A variety of questions will be asked about your iOS GAEN mobile app, please review with your team and also see previous answers provided for reference.
** Note: Please review all questions and provide detail related to your Health Authority.
What is the main purpose of this app?
During the TestFlight Beta stage it would be to test and ensure Exposure Notifications are working and performing as expected.
In an official public release it would be to use Exposure Notification System to provide digital contact tracing for COVID-19.
Who is the intended/target audience?
During the TestFlight Beta stage it is intended for Health Authority Project team and Employees, PathCheck Volunteers and Developers.
In an official public release it would be for citizens of Health Authority.
What permissions does the app ask for (location, bluetooth, contacts, HealthKit, Clinical Health Records etc.) and what are the permissions strings for each? If necessary, please provide English translations of the permission string.
The app has language to ask for permission to send Exposure Notifications.
“To be notified about updates to your exposure history, your phone needs permission to exchange anonymous Bluetooth random ID with other devices. Exposure notifications only work with other devices with the setting enabled. You can turn off these notifications at any time.”
The app’s React Native library contains code for push notifications but the app does not send any and does not ask for permission to send push notifications at this time.
Are these permissions required or optional?
Optional
Are there other uses of these permissions besides those listed in the permission string?
No
What personal information does the app require? List each separately with reasons why it’s required.
The app requires no personal information.
What personal information is optional? List each separately with reasons why the app is requesting it.
The app requests no optional personal information.
Who in your organization has access to the information you collect?
The app does not collect information. Developers with access to the App Store can see aggregated daily download and installation data.
Is any of this data shared with any other parties? If so, provide details.
No data is collected, so there is none to be shared.
Beyond the permissions already described, what other disclosures and user consent steps does the app contain?
None.
What jurisdiction(s) (i.e. region, state, country, etc.) is this app intended for?
Has this app been authorized for use by the government of that jurisdiction?
Yes
Is this the sole app authorized to provide COVID-19 related services in this jurisdiction?
Yes, currently.
Is the jurisdiction this app is intended for use in expected to change or expand?
No
Is the use of any features of this app mandatory in these jurisdictions?
No
If so, what are the consequences and other options available to individuals in the jurisdiction that cannot or do not install the app?
N/A
Will you be applying for and transitioning this app to use the Exposure Notification APIs?
This app already has GAEN entitlements.
Do you plan to remove any app with quarantine management or contact tracing functionality from the App Store once the need for those apps has passed (i.e. once the COVID-19 pandemic is over)?
Yes
If your app is contributing to or conducting research related to the COVID-19 pandemic, please provide detailed answers to these additional questions:
Provide proof of approval from an independent ethics review board.
N/A
Provide steps to locate the disclosure and consent mechanisms required under 5.1.3(iii). If done outside of the app before the user receives login credentials, provide the associated consent forms.
N/A