ministero-salute / it-dgc-verificaC19-android

VerificaC19 is the official Italian customization of the EU Digital COVID Certificate Verifier App for the Android Operating System
https://www.dgc.gov.it
Apache License 2.0
101 stars 54 forks source link

VerificaC19 Qr Code validation process launched by external Andorid Apps #68

Closed sw360cab closed 2 years ago

sw360cab commented 3 years ago

Feature description

Allow external Android applications to leverage VerificaC19 QR Code scan and validation process.

Problem and motivation

Since Vaccine C19 is the ONLY app granted and allowed to validate EU Digital COVID Certificate in 🇮🇹, according to "Garante della Privacy".

Other Android apps maybe interested in redirecting from the app itself their users (in particular events hosts) to theQR Code Scan and validation process of the VerificaC19 app whether it is installed on the device.

One technique could be providing a specific Android Intent that other app may rely on.

Is this something you're interested in working on

Yes

astagi commented 3 years ago

@sw360cab thanks for reporting this suggestion. If I well understand what you're suggesting is to provide a specific intent to open VerificaC19 scanning and validation and provide a response to the caller app, right?

sw360cab commented 3 years ago

@astagi the idea was absolutely that.

Maybe technically there is a better way to achieve it, or this is the way to go?

astagi commented 3 years ago

@astagi the idea was absolutely that.

Maybe technically there is a better way to achieve it, or this is the way to go?

hey @sw360cab I think that using intents is the best way to achieve it, I'll forward your suggestion to the team.

andrekiba commented 3 years ago

Hi, something new about this?

astagi commented 3 years ago

Discussion on this topic is still open @sw360cab , maybe an official sdk will be released. I'll keep this issue open for reference.

sw360cab commented 3 years ago

@astagi thank you for keeping us updated

lleoncavallo commented 3 years ago

We proposed a solution in the same direction that could makes possible to send QR Code content directly to the VerificaC19 app to replace the decoding system with a professional one and with little enhancements it could be possible to implement a mechanism that starts the VerificaC19 validation activity from a different app without any need to open it eventually. We have already proposed a partial solution to support alternative decoding systems by intent. We could collaborate in a full intent based implementation of agreed requirements both to start validation process and to retrive results. I'm a manager of Datalogic S.p.A. and so for professional reasons we are interested on collaborating.

See:

https://github.com/ministero-salute/it-dgc-verificaC19-android/pull/133

astagi commented 3 years ago

Hi @lleoncavallo thank you for submitting a PR, I have notified our team. IMHO it looks to be a great feature to keep even in case of a SDK release. Would you mind if I close your issue and keep this issue open for reference?

astagi commented 3 years ago

Does #133 satisfy your needs @sw360cab ?

lleoncavallo commented 3 years ago

Hi @lleoncavallo thank you for submitting a PR, I have notified our team. IMHO it looks to be a great feature to keep even in case of a SDK release. Would you mind if I close your issue and keep this issue open for reference?

Our PR #133 fully implements my issue and so if you already are evaluating our proposal and you prefer to close the issue because it is almost a duplicate it could be ok for us. Consider that if with some changes our proposal could satisfy additional needs we are available to contribute. As described by Nicholas we have already implemented a solution that could be extended to execute automatically the validation by sending an intent. It could be open to different validation solutions, for example using a tabled with the VerificaC19 installed and an external pistol reader connected via Bluetooth. A simple service could receive the barcode content from Bluetooth and redirect it via intent to the VerificaC19. There are many possible applications.

dario-locci commented 3 years ago

Hi,

We checked out the #133. Undoubtedly it adds new value with the support of professional QR code readers and external Android apps. We need it too.

However, as I described in #126, we think it is useful to trigger an additional Intent after the validation process. The broadcast message could be one of the following: NOT_VALID NOT_VALID_YET VALID PARTIALLY_VALID NOT_GREEN_PASS

Is it appreciated if we push our PR for that feature?

Additionally, the listening of Intent of #133 is active only when the app is open. Why not adding the opportunity to open it by another app, at this point?

lleoncavallo commented 3 years ago

My understanding is that considering that the VerificaC19 is the only app that should be used to verify Green Passes in Italy maybe it's not suggested to implement mechanisms that in some way could mask the use of the VerificaC19 application. For this reason we considered a constraint to open explicitally the app and to read the verification result from the app. For sure you could enrich the feedback for example controlling a light bar and for this reason it could be valuable to have validation result notification. I don't know if my point of view is correct but this is the reason why we implemented the intent based solution in this way. Our idea was to change the application as strictly needed to implement different decoding solutions. Our PR could be enriched avoiding the need to close the result screen as a pre-requisite to validate a new green pass. If our PR will be accepted we could eventually propose a change to fix this issue.

dario-locci commented 3 years ago

I understand your point @lleoncavallo about the minimum number of changes.

I wonder if it is possible to insert additional automation/services to VerificaC19, in a compliant way and with Privacy concerns in mind.

@astagi, if you prefer, I open another issue to maintain things cleaner.

swap83 commented 3 years ago

Un'app esterna che interroga VerificaC19 non potrebbe creare dei problemi di privacy? Il qrcode letto dall'applicazione diversa di C19 che cosa fa del mio qrcode? (es. salvataggio del dato), Ma non si potrebbe inserire nell'app la doppia scelta: Convalida con la cam o con lettore esterno? Se si sceglie la validazione con lettore esterno la cosa più semplice sarebbe quella di inserire una textbox all'interno dell'applicazione VerificaC19 e poi verificare la stringa letta dal lettore, in quanto tutti i lettori eseguono l'emulazione della tastiera.

lleoncavallo commented 3 years ago

La PR #133 è funzionalmente equivalente alla tua proposta.

sw360cab commented 3 years ago

@astagi I think PR #133 may be the right path. Thank you for keeping us up to date.