Bad valid certificate check result for countries without business rules

Avoid duplicates

• Bug is not mentioned in the FAQ
• Bug is not already reported in another issue This issue is equivalent to the iOS issue https://github.com/Digitaler-Impfnachweis/covpass-ios/issues/42

Technical details

• Device name: Samsung Galaxy A5 (2017) SM-A520F
• OS version: 8.0.0
• First reported on App version: CovPass App 1.72.6
• Review as not yet fixed on App version: CovPass App 1.138.6

Describe the bug

If a validity check is carried out on a certificate for a country for which there are no Business Rules available then the result always returns “valid” even if the certificate is for an incomplete 1/2 vaccination series.

Steps to reproduce the issue

1. In CovPass App with no other certificates stored, tap on “+”
2. Tap Scan QR code
3. Scan in a 1/2 vaccination certificate
4. Note the result “Not fully vaccinated 1 of 2”
5. Tap back arrow
6. Tap “Check validity >” with default country “Germany” selected, screen shows:

Name
Vaccination certificate
Invalid in this country

1. Select country “Italy” screen shows

Name
Vaccination certificate
Valid

(It would have been helpful to have been able to provide screenshots from CovPass App to illustrate the issue. Screenshots are however blocked by the CovPass App Android, but apparently they are not blocked by CovPass App iOS.)

Expected behavior

• A certificate should never be listed as valid if there are no Business Rules to check against.
• Especially an incomplete 1/2 vaccination certificate cannot be shown as valid for another country.

Possible Fix

Align result to Corona-Warn-App version 2.8 which shows the result “Your certificate could not be validated” if there are no Business Rules available.

Additional context

See also CWA 2.8 announcement https://www.coronawarn.app/en/blog/2021-08-25-cwa-version-2-8/

"In addition, the project team has adapted the EU certificate check. If a country has not provided any entry rules that the Corona-Warn-App can use for checking, the certificate check will state that the certificate cannot be validated. The countries that are listed under the certificate check in the Corona-Warn-App generally recognize the certificates. However, depending on the country and the applicable rules, the relevant certificate (on its own) may not authorize entry.

Previously, the app indicated in this case that the certificate is valid in the selected country. In the text below, however, it was pointed out that there are currently no entry rules available for the selected country. With version 2.8, users can clearly see that the certificate’s validity could not be checked because the relevant country has not defined any entry rules."