Frequently Asked Questions

General

Which is the current version of AusweisApp2?

Your update to version 1.16.x does not work / The predecessor version is preserved despite the update? (Windows operating system)

The AusweisApp2 does not start on Mac OS X / macOS?

The AusweisApp2 does not start on Mac OS X 10.10 (or later versions) / cannot be updated?

The card reader or the identity card/electronic residence permit is not recognized?

CAN, PUK, PIN and Transport PIN – What are they and when do I need them?

How can I change my (transport) PIN / Error "Time exeeded"?

Which screenreaders can be used?

How do I uninstall AusweisApp2 completely?

Can the Android app only be downloaded from Google Playstore (with a Google account)?

Virus scanner or firewall prevent functions of the AusweisApp2?

Providers

Which services are available and why you can not use each of them on mobile operating systems

Requirements

Which operating systems are supported by AusweisApp2?

Which browsers can be used with AusweisApp2?

Which card readers are supported by AusweisApp2?

Why are Linux and Windows 10 mobile not supported by AusweisApp2?

Online identification function

What is the online identification function?

Where can I use the online identification function?

Card readers and NFC function

Card reader problems?

What is NFC?

Why do you need NFC for (mobile) use of the AusweisApp2?

Why can't the iPhone 7 (Plus) read some ID cards (Errorcode "disconnection")?

Why can't the NFC interface in the iPhone SE and 6S (Plus) be used for the AusweisApp2 despite iOS 13?

Why does the online ID function not work even though contactless payment via NFC (Google Pay, Apple Pay etc.) works perfectly?

Which mobile devices can be used for the Online Identification Function via NFC?

How to use a smartphone or tablet for direct readout via NFC

How to use an NFC-enabled Android device as a card reader (from another mobile device or a PC)

Why can't I use the NFC interface on my iPad?

Why can't I connect a normal card reader to a mobile device via micro USB?

The issue of Extended Length on mobile devices

The issue of field strength on mobile devices

How do I get a stable connection on mobile devices?

Is identification on mobile devies as secure as with a card reader?

Is there an alternative technology for mobile devices?

General

Which is the current version of AusweisApp2?

Currently the version 1.16.2 (Windows / Mac and Android)/1.18.2 (iOS) is available for download. You can find the version number of your AusweisApp2 in the menu entry "Help" – "About AusweisApp2" / "Version information".

Your update to version 1.16.x does not work / The predecessor version is preserved despite the update? (Windows operating system)

When updating to version 1.16.x, the previous version will not be removed.

Please go into the control panel of your computer and uninstall the older version manually.
After this is done the already installed, current version can be opend.

The issue of the incorrect deletion is caused by a change in the installation process: Since version 1.16.x, the installation on Windows will be done for all users accounts. As a result, an older version of AusweisApp2 that has been installed only for single user accounts will not be detected / removed.

AusweisApp2 does not start on Mac OS X / macOS?

The app is designed in such a way that it isn't permanently in the foreground, so you won't find it at the bottom of the Dock bar, as is often the case, but at the top of the menu bar.
There are two ways to call a service: Prerequisite one is that the program has been started. The AusweisApp2 does not come from the App Store, so it should be opened with the right mouse button. Additionally, downloads from the App Store and verified developers must be allowed in the settings.
Now, in the second step, you can either open the AusweisApp2 via the menu bar and open a service via the provider list, or you can start an authentication via the website of a service provider, then the app automatically comes to the foreground if it was previously started.

AusweisApp2 does not start on Mac OS X 10.10 (or later versions) / cannot be updated?

The latest security update for Mac OS X 10.10 (Yosemite) was released by Apple on July 19, 2017 (https://support.apple.com/en-us/HT201222). AusweisApp2 only supports current and maintained operating systems with a market share of at least 5%. This no longer includes Mac OS X 10.10 (Yosemite). Therefore, the app can no longer be started or updated under this operating system (Caution: the system will not inform you accordingly). According to the website, Apple offers a free update to macOS 10.14, under which AusweisApp2 can then be reinstalled.

Note: The version Mac OS X 10.11 is also no longer supported by us with version 1.18. Please update your operating system if you want to use the AusweisApp2 after summer 2018.

The card reader or the identity card/electronic residence permit is not recognized? / Your Android device does not recognize your ID card?

Stationary operative systems:
Failure to recognize your card reader or ID card may be related to an outdated device driver. Please make sure that your device driver is up-to-date and install a more recent version if necessary.

