“Korona Stop LT” was created as instructed by the Ministry of Health of the Republic of Lithuania (hereinafter – MoH), commissioned by the National Public Health Centre under the Ministry of Health (hereinafter – NPHC). In accordance with the provisions of the legal acts on personal data protection the MoH supervises the compliance with the data processing regulations, and acts as the personal data controller. That means that the MoH issues instructions regarding processing of personal data. The data protection officer at the MoH is available at: Vilniaus St. 33, LT-01506, Vilnius, Lithuania (address the mail to the data protection officer at the MoH), or by e-mail: firstname.lastname@example.org. The MoH has instructed to ensure the security of the application data and the implementation of your rights (in accordance with the General data protection regulation, GDPR) to the NPHC. The data protection officer at the NPHC is available at: Kalvarijų St. 153, LT-08221, Vilnius, Lithuania (address the mail to the data protection officer at the NHPC), or by e-mail: email@example.com.
Frequently asked questions
No, downloading and using the app is entirely voluntary. While it is not mandatory, it is highly recommended. The app has two functions: it enables you to register and share your Covid-19 case electronically, and it helps to identify possible exposures you have had to people diagnosed with COVID-19. You are free to decide whether to submit your Covid-19 case and notify people who may have had contact with you over last 14 days. Nothing will happen without your explicit consent. There are no fines for using it. You can start using it at any time and stop at any time as well and then restart whenever you like.
Viruses such as COVID-19 can spread before symptoms occur, therefore, an infected person may spread the disease without the knowledge of themselves and others. This means that by the time the symptoms appear, the virus may have already spread to others, and it is not enough for symptomatic people to stay at home to stop the virus from spreading. Through the Korona Stop LT app, an infected person can quickly inform all people with whom they have been in close contact during the infectious period. In this way, the app users can find out about a possible infection early on and take steps to protect themselves and the health of others. By using the Korona Stop LT app, you contribute to reducing the number of infections in Lithuania, regardless of whether you are infected or in close contact.
Phones that use the app register the Bluetooth signals from other nearby phones. If the signal is sufficiently close and long enough, an anonymous code referring to a close contact will be stored in their phone. If a person now confirms their infection with the Korona Stop LT app, the anonymous keys on their device will be uploaded to a central server where all users can download them. It is not possible to identify a person based on an anonymous code. The user’s phone compares whether the infected person’s anonymous code matches a code previously stored on their phone. If so, the user is considered to be a close contact and they will be notified. It will not be revealed to the user who the infected person was with whom they were in contact with, or any other information that would allow the indirect identification of the infected person.
The Korona Stop LT is a mobile app that helps limit the spread of the COVID-19 virus with the help of the app users. The purpose of the app is to inform the close contacts of those infected with the coronavirus and, therefore, to provide them with initial instructions on how to proceed. In this way, the user can quickly find out about possible close contact with a COVID-19 infected person, allowing them to take steps to protect their own health and the health of others.
Yes, in that case you have to use your mobile data and you will be charged depending on your data plan.
The Korona Stop LT updates the risk status at least every 24 hours. The actual time can lag behind for a few hours from the time of the day before.
Updating only around every 24 hours is due to API restrictions and to ensure consistency between the Korona Stop LT versions for iOS and Android.
First of all: The app fulfills accessibility requirements and supports all accessibility features of your phone's operating system.
In general, you're not required to make phone calls in connection with the Korona Stop LT. In case of Covid-19 infection, you will get SMS with Case approval code, which you can enter into the app. .
Yes, you can if you already had the Korona Stop LT installed before leaving to other country.
This is how the app works:
- All devices that have the Korona Stop LT installed send and receive pseudonymized keys, which are saved locally on your device. A Bluetooth connection is only necessary for sending and receiving pseudonymized keys.
