The Corona-Warn-App is an awesome example of how governments and public administrations can use open source software development to help citizens while simultaneously advancing the technology ecosystem. The app helps trace infection chains of SARS-CoV-2 (the virus that causes COVID-19) in Germany. The app uses a decentralized approach to notify users if they have been exposed to SARS-CoV-2.
Transparency is essential to protecting the app's end users and encouraging its adoption, and open source is a key element of achieving transparency. Open source allows anyone to use, study, share, and improve Covid-Warn-App. This is similar to the tracing apps developed by Italy (Immuni), Switzerland (SwissCovid), and partially by France (StopCovid). In contrast, Radar Covid is a new non-open source COVID-tracking app being piloted in Spain's Canary Islands; between the non-open nature of the app and the fact that the website still fails to load in mid-July 2020, it's debatable whether citizens will trust it.
Why open source transparency matters
Transparency benefits software development projects in two ways:
- Internally in the project's community, there's a sense of fair play among all the contributors because everything is in public, so everyone is accountable.
- Externally among third parties, there's a sense of trust in the project because it can be analyzed from multiple perspectives (e.g., legal, technical, project activity, development processes, etc.).
Transparency should be an essential requirement in software developed by governments. Initiatives like Public Money, Public Code and the Foundation for Public Code are doing an amazing job of helping public administrators understand why their code (our code as taxpayers) should be open source.
In early May 2020, the German government asked software developer SAP and Deutsche Telekom subsidiary T-Systems to deliver the Corona-Warn-App based on open source and decentralized technology. Many other German companies and research centers are supporting the app's development.
In addition, the global open source community has been remarkable in helping to build the app, which has already been downloaded by more than 15 million users.
Inspired by Andreas Schreiber's tweet, Jesus M. Gonzalez-Barahona did an analysis of Corona-Warn-App's development using Cauldron.io, an open source software-as-a-service application built on top of GrimoireLab, and summarized his findings on Twitter.
Corona-Warn-App saw robust software development activity through mid-June:
- More than 100 people contributed.
- More than 5,300 commits were made, with 1,600+ pull requests and 600+ issues.
Quick code reviews
Code review for pull requests is quick, usually within one day (mean: 0.36 days).
Time to close issues is also quick at about two days.
This means that most pull requests are already closed, and the gap between open and closed issues is not very large.
Commitment to fighting coronavirus spread
Contributions are coming from both corporate email accounts and private addresses (such as gmail.com, gmx.de, icloud.com, and outlook.de).
Also, there is no noticeable decline in commits over the weekend, which is unusual for software produced by employees on paid time.
These facts may be signs of contributors' sense of urgency or commitment to fighting the spread of COVID-19, even on their own time.
There is, however, a different pattern in issue and pull request submissions: they are more common during the week than on weekends, even though commits happen regularly over the week. One possible explanation for this is that developers work uniformly throughout the week but upload and interact with issues mostly during workdays.
Outstanding developer engagement
Onboarding of developers has been really quick—currently about 50 people by daily contributions and more than 100 people by weekly contributions.
These numbers are common for corporate projects, but Corona-Warn-App has assembled a team of more than 100 developers from at least six companies in just 45 days. Is this another lesson corporate software development can learn and apply from open source development?
Engagement differs in different repositories; for example, the iOS app had about eight times the commits as the Android app. Lines per commit and files per commit suggest that this is likely real development, not snapshots masquerading as development.
One worrisome piece of data is in the time to close pull requests. The mean is short, but the median is too short. That could either mean a very well-streamlined code review in a tightly coupled team or very little code review.
Corona-Warn-App is a successful example of how governments and public administrations can use open collaboration to scale up to fight a global crisis. Data saves lives, and now more than ever, we need to break silos, be transparent, and work towards a common goal.
Transparency is not only about making code publicly available. Transparency is about fairness and trust, and software development analysis is a good example of how to take advantage of transparency to better understand the software that matters to you.
If you liked this analysis, note that you can do your own with Cauldron.io, as it's free, open source software.