Note: As only being the manufacturer of the software AusweisApp2, we have no influence on the software actuality of third party providers.

Your mobile device does not recognize the online ID card or reports "ID card removed"? (Direct readout)
There can be several reasons for this:
a) The ID card has been moved and lost contact with the NFC interface.
b) The position of the ID card is not optimal or the field strength on the NFC chip is too low. In the course of the identification process, the identity card will then not get enough energy.
c) Some mobile devices deactivate the NFC interface after prolonged contact with the card for power-saving reasons, as known to Samsung, for example. Unfortunately, the AusweisApp2 can not influence this behavior. An NFC connection can then only be re-established after either the screen has been switched off and on again or NFC deactivated and activated again.
d) Sadly the iPhone 7 is not able to read each ID card. You may receive the error "Link to ID card lost". As manufacturer of the AusweisApp2 we can not influence this behavior.

Mobile devices as card reader:
When using a mobile phone as a card reader, please read the article "How to use an NFC-enabled device as a card reader (on another mobile device or PC)". If you select the menu item "Compatible devices", you will find an overview of the suitable Android smartphones.

CAN, PUK, PIN and Transport PIN – What are they and when do I need them?

Transport PIN
You received a 5-digit transport PIN by mail, which you have to change to a new 6-digit personal PIN. You can do this in AusweisApp2 on the "PIN Management" tab: How to change the (transport) PIN.

CAN
The card access number (CAN) is only required if you have entered the wrong PIN two times. In order to prevent that a wrong PIN is entered for a third time without your consent, thus blocking your card, you have to enter the CAN at this point. The CAN is a 6-digit number that you can find on the front side of your ID card at the bottom right.

PUK
After the wrong PIN was entered three times, the PIN will be blocked. You can use the PUK that you received with your PIN letter to unblock your ID card. However, the PUK can only be used up to ten times. After entering the PUK, you have to enter the correct PIN.

PIN forgotten
For security reasons, it is not possible to restore the PIN in AusweisApp2. The Bundesministerium des Innern (Federal Ministry of the Interior) offers a lot of information regarding the national identity card on the http://www.personalausweisportal.de/EN/Home/home_node.html pages. You can get a new PIN at the authority where you picked up your ID card for a fee of 6 Euro. Further information is available here: http://www.personalausweisportal.de/EN/Citizens/Electronic-Identification/all-you-need/PIN-PUK/PIN-PUK_node.html.

Transport PIN wrongPlease contact the authority which issued your ID card. They are able to check whether your electronic ID card functions correctly and whether the transport PIN was transmitted wrongly.

How can I change my (transport) PIN / Error "Time exeeded"?

After applying for your ID card, you will receive a letter with information about the online identification function by post. The letter contains your transport PIN, your PUK, and a password for blocking the online identification function. Before you can use your ID card online, you have to replace the 5-digit transport PIN with a 6-digit personal PIN. You can do this free of charge when picking up your ID card, or you can do it later in AusweisApp2 (go to PIN Managerment > Change PIN). This requires a card reader suitable for the online identification function.

In the case of a card reader with a display, enter the transport PIN, and then enter your new PIN twice without having been explicitly pointed out (Enter transport PIN -> OK, enter new PIN -> OK, enter new PIN-> OK). Please note that the time required for the process is one minute.

You can later change your PIN again in AusweisApp2 at any time.

Which screen readers can be used?

AusweisApp2 for the operating system Windows supports the screen reader "JAWS." AusweisApp2 for the operating system Mac OS X / MacOS / iOS supports the built-in screen reader "VoiceOver".

How do I uninstall AusweisApp2 completely?

For Windows:

Uninstall AusweisApp2 via:
Start menu>Programs>AusweisApp2>Uninstall. This removes all files and the desktop icon of AusweisApp2 from your computer. For a complete removal you have to delete the following entries manually:

Registry entries:
-    Delete the complete folder Governikus GmbH & Co. KG
-    Delete the entries for AusweisApp2 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

NoScript settings in the Firefox browser:
-    Delete rule, if applicable

For OS X:

Delete AusweisApp2 from the applications folder. This removes all files and the desktop icon of AusweisApp2 from your computer. For a complete removal you have to delete the following entries manually:

Delete the file "com.governikus-gmbh-co-kg.AusweisApp2.plist". This file is located in one of the following directories: "$HOME/Library/Preferences/" or "/Library/Preferences/".

