You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

github.com/icco/exposure-notifications-server

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/icco/exposure-notifications-server

v0.0.0-20201005193532-36e35446bd40
Source
Go
Version published
Created
Source

Exposure Notification Reference Key Server

COVID‑19 Exposure Notifications API

Exposure Notification Reference Key Server Documentation

In our continued effort to help governments and health authorities during the COVID-19 pandemic, we have authored an open source reference implementation of an Exposure Notification Key Server.

The server reference in this repository implements the Exposure Notifications API and provides reference code for working with Android and iOS apps that are built by public health authorities. The reference server source code is available on GitHub and can be deployed on any infrastructure or cloud provider selected by a public health authority.

Our hope is by making this privacy-preserving server implementation available to health authorities, we can enable their developers to use the open source code to get started quickly.

Overview

The server is responsible for the following functions:

  • Accepting the temporary exposure keys of affected users from mobile devices.

  • Validating the temporary exposure keys using the device attestation API.

  • Storing the temporary exposure keys in a database.

  • Periodically generating incremental files that will be downloaded by mobile devices to perform the key matching algorithm on the mobile device.

  • Sending a public key to devices, and digitally signing the incremental files with a private key.

  • Periodically deleting old temporary exposure keys. After 14 days, or configured time period, the exposure keys can no longer be matched to a device.

Tutorials and reference documentation

You can read tutorials on deploying and using the reference Exposure Notification Key Server here:

Issues and Questions

You can open a GitHub Issue. Please be sure to include as much detail as you can to help aid in addressing your concern. If you wish to reach out privately, you can send an e-mail exposure-notifications-feedback@google.com.

Contributing to this project

Contributions to this project are welcomed. For more information about contributing to this project, see the contribution guidelines.

FAQs

Package last updated on 05 Oct 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Introducing Socket MCP for Claude Desktop

Product

Introducing Socket MCP for Claude Desktop

Add secure dependency scanning to Claude Desktop with Socket MCP, a one-click extension that keeps your coding conversations safe from malicious packages.

By Alexandros Kapravelos  -  Jul 29, 2025
Introducing Scala and Kotlin Support in Socket

Product

Introducing Scala and Kotlin Support in Socket

Socket now supports Scala and Kotlin, bringing AI-powered threat detection to JVM projects with easy manifest generation and fast, accurate scans.

By Peter van der Zee, Eli Insua  -  Jul 28, 2025
AI + a16z Podcast: Vibe Coding, Security Risks, and the Path to Progress

Application Security

/

Security News

AI + a16z Podcast: Vibe Coding, Security Risks, and the Path to Progress

Socket CEO Feross Aboukhadijeh and a16z partner Joel de la Garza discuss vibe coding, AI-driven software development, and how the rise of LLMs, despite their risks, still points toward a more secure and innovative future.

By Sarah Gooding  -  Jul 25, 2025