Frequently asked questions

General

Which is the current version of AusweisApp2?

The card reader or the identity card/electronic residence permit is not recognized?

Do you receive the error message "A protocol error has occurred"?

CAN, PUK, PIN and Transport PIN – What are they and when do I need them?

How can I change my (transport) PIN / Error "Time exeeded"?

Which screenreaders can be used?

How do I uninstall AusweisApp2 completely?

Can the Android app only be downloaded from Google Playstore (with a Google account)?

Requirements

Which operating systems are supported by AusweisApp2?

Which browsers can be used with AusweisApp2?

Which card readers are supported by AusweisApp2?

Why are Linux, Windows 10 mobile and iOS not supported by AusweisApp2?

Online identification function

What is the online identification function?

Where can I use the online identification function?

Card readers

Card reader problems?

What is NFC?

Why do you need NFC for (mobile) use of the AusweisApp2?

How to use an Android smartphone or tablet for direct readout via NFC

How to use an NFC-enabled Android device as a card reader (from another mobile device or a PC)

Why can't I use the NFC interface on my iPad/iPhone?

Why can't I connect a normal card reader to a mobile device via micro USB?

The issue of Extended Length on mobile devices

The issue of field strength in mobile devices

How do I get a stable connection on mobile devices?

Is identification on mobile devices as secure as with a card reader?

Is there an alternative technology for mobile devices?

General

Which is the current version of AusweisApp2?

Currently the version 1.14.1 is available for download. You can see your version number in AusweisApp2 in the menu entry "Help" – "About AusweisApp2" / "Version information".

The card reader or the identity card/electronic residence permit is not recognized?

If your card reader or online ID card is not recognized, please check whether the drivers for the device are up to date. If necessary, please install the most recent drivers.

The Requirements page contains a list of supported card readers including links to the websites of the manufacturers.

Note: We, as the manufacturer of the software AusweisApp2, do not have any influence on software updates by third-party providers.

Can the Android app only be downloaded from Google Playstore (with a Google account)?

If you do not have a Google account or do not want to download the Android version of AusweisApp2 from Google Playstore for any other reason, you can send a request to our Support to be sent the apk file of AusweisApp2 for Android. You can then load this version directly to your device.

Please note that in this case you will not receive any automatic updates. For this reason, we do not recommend this approach.

Requirements

CAN, PUK, PIN and Transport PIN – What are they and when do I need them?

Transport PIN
You received a 5-digit transport PIN by mail, which you have to change to a new 6-digit personal PIN. You can do this in AusweisApp2 on the "PIN Management" tab: How to change the (transport) PIN.

CAN
The card access number (CAN) is only required if you have entered the wrong PIN two times. In order to prevent that a wrong PIN is entered for a third time without your consent, thus blocking your card, you have to enter the CAN at this point. The CAN is a 6-digit number that you can find on the front side of your ID card at the bottom right.

PUK
After the wrong PIN was entered three times, the online function of your ID card will be blocked. You can use the PUK that you received with your PIN letter to unblock your ID card. However, the PUK can only be used up to ten times. After entering the PUK, you have to enter the correct PIN.

PIN forgotten
For security reasons, it is not possible to restore the PIN in AusweisApp2. The Bundesministerium des Innern (Federal Ministry of the Interior) offers a lot of information regarding the national identity card on the http://www.personalausweisportal.de/EN/Home/home_node.html pages. You can get a new PIN at the authority where you picked up your ID card for a fee of 6 Euro. Further information is available here: http://www.personalausweisportal.de/EN/Citizens/Electronic-Identification/all-you-need/PIN-PUK/PIN-PUK_node.html.

Transport PIN wrongPlease contact the authority which issued your ID card. They are able to check whether your electronic ID card functions correctly and whether the transport PIN was transmitted wrongly.

How can I change my (transport) PIN / Error "Time exeeded"?

After applying for your ID card, you will receive a letter with information about the online identification function by post. The letter contains your transport PIN, your PUK, and a password for blocking the online identification function. Before you can use your ID card online, you have to replace the 5-digit transport PIN with a 6-digit personal PIN. You can do this free of charge when picking up your ID card, or you can do it later in AusweisApp2 (go to PIN Managerment > Change PIN). This requires a card reader suitable for the online identification function.

