22:27

Konzept zur SMS Validierung in der Luca App

Guest’s Contact Data is encrypted in luca’s client application before being uploaded to the Luca Server. Hence, luca cannot validate any personal data provided by the Guest. On the other hand, Health Departments are dependent on valid Contact Data to be able to contact Guests if necessary.

This poses a trade-off between data validity and personal data protection (cf. O1). Therefore, luca merely implements a client-side phone number validation via an SMS TAN process before registering a Guest with their encrypted Contact Data. As with any other client-side check this can be circumvented by manipulating the client software.

Dafuq?! Das meint ihr doch nicht ernst, oder?

Note to self: hier definitiv mal nachschauen, wie das implementiert ist: de.culture4life.luca.registration.RegistrationManager

Update: Doch, das meinen sie Ernst.