hard to do. However, this isn't anything we could fix in CoraLibre either.

So most of the issues you perceive, to me, seem mostly orthogonal to CoraLibre.

I mean, how successful was the current strategy if you already, after just a few weeks, mention a "full halt" of the project?

It needs developers. You can't expect 1 person to work on this huge task.

I feel like the maintainers on CoraLibre did a lot of work already. but for a FOSS project to be sustainable, it needs new contributors. And this project is still lacking them after a week (despite a lot of interest). So if the project can't attract developers, then it will likely come to a halt. This is normal and happens with many FOSS projects.

This is also why this project needs KISS principles; it might have to be simplified to be easier to complete. However, what you are proposing here, is to add more work upfront, and you are causing more (avoidable) work with these discussions.

---

I plan this to be my final post in this topic. I'd suggest maintainers to lock this discussion. It's going nowhere.

As a closing statement to @HerrBert233:

I'm using CWA on a Samsung S3 Mini (from 2012). The phone originally ran Android 4.1. I've installed a custom LineageOS 14.1 (Android 7.1) with OpenGApps Pico.

So I'm running CWA on an ancient phone - without CoraLibre.

It's not ideal, because I don't want the Google account that I had to create, and I have to trust Google (with their binary blobs). I also have to trust the LineageOS developers, OpenGApps packagers and the makers of the custom ROM. But CWA works.

I feel like you refuse to consider these kind of alternatives and fail to explain why CoraLibre is a better target for adding support for CWA, over a custom ROM to upgrade an old Android 5 phone. Especially after you had said that you are willing to compromise security - which is a main hurdle with custom ROMs in my opinion.

[ljl-covid]

Oh god stop pontificating everyone.

[HerrBert233]

Those computer scientists tell you: It's not a widespread issue; it's not a fixable issue if people are unwilling to use existing solutions. Because it probably can't be fixed by an app (that is deployable to stock ROMs), it might not even be fixable by CoraLibre. It is fixable in custom ROMs - which do exist already.

Well, if you argue this way, then indeed CoraLibre is not needed for the older phones. Then you just successfully argued why people with old phones do not need CoraLibre. You successfully decimated your potential circle of supporters. Computer scientists have never been good business mans ;-)

Then you really need to focus on the FOSS aspect of your project. You implement something that is already solved but in a FOSS way. The benefit will not be visible for everyone. Probably only you and I understand the advantage, but in the general public, who does? This makes it much harder to secure support and funding. You should look out for allies who share your ideal for FOSS. There is a german company "ShiftPhone" advertising their phones with an alternative version of what they call "ShiftOS". They say it comes without google services: https://www.shiftphones.com/hilfe_faqs/wie-kann-ich-shiftos-light-auf-meinem-shiftphone-installieren/ They might have big interest in your project, as it is mandatory for their product to be competitive. Maybe also Fairphone using /e/ with at least some customers in Germany would have interest in your project.

[rampage64]

This is a sickness which technically we try to slow down, it's just an app that (if used correctly) might be helpfull to not overload the hospitals. Older Phones? New Phones? who cares it is not possible to save the entire world - there might exist new phones which on intention do not install this app, it's not 100% effective though.

You might have also heard, this virus is more dangerous for older people - what phone do they have? It is not possible to go back in Android 5 or earlier to rewrite the SDK and make it backward compatible by implementing Android 6 or later features....

Would you install Windows 95 and run Visual Studio there?