In the case of a card reader with a display, enter the transport PIN, and then enter your new PIN twice without having been explicitly pointed out (Enter transport PIN -> OK, enter new PIN -> OK, enter new PIN-> OK). Please note that the time required for the process is one minute.

You can later change your PIN again in AusweisApp2 at any time.

Which screen readers can be used?

AusweisApp2 for the operating system Windows supports the screen reader "JAWS." AusweisApp2 for the operating system OS X supports the built-in screen reader "VoiceOver".

How do I uninstall AusweisApp2 completely?

For Windows

Uninstall AusweisApp2 via:
Start menu>Programs>AusweisApp2>Uninstall. This removes all files and the desktop icon of AusweisApp2 from your computer. For a complete removal you have to delete the following entries manually:

Registry entries:
-    Delete the complete folder Governikus GmbH & Co. KG
-    Delete the entries for AusweisApp2 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

NoScript settings in the Firefox browser:
-    Delete rule, if applicable

For OS X


Delete AusweisApp2 from the applications folder. This removes all files and the desktop icon of AusweisApp2 from your computer. For a complete removal you have to delete the following entries manually:

Delete the files "com.governikus-gmbh-co-kg.AusweisApp2.plist" and "com.governikus.AusweisApp2.plist". This file is located in one of the following directories: "$HOME/Library/Preferences/" or "/Library/Preferences/".

Open the tab "Login Items" under "System Preferences" -> "Users & Groups" -> "Current User". Delete the entry "AusweisApp2" from the list.

NoScript settings in the Firefox browser:
-    Delete rule, if applicable

Which operating systems are supported by AusweisApp2?

Windows 7 SP 1 and higher, 8 and 10 as well as OS X 10.10, 10.11, macOS 10.12, 10.13 and Android 4.3 and higher.

Which browsers can be used with AusweisApp2?

The Federal Office for Information Security (BSI - Bundesamt für Sicherheit in der Informationstechnik) has designed the online identification function as a browser-independent call. Due to strict compliance with the corresponding technical guidelines of BSI (BSI TR-03124), the AusweisApp2 is browser-independent and supports all customary browsers. Within the scope of quality assurance the following browsers have been testet: Android System WebView 60, Firefox 57, Firefox Klar 2.5, Chrome 62/63, Internet Explorer 11, Safari 11.

Which card readers are supported by AusweisApp2?

All card readers certified by the Federal Office for Information Security are supported and tested for use with AusweisApp2. There are also serveral card readers that are not certified but work with AusweisApp2. You can find a list of both certified and non-certified card readers under the menu entry Requirements.

Why are Linux, Windows 10 mobile and iOS not supported by AusweisApp2?

AusweisApp2 was developed for the most common operating systems. Only operating systems with a market share of at least 5% are supported. The market shares of the operating systems are continuously monitored.

Linux and Windows 10 mobile: Unfortunately, the required market share is currently not reached. However, with the provision in July 2017, the software has gone open source, which makes it possible to use and further develop the source code. You can find the source code at www.github.com.

iOS: Achieves the required market share and is being further developed for iOS opertaing systems. AusweisApp2 for iOS can be tested within the field test.

Online identification function

What is the online identification function?

The online identification function of your national identity card or electronic residence permit allows you to prove your identity securely and without any doubt on the Internet, at Bürgerterminals (self-service terminals at your citizen centre) and other terminals. This function also allows you to determine the identity of any party you are dealing with on the Internet. Further information about the online identification function is available on the website of the Federal Ministry of the Interior www.personalausweisportal.de.

Where can I use the online identification function?

There are many services that allow you to use the online identification function. Many administrative authorities offer services to cititzen on the Internet and at self-service terminals. Other service providers are, for example  insurance companies or the German railway company, among others. The complete list of current service providers is available here.

Card readers

Card reader problems?

It may happen that your system does not recognize the connected card reader or identity card. Please download and install the appropriate driver from the card reader manufacturer. Then please restart your system. The card recognition should work then.

Hints for the card reader HID Omnikey 5321:
When using the card reader "HID Omnikey 5321", the card must be removed from the card reader after an authentication or PIN change, otherwise error messages may occur. Please wait a few seconds before replacing the badge.


What is NFC?

NFC stands for Near Field Communication and is an international transmission standard based on RFID technology for contactless data exchange. RFID in turn stands for radio frequency identification. This technology makes "identification with the aid of electromagnetic waves" possible. This technology allows for automatic and contactless identification and location of mobile devices such as smartphones or tablets via radio waves. The RFID technology functions according to ISO/IEC 14443 / -4 and is designed for a range of 5 to 10 cm.

