Corona-Warn-App Open Source Project

Help us improve the Corona-Warn-App

The Corona-Warn-App is an app that helps trace infection chains of SARS-CoV-2 (which can cause COVID-19) in Germany. The app is based on technologies with a decentralized approach and notifies users if they have been exposed to SARS-CoV-2. Transparency is key to both protect the app's end-users and to encourage adoption.

Who helps regarding Corona-Warn-App questions?

Where to get tested?

Contribute on GitHub Become a rapid test partner
How it works Data privacy & security Our partners

Corona-Warn-App Smartphone
This is how the Corona-Warn-App works best

This is how the app works best

The RKI as the publisher of the app and the Federal Ministry of Health, in co-operation with Deutsche Telekom and SAP, are constantly reviewing possible further developments as well as incoming development proposals. This also includes whether further information can be integrated into the app, for example on the latest pandemic situation. For that purpose we will continue to intensively incorporate the information that we receive via the various channels into our development process. Here we have briefly summarized the most important tips for using the app:

  1. Download the current version of the app (iOS: 2.14.1 or Android: 2.14.1)
  2. Keep operating systems up-to-date (iOS 15.1.1 or iOS 12.5.5 depending on your iPhone model or at least Android 6 with current Google Play services)
  3. Keep background updates switched on and check them regularly
  4. To be on the safe side, open the app once a day

We recommend that you always ensure an adequate power supply.

You can find further information under Frequently Asked Questions about the Corona-Warn-App.

How does the app work?

The Corona-Warn-App collects nearby identifiers

Collect nearby identifiers

The Exposure Notification System (by Apple and Google) on a mobile device broadcasts a Rolling Proximity Identifier (something to be remembered by), while also regularly scanning for identifiers of other phones using Bluetooth Low Energy technology and storing the identifiers locally. The identifiers are only valid for 10-20 minutes and are derived cryptographically from temporary keys which change every 24h.

Too complicated? Here's a simple video explanation.

Communicate test result of user with symptoms (optional)

If the lab in question supports the electronic process, tested users can use the QR code they received during the test to retrieve their results.

The Corona-Warn-App matches test results to IDs
The Corona-Warn-App shares IDs of people with symptoms

Distribute list of keys of SARS-CoV-2 confirmed users

In case of a positive test result, users are asked to voluntarily upload their temporary keys of up to the last 14 days to the server. To prevent misuse, the Corona-Warn-App backend first verifies the positive test result. If confirmed, the server adds the user’s keys to the SARS-CoV-2 confirmed list, which is regularly broadcasted to all apps.


Check for exposure to SARS-CoV-2 confirmed users

After a mobile device has downloaded the list of all available keys of users that have tested positive, the Exposure Notification System derives the corresponding identifiers and checks locally if any of these match the locally collected Rolling Proximity Identifiers. In case of exposure, the risk is assessed and the user receives corresponding instructions.

Learn more in scoping document
The Corona-Warn-App checks for positive contacts

Stay up to date!

on Nov 22 | by Hanna Heine, 10 am

Corona-Warn-App version 2.14 introduces recycle bin feature for PCR and rapid tests

Read the Blog
on Nov 15 | by Hanna Heine

Corona-Warn-App informs users about recalled vaccination certificates

Read the Blog
on Nov 9 | by Hanna Heine

Check-In feature: Corona-Warn-App can now scan luca's QR codes

Read the Blog
This is how the Corona-Warn-App works best

Join the open-source project!

If you want to contribute, head over to GitHub to get started.

You can also read the documentation, learn about our Code of Conduct and find out how to contribute on the Community page.

Contribute on GitHub

Data privacy and security

Open Source

Open source approach

  • Coronavirus - COVID-19


    Only through transparency can we earn the trust of the end-users and increase app adoption. Our architecture document and the terms of use are openly accessible.
    Past versions of the respective terms of use can be viewed here.

  • Coronavirus - COVID-19

    Power of the community

    The power of the community increases security and data privacy protection by detecting issues early and helping to solve them.

Data Privacy

Data Privacy and Safety

  • Coronavirus - COVID-19

    Decentralized approach

    The architecture follows a decentralized approach – based on the DP-3T and TCN protocols, as well as the Privacy-Preserving Contact Tracing specifications by Apple and Google.

  • Coronavirus - COVID-19

    Two objectives

    Only personal data needed for the following two objectives will be processed:
    1. Assess personal risk of infection
    2. Learn COVID-19 test results faster.

  • Coronavirus - COVID-19

    Data Privacy document

    Details are outlined in the privacy notice of the Robert Koch Institute. Additional insights are available in the Data Protection Impact Assessment (German only), the Legal Notice for iOS and Android (German only, find English version in app) and the corresponding annexes 1a, 1b, 1c, 2, 3, 4, 5, 6, 7 uand 8. Past versions of the respective privacy notice and the initial Data Protection Impact assessment are still available.

  • Coronavirus - COVID-19

    Part of design

    It is part of the design process to ensure for each step that the app processes a minimum of required personal data that is handled with maximum protection.



  • Coronavirus - COVID-19

    Open and transparent

    No security through obscurity: we follow an open and transparent approach.

  • Coronavirus - COVID-19

    Secure Software Development Lifecycle

    Security assurance of application development through Secure Software Development Lifecycle, which includes among other things threat modeling and end-to-end risk assessment, security planning, security testing and penetration testing.

  • Coronavirus - COVID-19

    Secure hosting

    Hosting conform to BSI C5, SOC 2 and SOC1/ISAE 3402.

Our partners

Early May 2020, the German government requested SAP and Deutsche Telekom subsidiary T-Systems to deliver the official Corona-Warn-App for Germany, based on open source and a decentralized approach. The following partners are supporting the development of the app together with the involvement of the global open source community.

Boston Consulting Group Icon BCG Digital Ventures Icon Cispa Icon Detecon Icon Edelman Icon Fraunhofer Institut Icon Healthy Together Icon Helmholtz Icon msg systems ag Icon Robert Koch Institut Icon SAP Icon Telecom Icon TÜViT Icon

Join the open-source project!

Bring me to GitHub
Frequently Asked Questions about the Corona-Warn-App

More Questions?

Get the App!

Now available via App Store and Google Play Store.