Open the tab "Login Items" under "System Preferences" -> "Users & Groups" -> "Current User". Delete the entry "AusweisApp2" from the list.

NoScript settings in the Firefox browser:
-    Delete rule, if applicable

Can the Android app only be downloaded from Google Playstore (with a Google account)?

If you do not have a Google account or do not want to download the Android version of AusweisApp2 from Google Playstore for any other reason, you can send a request to our Support to be sent the apk file of AusweisApp2 for Android. You can then load this version directly to your device. The AusweisApp2 can also be downloaded from the open source platform Github. These versions can then be downloaded directly to your device.

Please note that in this case you will not receive any automatic updates. For this reason, we do not recommend this approach.

Virus scanner or firewall prevent functions of the AusweisApp2?

If you are using a firewall or virus scanner that differs from the default settings, it may be that the AusweisApp2 is blocked.
To be able to use the AusweisApp2 despite the settings you have made, you also have the option of entering an exception for the app.
If you need help with the settings, please contact our support.

Providers

Which services are available and why you can not use each of them on mobile operating systems

At https://www.ausweisapp.bund.de/en/online-identification-function/provider-list/ you will find a list of all the providers / services who have send us their service information for publication. For data protection reasons there is no automatism here.

Right now most of the service providers still have to become active to make sure their offer is usable under the mobile operating system iOS. The reason for theirfore is that calling the AusweisApp2 from the actual service requires a minimal change to the website. (On desktop systems, the call URL is http://127.0.0.1:24727/eID-Client, on mobile systems the call URL is eid://127.0.0.1:24727/eID-Client.) We have already pointed this out to the service providers known to us and are in close contact with them, but of course we have no influence on the time of implementation. If this so-called mobile call has not been implemented, you will receive the error message "127.0.0.1 / No connection to server..." on your smartphone. In this case, please inform the service provider directly about the circumstances. On stationary operating systems you may receive the message "The AusweisApp2 is not yet started". In this case, please start the AusweisApp2 and call the respective service again.

Requirements

Which operating systems are supported by AusweisApp2?

Windows 7 SP 1 and higher, 8 and 10 as well as OS X 10.11, macOS 10.12, 10.13, 10.14 and Android 5.0 and higher and iOS 13.1 and higher.

Which browsers can be used with AusweisApp2?

The Federal Office for Information Security (BSI - Bundesamt für Sicherheit in der Informationstechnik) has designed the online identification function as a browser-independent call. Due to strict compliance with the corresponding technical guidelines of BSI (BSI TR-03124), the AusweisApp2 is browser-independent and supports all customary browsers. Within the scope of quality assurance the following browsers have been testet: Android System WebView 70, Firefox 64, Firefox Klar 8, Chrome 71, Internet Explorer 11, Safari 12, Edge 44.

Which card readers are supported by AusweisApp2?

In principle, all external card readers certified by the German Federal Office for Information Security (BSI - Bundesamt für Sicherheit in der Informationstechnik) are supported and tested in conjunction with AusweisApp2. We have also tested other non-certified external card readers. A list can be found here.

In addition, you can use suitable NFC-enabled smartphone for direct issuance of online ID cards or use a smartphone as a card reader on other devices. For further information select the menu item compatible devices > mobile phones and tablets.

Why are Linux and Windows 10 mobile not supported by AusweisApp2?

AusweisApp2 was developed for the most common operating systems. Only operating systems with a market share of at least 5% are supported. The market shares of the operating systems are continuously monitored.

Linux and Windows 10 mobile: Unfortunately, the required market share is currently not reached. However, with the provision in July 2017, the software has gone open source, which makes it possible to use and further develop the source code. You can find the source code at github.

Online identification function

What is the online identification function?

The online identification function of your national identity card or electronic residence permit allows you to prove your identity securely and without any doubt on the Internet, at Bürgerterminals (self-service terminals at your citizen centre) and other terminals. This function also allows you to determine the identity of any party you are dealing with on the Internet. Further information about the online identification function is available on the website of the Federal Ministry of the Interior www.personalausweisportal.de.

explainer video (in german language): An example - identify online

explainer video (in german language): Requirements for using the online ID function

Where can I use the online identification function?

You can make use of various services that use the online identification function. For example, with authorities, insurance companies, banks or others. You can find an overview of the services in the provider directory.

At this point, we would like to expressly point out that the AusweisApp2 is only responsible for the software for using the online identification function and not for the services offered. If you have any questions about a specific service, please contact the provider directly.

