The rki (they are the ones tracking Infektion Numbers etc here in germany) is apperently Building an App based on Trace Together. This (german) article says TraceTogether is linked to your phone number though https://www.golem.de/news/corona-app-per-bluetooth-kontaktpe...
This effectively puts proximity data in the hands of the government, violating points 3, 5, 7, 8, and 9.
> When you are close to another phone running TraceTogether, both phones use Bluetooth to exchange a Temporary ID. This Temporary ID is generated by encrypting the User ID with a private key held by the Ministry of Health (MOH).
In this case, even if it only does exactly what it says it does, the data gathered is more valuable than anything else. Complete movement profiles of an entire nation. Can you put a price tsg on that?
From that perspective whether it is open source is a secondary consideration.
Everyone generates an anonymous ID, if they come within Bluetooth proximity the devices trade these anonymous IDs. No location data is collected and none of the data is sent over the internet.
If you become infected you have the option of broadcasting your ID as being infected and others can compare the infected list against the IDs collected on their phones.
None of the data you mentioned is being collected.
Hmm, does that anonymous ID change? If not, it is not going to stay anonymous for very long as patterns will remain largely unchanged. People do tend to be creatures of habit.
I mentioned location data and if there is one thing we have learned over the past decade or so, it is that location is not gathered just from GPS ( which is the argument I assume you were making ).
edit: As for the claim, no data is sent over the internet.. I just plainly do not believe that statement. I do not understand how anyone would.
Call me a cynic, but if apps like these became popular, I'd expect to see a creeping escalation. Reel in a large user base, then slowly capture and send more data. The possibility of being able to track a nation in real-time would have the security services blowing a load in their proverbial pants.