- If you are diagnosed with COVID-19, you can upload your diagnosis keys to the server. At regular intervals, all devices with the app receive these keys from this server and check if they have saved a matching key via Bluetooth. For uploading, your phone must be able to access the Internet, for example, using WiFi or mobile data.
- If there is a match between a key downloaded from the server and a key saved locally on your device, this means you were exposed to a person who has been diagnosed with COVID-19. Matching the encounters does not require a Bluetooth connection.
Uninstalling the app should always be a last resort for solving one of the known or other issues with the app.
Since the app cannot delete the exposure logs by itself, whether they are cleared or not is a decision of the Exposure Notification Framework.
In the current version, uninstalling the app on iOS devices leaves the exposure log intact without any guarantees for the duration of storage.
On Android devices, the current implementation deletes the 'database and keys' from the device when uninstalling the app. Hence, you should expect that the collected random IDs are deleted when the app is uninstalled.
The way un-installation is handled can change without notice and without changes to the Corona-Warn-App itself. Therefore, only uninstall the app as a last resort to resolve an error and only when instructed to, e.g., by the hotline or developers on GitHub.
We recommend that before you re-install the app, you try clearing the app data first as this will not delete the random IDs:
- On iOS devices, choose 'Settings' -> 'Reset App' on the home screen.
- On Android devices, choose the three dots at the top right corner of the home screen and select 'Settings' -> 'Reset App'.
No, they are not included in the backup. This also means that you can't restore the collected random IDs on the same or a different phone.
If you transfer your data to a new iPhone using iTunes, or restore a backup, the app does not work properly. On the start screens, you end up in a loop, or the exposure logging cannot be activated. The risk status is not displayed.
Please reinstall the Korona Stop LT app on your new iPhone.
Yes. The option in Control Center (see Use Bluetooth and Wi-Fi in Control Center) only disconnects your phone temporarily from any Bluetooth accessories that are currently connected. Bluetooth itself remains activated in the system settings.
Then, encounters with the other phones that have the Korona Stop LT running are not logged, because the phones do not exchange the random IDs. Therefore, make sure to have Bluetooth and for Android, the location services, active whenever you meet someone, be it guests or when you're on the road.
For phones running Android, the location services have to be active, but the Korona Stop LT does not use the location information. You can deny other apps to use your location, if you want: see I'm asked to activate my location.
Yes. As long as you have activated exposure logging in the app and Bluetooth is on, encounters are logged in the background. The app itself doesn't have to be open for this. You can minimize it or use 'swipe-to-quit' to close it.
To be on the safe side, open the app once a day after 24 hours. You'll find more info at This is how the app works best.
For the risk status to be updated automatically, make sure that background updates are active . For all the info, see these FAQ:
Date and time at which the check happened.
This is the number of keys that your phone collected for which there is a matching diagnosis key. If the number is not 0, then you had an exposure. If your risk status stays green, that is, 'Low Risk'.
For each day, there is an entry for each of the last 14 days.
The Korona Stop LT app functions through private communication between phones. If you are heading somewhere and may come into contact with other people, it would be really beneficial to carry a phone with you that has the app for the best results. You should also make sure that your phone has Bluetooth turned on.
If you were notified by the app, it only means that you have probably been in close contact with someone infected with the coronavirus. This does not mean that you will definitely get sick. It is now important to stay home and observe your symptoms. For example, if you have a dry cough, fever or breathing difficulties, please contact your family doctor who will arrange for you to be tested and treated. Additional information and recommendations will be provided in the App.
The technical hotline and email support service (telephone +370 619 54870, email firstname.lastname@example.org) will help you with technical questions about the Korona Stop LT, for instance if you have problems with risk identification. You can reach the hotline and get an answer to your email on mondays-thursdays 8.00–12.00 a.m. and 00.45–5.00 p.m., fridays 8.00–12.00 a.m. and 00.45–3.45 p.m. (except on Lithuanian public holidays). The cost of the call depends on your telephone company's tariffs or service plan.
