cwa-app-android
cwa-app-android copied to clipboard
corona-warn-app
[Discussion] Android 5.0 (lollipop) Support
Danke, dass ihr den Source Code öffentlich zugänglich gemacht habt.
Aber trotzdem habe ich ein problem... Ich besitze ein Gerät mit Android 5.0 und die App ist aber erst mit 6.0.x kompatieble.
Wie kann ich diesen Code umändern um die auch für ältere Geräte verfügbar machen kann?
Mit freundlichen Grüßen, Felix Schmitt
Internal Tracking ID: EXPOSUREAPP-6360
@felischmi2003
es gibt leider technische Probleme mit Android 5.0 (API 21) - siehe https://github.com/corona-warn-app/cwa-app-android/issues/649 und https://github.com/corona-warn-app/cwa-app-android/issues/1446#issuecomment-716675650
Manifest merger failed : uses-sdk:minSdkVersion 21 cannot be smaller than version 23 declared in library [androidx.security:security-crypto:1.0.0-rc03]
Offiziell wird die Corona-Warn-App erst ab Android 6.0 (API 23) unterstützt - siehe https://www.coronawarn.app/de/faq/#minimum_requirements.
Edit: Since CWA Android 2.2 the error message regarding androidx.security has been suppressed. This was implemented through https://github.com/corona-warn-app/cwa-app-android/pull/2955. https://github.com/corona-warn-app/cwa-app-android/blob/9ec222a431340917834e831cc60edd14fa062d27/Corona-Warn-App/src/main/AndroidManifest.xml#L7
@MikeMcC399 There is a more recent version of this androidx.security:security-crypto available that supports API version 21. Support was added in 1.1.0-alpha1.
You could use it like I did in this commit to the repo of our fork: https://codeberg.org/corona-contact-tracing-germany/cwa-android/commit/f420799562f2e203cfaa941914d815700c2e2c13
With that obstacle out of the way, it would only be a few minor issues that would need to be fixed for Android 5 support as far as the CWA client is concerned. I'm currently also planning to tackle the ones I haven't had time for yet in my fork.
@fynngodau
There is a more recent version of this androidx.security:security-crypto available that supports API version 21. Support was added in 1.1.0-alpha1.
I see there is some more information on https://developer.android.com/jetpack/androidx/releases/security.
This library caused major problems in the past (see https://github.com/corona-warn-app/cwa-app-android/issues/642#issuecomment-697603175 from this hot topic) so I would guess that any upgrade in the CWA app by the developers would be done with extreme caution, in addition to the fact that it would mean moving from a release candidate to an alpha build of the library. I don't see any "Current Stable Release" mentioned either.
You have of course more flexibility in your own environment where you have forked the app.
At this point you might as well unlock your device and install a more recent Android version via a custom ROM instead of forking the app if implementing a new library version is so risky.
Another fact that should be taken into account: the vast majority of devices running Android 5.0 do not support the necessary Bluetooth 4.0 functions.
Another fact that should be taken into account: the vast majority of devices running Android 5.0 do not support the necessary Bluetooth 4.0 functions.
I wouldn't be so sure about that. I even think it is the other way round: most Android 5.0 devices support BLE including acting as a beacon. BLE was introduced into Android with 4.3. Before that, some vendors used their own patches to make use of BLE.
I noticed that a new release candidate security-crypto-1.0.0-rc04 was released 2 days ago on Jan 13, 2021
Bug Fixes
Upgraded Tink to 1.5.0 for increased stability.
Interestingly it does not throw an error when built with minSdkVersion 21 unlike 1.0.0-rc03 (see https://github.com/corona-warn-app/cwa-app-android/issues/1799#issuecomment-738137588), so this should at least remove this road-block for supporting Android 5.0 (API21).
Perhaps security-crypto-1.0.0-rc04 could be considered for a future branch (so long as there is no stable release available)?
@MikeMcC399 I'm not sure why you are not seeing the build failure anymore, but version 1.0.0-rc4 also requires minSdkVersion 23, as becomes evident from the source code (at the latest commit in RC 4): https://android.googlesource.com/platform/frameworks/support/+/15da9761b41f813f22ba89ee571c696ef912bb36/security/crypto/build.gradle#43
Therefore, the build must still not work (if it does build, one must expect runtime crashes on Android 5).
So far, we have been using the alpha releases for version 1.1.0 since the first of our releases that supports Lollipop over at CCTG as I described above, and we haven't encountered any issues with this library, but I'm also guessing that our userbase for Android 5 specifically is rather small.
Another development on this issue is that #2026 has been merged, increasing the codebase's compatibility with Android Lollipop.
@fynngodau Thank you for setting the record straight. I guess it must have been a "pilot error" in Android Studio on my part, coupled with "wishful thinking". 🙄
I rechecked and saw
Manifest merger failed : uses-sdk:minSdkVersion 21 cannot be smaller than version 23 declared in library [androidx.security:security-crypto:1.0.0-rc04]
which completely confirms what you wrote. Sorry for my misleading post! It's also clear if you read https://developer.android.com/jetpack/androidx/releases/security carefully enough.
It is good to hear that you are making good ground with Android Lollipop anyway!
@fynngodau How is the experience of CCTG with Android 5.0 (Lollipop) progressing?
Also I wonder how many additional users might download CWA if it was also available on Android 5.x.
Maybe it's not comparable, but the numbers of Apple iOS downloads shown on https://www.coronawarn.app/en/blog/ have changed about the same as Android numbers since CWA 1.12 was made available on Feb 10, 2021 covering iPhone 5s, 6, and 6 Plus. Android and iOS downloads have each increased about 0.2 Million during February. The last totals were Android 14.2 Mio, iOS 11.6 Mio, total 25.8 Mio downloads.