 

Card readers / NFC function

Card reader problems?

It may happen that your system does not recognize the connected card reader or identity card. Please download and install the appropriate driver from the card reader manufacturer. Then please restart your system. After that, the card recognition should work.

Hints for the card reader HID Omnikey 5321:
When using the card reader "HID Omnikey 5321", the card must be removed from the card reader after an authentication or PIN change, otherwise error messages may occur. Please wait a few seconds before replacing the badge.

What is NFC?

NFC stands for Near Field Communication and is an international transmission standard based on RFID technology for contactless data exchange. RFID in turn stands for radio frequency identification. This technology makes "identification with the aid of electromagnetic waves" possible. This technology allows for example mobile devices, such as smartphones or tablets to identify and locate each other automatically and contactless via radio waves. The RFID technology functions according to ISO/IEC 14443 / -4 and is designed for a range of 5 to 10 cm.

Why do you need NFC for (mobile) use of the AusweisApp2?

Your online ID card contains a so-called contactless RFID chip. This allows the online ID card to be read out via radio magnetic waves – once you have authorized the transmission by entering your PIN. An external card reader or a mobile device that can be used as a card reader (e.g. an Android smartphone) is required. The card reader or smartphone must be able to handle NFC according to the ISO standard IEC 14443 / -4. The necessary power supply of the online ID card is realized by induction.

Which mobile devices can be used for the Online Identification Function via NFC?

Not every mobile device can be used for direct readiout or as a card reader. The mobile device must support the following NFC technology requirements:

  • NFC
  • Extended Length Communication
  • NFC chip: sufficient field strength
  • Android version 5.0 and higher / iOS version 13.1 and higher via iPhone 7 and higher

At https://www.ausweisapp.bund.de/mobile-geraete/ you will find an overview of suitable mobile devices. 

Why can't the iPhone 7 (Plus) read some ID cards (Errorcode "disconnection")?

The iPhone 7 (Plus) operating system currently has incompatibilities with one of the two common variants of the NFC standard ("NFC A").
Following the international ICAO guidelines for travel documents, both variants (NFC A and NFC B) are used for ID cards and electronic residence permits.
Therefore, in combination with some ID cards on the iPhone 7 (Plus), the described problems may occur.

We have already informed the manufacturer.

Why can't the NFC interface in the iPhone SE and 6S (Plus) be used for the AusweisApp2 despite iOS 13?

The Core NFC framework of iOS is used on the software side to read NFC cards. Unfortunately, this framework is not supported by Apple at the moment for the mentioned devices.

Why does the online ID function not work even though contactless payment via NFC (Google Pay, Apple Pay etc.) works perfectly?

Not every NFC readout process is the same.

The use of the online ID card function cannot technically be compared with contactless payment. When paying contactless, the payment terminal with its strong NFC antenna only reads a small amount of data from the phone's NFC chip in one direction.

With the online ID card function, NFC communication takes place over a longer period of time in both directions. The amount of data transferred is larger and is encrypted. The power supply for the ID card is provided solely by the smartphone's NFC antenna, which is why permanent and careful positioning is important. Depending on the mobile device, low battery levels can also cause problems.

How to use an smartphone or tablet for direct readout via NFC

On many mobile devices, the online ID chip can be read out and your data securely transferred directly via NFC. To do this, your smartphone and your online ID card must be connected to each other at the respective NFC interface and the data transfer must be confirmed by entering your PIN. In addition to the basic requirement of "NFC support", three additional functionalities are required:

  1. An Android smartphone or tablet with Android from version 5.0 upwards or an iPhone with iOS 13.1.
  2. The firmware / operating system supplied by the device manufacturer or subsequently installed must support extended length communication (extended length enables the transmission of data packets with a length of more than 261 bytes to and from the online ID card or the encryption of the data).
  3. For a stable connection during data transmission, the smartphone's built-in NFC chip must have sufficient field strength.

How to use an NFC-enabled Android device as a card reader (from another mobile device or a PC)

To many users, procuring and commissioning an external card reader is not easy. For this reason, the function to use an "Android smartphone as a card reader" was developed. This feature allows you to pair a suitable mobile Android device (usually a smartphone, rarely a tablet) with a PC (Windows or Mac) or an iPhone/iPad or non-NFC-enabled Android device.

