Add scanning of arbitrary URL to the QR code scanner

[mdesharnais]

Feature description

When the CWA QR code scanner cannot recognize a QR code, inform the user (as is now the case) but also display the QR code's content as plain text. If the content is recognized as a valid HTTPS URL, offer a button to open it in the device's default web browser.

Current state

As of 2.17.2, scanning arbitrary, not recognized QR code with the CWA QR code scanner shows the following (German in my case) error message.

Kein geeigneter QR-Code Der QR-Code wird nicht von der Corona-Warn-App unterstützt. Bitte wählen Sie einen geeigneten QR-Code.

Example of an URL QR code which should (semi) automatically be opened

Example of a text QR code which should only be displayed

Problem and motivation

It often happens, when waiting at a rapid test station, to see people not mastering the process of scanning a QR code for test registration. They often ask for help to other persons waiting next to them with their smartphone in the hand. When explained that they must use a QR code scanning application and point their camera in direction of the QR code, they often don't know what a QR code scanning application is or how to install one. Many of these persons have the CWA installed on their phone, probably installed for them by a relative. If the CWA would support scanning the rapid test registration QR code, these persons could be helped much more quickly and easily.

Automatically opening only HTTPS (and not HTTP) URL would be to prevent people sending their personal information through an unencrypted communication channel. An HTTP website may redirect to its HTTPS pendant but this is not necessary the case and cannot be assumed.

Is this something you're interested in working on

Yes

---

Internal Tracking ID: EXPOSUREAPP-12070

[UnrelatedWorks]

This is definitely a necessary improvement. Since most people are not aware that the inbuilt camera app in some phones has a QR scanner implemented. They rather download a 3rd party app filled with ads. It would make the testing process simpler if just the CWA is required.

[larswmh]

Thanks for your feature request @mdesharnais. We have created an internal ticket for it and will raise this topic internally. Internal Tracking ID: EXPOSUREAPP-12070

---

Corona-Warn-App Open Source Team

[Ein-Tim]

I support this feature request to at least show the URL (if the data in the QR code that was scanned is a URL) with the option to click "Open with my browser". If necessary there can be a legal hint that the CWA team is not responsible for the content of the external page, etc.

[Ein-Tim]

@GisoSchroederSAP

Hey Giso, I'm pinging you here as I see this as a very necessary extension of the app. Currently, most CWA users seem to assume that any QR code they get in regard to their test is scannable by the CWA. If the scan fails, they don't dive as deep as scanning the QR code with some QR code scanner, etc. but just assume the CWA is broken (and uninstall it). Adding at least the plain URL/content of the QR code to the app which tells the user that this is really not a QR code meant for the CWA, would probably help here.

Some Twitter reports:

• https://twitter.com/wagersli/status/1582100502950518785?s=46&t=oQ8dLtpL6El5J9z_5Qk30w
• https://twitter.com/risikos21/status/1580826681278767104?s=46&t=oQ8dLtpL6El5J9z_5Qk30w (a very good example)
• https://twitter.com/therealhusti/status/1539509480844582915?s=46&t=oQ8dLtpL6El5J9z_5Qk30w

If you want more examples, just shoot me a message!

[GisoSchroederSAP]

Thanks for bringing this on the table, @Ein-Tim. I'm going to take this again to the product owner.
The issue here is (you already commented in one ore multiple twitter tweets): Our app does not have any control, who else in the world generates QR codes - so the CWA only can state

• it processes only CWA-compatible QR codes
• if a QR code is not compatible (like in the error message, right?)

So, what would be an appropriate statement? Do you think, we should add the current QR code content to the error message, stating like "This QR code of the Coca Cola bottle is incompatible to the CWA and cannot be processed: https://www.coca-cola-deutschland.de/store/EAN-13-5000112548068"?

[Ein-Tim]

@GisoSchroederSAP

Haha, I also thought if we could somehow find out which codes, not meant for the CWA, are mostly scanned in the app and handle them specially.

E.g. Scanning a QR code meant for the app mein-laborergebnis, would lead to this error message: "Dieser QR-Code ist nicht für die Corona-Warn-App gedacht. Scannen Sie ihn stattdessen mit der Mein-Laborergebnis-App."

However, I know that this is probably a legal disasters as the CWA refers to apps not under the project teams control.

So realistically I see two options here: a) just show the URL/content of the QR code in plain text in the error message pop up b) leave the error message as it is and point the user to scan the QR code with a designated QR code scanner.

Thanks for bringing this to the attention of the PO!

[GisoSchroederSAP]

Here is the thing: Meanwhile, we observe that even more and more of the "big ones" (MedLab, SYNLAB, eurofins...) and of the local MVZ labs are no longer use the CWA QR code any longer, but redirect to theier own or third-party websites to retrieve the report. So, it will be hard to name the right choice, I'm afraid. And even then, one important question for those users remains: How do I get the result into the CWA? We will not be able to solve that, won't we?

So, in the end, I agree to the two options you already named - and would prefer option b) , but leave it to the DEV team, if they would go for the "transparence" with option a) .

[Ein-Tim]

@GisoSchroederSAP

Meanwhile, we observe that even more and more of the "big ones" (MedLab, SYNLAB, eurofins...) and of the local MVZ labs are no longer use the CWA QR code any longer, but redirect to theier own or third-party websites to retrieve the report.

Do you/the team have any idea why this is happening?

---

I think a good solution would be:

"Der QR-Code, den Sie gescannt haben, enthält keine Informationen, die von der Corona-Warn-App verarbeitet werden können. Sie können den QR-Code mit einer QR-Code-Scanner-App scannen um seinen Inhalt einzusehen."

IMO, this error message makes clear that this is not a problem in the CWA, but a problem of the QR code (it doesn't hold any information CWA can process). Thus users probably won't think that CWA is broken but rather suspect an issue with the QR code. Referring to scanning the QR code with a QR code scanning app makes clear to the user that there are other ways to process QR codes & not only the Corona-Warn-App. For sure it would be best if one particular QR code scanning application could be referred to here, but I guess thats legally complicated again.

Regarding the problem of "How do I get the test in the CWA?"; It's a bit hard because we have no idea what the user is actually trying to scan. Is he trying to add a test and scanned a QR code for another test retrieval method? Or has the user scanned some sort of "vaccination certificate" and wants to add this to the CWA, although it's not an EU DCC.

[GisoSchroederSAP]

Do you/the team have any idea why this is happening?

Well, as the current Testverordnung does not enforce the facility to be connected to the CWA infrastructure and services, most of them seem to detach from the result delivery process and from the certificate service, so they can return to their traditional way of doing that was well-established before. In the end, we do not have the direct contact to those labs, as the technical interfaces and onboarding is in the responsibility of the TSI folks. Our observation is based on what we read from the comments in the stores and in the mailbox.

[Ein-Tim]

@GisoSchroederSAP

Ah, I see. Thanks!