@MikeMcC399 From what I understood, Android 5 is incompatible due to a cryptographic library. Only way would be to update Android 5, which would have to be pushed by the device manufacturers. Highly unlikely*.
*Government could've forced manufacturers to do this.
@MikeMcC399 From our side, there hasn’t been a new noteworthy development, so CCTG on Lollipop has been working and there haven’t been any specific problems. However I also didn’t work on the various purely visual issues that are caused by the app using some incompatible attributes in their XML files, in order not to increase maintanance overhead for us due to increased difference to upstream’s codebase.
@treysis This library was already discussed here, specifically in https://github.com/corona-warn-app/cwa-app-android/issues/1799#issuecomment-738775760.
A new development on this topic is that CWA is considering to stop using the encrypted shared preferences library due to continued problems with platform bugs: https://github.com/corona-warn-app/cwa-app-android/pull/2468#issuecomment-787045765
I was planning to post here once a final decision would have been made.
Release 1.15.1 is available and moved from encrypted shared preferences as discussed in my previous comment.
There's two possible things to do with the androidx.security.security-crypto library now from my perspective:
- Ignore its
minSdk, like is already done for thecom.google.zxing.client.androidlibrary, by adding it to thetools:overrideLibrarylist in the manifest. This seems not to cause any crashes related to the library when compiled for Android 5 on Android 5, though surely one of the devs who had worked on the migration from encrypted shared preferences would be able to tell for sure that the incompatible code would not be executed. - Upgrade to the before-mentioned alpha release with support for Android 5, as most users will already have migrated once the next release is released.
As you can see, at this point we are discussing trivial technical details regarding an overall well-manageable task.
Specifically after #2700 was merged, and when the faulty pregenerated PNGs from https://github.com/corona-warn-app/cwa-app-android/pull/2800#issuecomment-817147534 are removed, I think there are no further visual bugs on Android 5 remaining (last checked with latest release).
To workaround a platform bug with splash screens, I added a repeating pattern to the splash screen for Android 5.0 (not sure if the platform bug is fixed on 5.1 actually) which also looks nice :)
Would you like a PR that introduces Lollipop support?
I looked at the European apps listed by Google on https://developers.google.com/android/exposure-notifications/apps and I found that the Polish app says it is compatible with Android 5 https://play.google.com/store/apps/details?id=pl.gov.mc.protegosafe. It's the only one I found (but maybe there are others). It's interesting because it is one of the apps which has joined the European Federation Gateway Service and so it is integrated with CWA's Transnational Exposure Logging.
It would be good to see CWA available for Android 5 (Lollipop) too!
Edit: I rechecked all the European apps on May 4, 2021 and still only Poland is listed as supporting Android 5.
@fynngodau CC @MikeMcC399 @felischmi2003 We will call special attention your latest comment. Many thanks. Best, DS
Corona-Warn-App Open Source Team Internal Tracking ID: EXPOSUREAPP-6360
#2955 was merged, adding compatibility to Lollipop, including many compat fixes so that it works well with Android 5, to the codebase.
The PR does not, however, reduce minSdkVersion to 21, there's still internal discussion about this.
The PR does not, however, reduce
minSdkVersionto21, there's still internal discussion about this.
I'm quite sure, that it's just a matter of (short) time... I hope...
@heinezen
As @fynngodau said, minSdkVersion is not changed to 21 (for Android 5) and stands as before at 23 (for Android 6):
https://github.com/corona-warn-app/cwa-app-android/blob/595ab630dfad5ac1e29021c084c400054193a498/Corona-Warn-App/build.gradle#L27
Probably the label Fix 2.2 should be removed from this issue because support for Android 5.0 (Lollipop) has not been enabled with the release of 2.2.1.
Are there any unsolved technical issues preventing CWA being released for Android 5.0 (Lollipop)?
Probably there should be an "enhancement" (Request) label attached to this issue, since it has become more of a request than just a simple "question" over the course of time.
Are there any unsolved technical issues preventing CWA being released for Android 5.0 (Lollipop)?
None to my knowledge, except for very minor visual details like missing ripple effects.
Are there any updates? The app is still not available in the Play Store for Android 5.0. I would really like to use it, especially the new Impfnachweis feature. :)
@AlexElvers
Are there any updates? The app is still not available in the Play Store for Android 5.0. I would really like to use it, especially the new Impfnachweis feature. :)
I checked in the Google Play Store for CovPass-App as an alternative for managing vaccination certificates and unfortunately this other app also requires a minimum of Android 6.0 🙁.
In any case it would be good to hear back from the developers what the plans for CWA are in respect to Android 5.0. I can't see any changes to minSdkVersion 23 in the future branches 2.4.x and 2.5.x so far though.
@AlexElvers An application to store your digital vaccination is not really needed, you can simply make an offline copy of the QR code. This will work just the same. (https://github.com/Digitaler-Impfnachweis/documentation/issues/13)
Otherwise, you are of course much invited to use our CCTG app ;)
Just want to crosspost this issue from the covpass app here: https://github.com/Digitaler-Impfnachweis/covpass-android/issues/15
Since people are asking for at least one app running on API 21 devices for managing their vaccination certificates. In this issue I also explained some possible reasons why using minSDK 21 is a potential risk.
For those who want to have a digital eu certificate on their Android 5 phone, I just found this CWA fork: https://f-droid.org/en/packages/de.corona.tracing/ Just installed this on my very old very cheap zte phone with android 5.0.2 and successfully scanned my certificate qr code. cheers!