The websites of the Lithuania Government are offering general information about Koronavirus: https://koronastop.lrv.lt/en/.
National Public Health Center under the Ministry of Health also provides information on epidemiological aspects: http://nvsc.lrv.lt.
As Bluetooth is a positioning technology, it is formally a part of Android location services. Turning on Bluetooth in an Android application will therefore require you to permit the app to use location services. We assure you that Korona Stop LT does not gather any information about your location.
To increase the security of your device in general, you should always install the latest security updates as well as the latest operating system version for your device. By doing this, you make sure that your device fulfills the latest security specifications of the Bluetooth protocol that are available.
Especially Android systems should always be on the latest Android version (typically published in the previous month, see Android Security Bulletins). Here you can find detailed information on how to find the latest Android version for your device: Check & update your Android version.
Your location and data about your possible exposure to people diagnosed with COVID-19 are never stored centrally. At any given point, the system is only aware that a diagnosis key belongs to a person diagnosed with COVID-19. The system does not know who this person met, nor when or where the encounter took place. No identification is required for the app to identify that an encounter took place. Linking the app to any social media profiles is not, and will not in future, be implemented in this project.
Your device generates temporary exposure keys. These are generated randomly and only on your device. It is cryptographically not possible to trace two randomly-generated diagnosis keys back to a device without having further information or gaining access to the device's secure storage. In addition, only keys from the last 14 days are reported. It is not possible or planned to track any other data.
As mandated by the General Data Protection Regulation (GDPR), data minimization is a paramount principle in the implementation of the app. The only inputs that users can and have to provide to the app are:
- Permissions for using the exposure notification framework
- TANs for test result verification
- Consent to upload daily diagnosis keys
Location data is not and cannot be collected by apps using the exposure notification framework. Diagnosis keys are only stored centrally for the epidemiologically relevant period of 14 days and removed automatically after that period.
Devices in close proximity to yours collect “rolling proximity identifiers” (RPI). These are IDs that guarantee data privacy and change constantly in short intervals, thereby preventing devices from being tracked. Apart from these IDs, other devices in close proximity cannot retrieve any other information from your device. These IDs can only be linked to pseudonymous diagnosis keys, which are needed to perform risk identification. A connection with user IDs or your device's International Mobile Equipment Identity (IMEI) is not possible.
Since these IDs change every 10-20 minutes, a person sitting next to you every day in a bus could not link you to an ID even if the list of available RPIs was visible. The only time you must identify yourself is if you give your consent to upload your diagnosis keys via TeleTAN. This identification is just for verification reasons and does not disclose any other personal information. You could even use a different device to upload your diagnosis keys instead of the device on which the Krona Stop LT app is installed.
Bluetooth is used to send constantly changing random IDs from other devices that have installed the app. No personal, geo-location, or other location data is sent or stored.
Using the Exposure Notification API from Google and Apple, the random IDs remain in a secure area of the device's operating system. The matching, which determines whether someone has been exposed to an infected person, is performed on the local device. The device does not send any data for matching.
As soon as a user is diagnosed with COVID-19, they're asked to share their temporary exposure keys from the last 14 days. These keys can only be accessed by the Exposure Notification API if the user actively gives consent.
The app itself does not store any information about individual potential exposure events. The Exposure Notification Framework, on which the app is based, stores the visible Rolling Proximity Identifiers (RPIs) on the devices that are located in close proximity and within a defined time period. Even if the central server infrastructure is compromised, this information cannot be linked back to a device without having access to it in the first place. Even then, the app itself cannot access the RPIs. Diagnosis keys can only be accessed with user consent and then only for a short period of time. Information that links diagnosis keys and connection metadata is removed before this data is processed.
Yes. Decentralized data storage on user devices guarantees data privacy.
We are working very closely together with experts from the data privacy community and coordinating with one another throughout the development process. We also prepared a separate document dedicated to data security, which is published here.