Requirements:

  1. An Android smartphone or tablet with Android from version 5.0 upwards
  2. The firmware / operating system supplied by the device manufacturer or subsequently installed must support extended length communication (extended length enables the transmission of data packets with a length of more than 261 bytes to and from the online ID card or the encryption of the data).
  3. For a stable connection during data transmission, the smartphone's built-in NFC chip must have sufficient field strength.

How it works:

  1. Both devices must be connected to the same wireless network (all devices on your network must be allowed to communicate with each other, including your smartphone. Usually you can adjust this on the router or in the network settings).
  2. Switch on NFC on the card reader
  3. Start the Remote Service
  4. Pair the devices

How to proceed:

  1. video tutorial (in german language).
  2. Online help: https://www.ausweisapp.bund.de/ausweisapp2/handbuch/1.14/de/Windows/settings-reader-detection.html

Why can't I use the NFC interface on my iPad?

Unfortunately, iPads do not have a (suitable) NFC interface, so you cannot use them for direct readout.
However, it is possible to use a smartphone (Android or iOS) as a card reader in conjunction with an iPad.
You can find out how this works in this FAQ article.

Why can't I connect a normal card reader to a mobile device via micro USB?

AusweisApp2 addresses the card readers via the so-called smart card specification/library PC/SC. This library is available for operating systems such as Windows and Mac, but by default PC/SC is not available for Android.

By the way: Users are able to add more features to AusweisApp2. That is possible because the app is open source available at Github and can be customized according to the own wishes for the benefit of the entire community.

The issue of Extended Length on mobile devices

It is necessary that both the NFC chip and the firmware used by the respective device manufacturer support "Extended Length" for the communication, so that the data and encryption can be transmitted successfully. The current generation of NFC chips commercially available in Europe already supports Extended Length as a standard. The current stumbling block is in the firmware/operating system Android.

There is a field (variable) that is read out by the AusweisApp2 to check whether your mobile device supports Extended Length or not. This variable contains the package length and is hardcoded in the operating system of the mobile device up to Android 8.0. Many mobile devices therefore pretend to only be able to transfer 261 bytes. For the readout process to work, the device must confirm that it can transmit a packet length of 500 bytes. This package length is required by AusweisApp2 and the online ID card primarily to implement the security protocols, such as PACE (encryption).

With the Android 9 operating system Extended Length is to be enabled by default (see current Change at issuetracker.google.com/issues/37005118 - this change means that smartphone manufacturers using Android can/must now configure how many bytes can be transferred in one go).

The issue of field strength in mobile devices

In practice, many manufacturers limit the field strength in order to positively influence the battery life. Unfortunately, this means that communication with the online ID card becomes unstable or does not work at all. The field strength is given when the NFC chip is supplied with sufficient power by the surrounding system (e.g. mobile device). The exact field strength specifications can be found under point 6.2 in ISO standard 14443-2. (Tags using ISO 14443 for communication are part of class 4, which results in a minimum field strength of 2.0 A/m and a maximum field strength of 12 A/m.)

How do I get a stable connection on mobile devices?

Please make sure that your mobile device is in constant contact with your online ID card. Place the online ID card directly on the NFC interface and make sure that a stable position is maintained. The NFC connection must not be interrupted during use (PIN entry, the service / readout process). The NFC chip is often not located in the middle of the mobile device. If we know about the position of the NFC interface, it will be specified at www.ausweisapp.bund.de/mobile-geraete/.
A protective cover and NFC-enabled cards (e.g. credit cards) stored inside it may further restrict connectivity.

Is identification on mobile devices as secure as with a card reader?

Using a mobile device is similar to using a basic card reader (security class 1) on a computer. The device on which the PIN is entered is always critical for security, because malware, in particular keyloggers which might read the PIN, may be present here. We recommend using current operating systems and virus scanners to prevent this.
By comparison, when using a comfort card reader (security level 3), the PIN never enters the computer and therefore cannot be intercepted.
But: With the PIN alone, no one can misuse your online ID card. The principle of possession (online ID) and knowledge (PIN) always applies. If you do not have both components, you cannot use the online ID card function.

Is there an alternative technology for mobile devices?

Yes, you can also use an external card reader for mobile use, which can be connected to the mobile device via Bluetooth. This card reader then communicates with the online ID card via NFC.
However, a direct Bluetooth connection from the smartphone to the online ID card is not possible because the online ID card does not offer a Bluetooth interface.
Currently there is only one Bluetooth card reader on the market that can be used with the online ID card: Reiner SCT CyberJack wave. Advice on pairing the device is available in our videos on YouTube.