A security vulnerability in the infrastructure underlying Germany s official contact-tracing app would have allowed pre-authenticated remote code execution. The Corona-Warn-App (CWA) was commissioned by the German government and built by SAP and Deutsche Telekom using the GitHub development platform. The app was released in June after only 50 days in development, according to SAP. It functions by exchanging anonymous tokens through the exposure notification API from Apple and Google, over Bluetooth Low Energy.
Source: https://threatpost.com/german-covid-19-contact-tracing-vulnerability-rce/161419/