security-concept
security-concept copied to clipboard
lucaapp
Archived Security Overview for Luca
The client leaks the following information via the API to the luca servers: - the phone number (request URL: https://app.luca-app.de/api/v3/sms/request) - the location history (Request URL e.g. https://app.luca-app.de/api/v3/scanners/54f0a623-4753-4265-9e62-9ae1e76c2228) That means...
Hallo, gestern wollte ich mir einen Überblick über das Sicherheitskonzept verschaffen. Mein Tipp ist: Stellt (per automatischem Bauprozess oder so) auch eine PDF Version mit Nummer zur Verfügung. Das hat...
Heya, the [docs](https://luca-app.de/securityconcept/processes/tracing_find_contacts.html#notifying-guests-about-data-access) outline an assurance for guests being notified about data access by the health department after their contact data has been decrypted. With the wide rollouts of Luca...
# Overview Relying only the information contained in this repository it seems to be the case that it is possible for a malicious user to generate a forged check-in QR...
The contact form https://app.luca-app.de/contact-form/{location-id} does not send any additional data.
As the code of the webapp is freely editable, it is possible to uncomment the verification step or to change the phone number in between. This leads to a wrong...
You are stating > The encrypted private keys are stored on the Luca Server. Given that culture4life GmbH and the parties contracted to operate the Luca infrastructure at any time...
You are stating > Private keys of daily keypairs that are older than the epidemiologically relevant time span (specifically, four weeks) can be destroyed. The Luca Server removes all such...
In the security objectives you are stating > Traced Guest’s Contact Data is disclosed to the Health Department only after Venue Owners’ consent Theoretically, on initiation of a Contact Tracing...