Why do you need NFC for (mobile) use of the AusweisApp2?

Your online ID card contains a so-called contactless RFID chip. This allows the online ID card to be read out via radio magnetic waves – once you have authorized the transmission by entering your PIN. An external card reader or a mobile device that can be used as a card reader (e.g. an Android smartphone) is required. The card reader or smartphone must be able to handle NFC according to the ISO standard IEC 14443 / -4. The necessary power supply of the online ID card is realized by induction.

How to use an Android smartphone or tablet for direct readout via NFC

On many mobile devices, the online ID chip can be read out and your data securely transferred directly via NFC. To do this, your smartphone and your online ID card must be connected to each other at the respective NFC interface and the data transfer must be confirmed by entering your PIN. In addition to the basic requirement of "NFC support", three additional functionalities are required:
1. An Android smartphone or tablet with Android from version 4.3 upwards
2. The firmware / operating system supplied by the device manufacturer or subsequently installed must support extended length communication (extended length enables the transmission of data packets with a length of more than 261 bytes to and from the online ID card or the encryption of the data).
3. For a stable connection during data transmission, the smartphone's built-in NFC chip must have sufficient field strength.

How to use an NFC-enabled Android device as a card reader (from another mobile device or a PC)

To many users, procuring and commissioning an external card reader is not easy. For this reason, the function to use an "Android smartphone as a card reader" was developed. This feature allows you to pair a suitable mobile Android device (usually a smartphone, rarely a tablet) with a PC (Windows or Mac) or an iPhone/iPad or non-NFC-enabled Android device.
Requirements:
1. An Android smartphone or tablet with Android from version 4.3 upwards
2. The firmware / operating system supplied by the device manufacturer or subsequently installed must support extended length communication (extended length enables the transmission of data packets with a length of more than 261 bytes to and from the online ID card or the encryption of the data).
3. For a stable connection during data transmission, the smartphone's built-in NFC chip must have sufficient field strength.
How it works:
1) Both devices must be connected to the same wireless network (all devices on your network must be allowed to communicate with each other, including your smartphone. Usually you can adjust this on the router or in the network settings).
2. Switch on NFC on the card reader
3. Start the Remote Service
4. Pair the devices
How to proceed:
a.    video tutorial
b.    Online help: www.ausweisapp.bund.de/ausweisapp2/handbuch/1.14/de/Windows/settings-reader-detection.html

Why can't I use the NFC interface on my iPad/iPhone?

Apple's NFC interface is not fully accessible to applications by external developers. Currently, only "read access" to the interface is granted with access via the Data Exchange Format (NDEF). For the online identification function, however, "write access" in accordance with the protocol defined in the ISO standard IEC 14443 / -4 is required, since cryptographic commands need to be exchanged, for example in the encrypted connection between the server and the online ID card, considering PIN entry.

Why can't I connect a normal card reader to a mobile device via micro USB?

AusweisApp2 addresses the card readers via the so-called smart card specification/library PC/SC. This library is available for operating systems such as Windows and Mac, but by default PC/SC is not available for Android.

The issue of Extended Length on mobile devices

It is also necessary that both the NFC chip and the firmware used by the respective device manufacturer support "Extended Length" for the communication, so that the data and encryption can be transmitted successfully. The current generation of NFC chips commercially available in Europe already supports Extended Length as a standard. The current stumbling block is in the firmware/operating system Android.
There is a field (variable) that is read out by the AusweisApp2 to check whether your mobile device supports Extended Length or not. This variable contains the package length and is hardcoded in the operating system of the mobile device up to Android 8.0. Many mobile devices therefore pretend to only be able to transfer 261 bytes. For the readout process to work, the device must confirm that it can transmit a packet length of 500 bytes. This package length is required by AusweisApp2 and the online ID card primarily to implement the security protocols, such as PACE (encryption).
With the Android 9 operating system Extended Length is to be enabled by default (see current Change at issuetracker.google.com/issues/37005118 - this change means that smartphone manufacturers using Android can/must now configure how many bytes can be transferred in one go).

The issue of field strength in mobile devices

In practice, many manufacturers limit the field strength in order to positively influence the battery life. Unfortunately, this means that communication with the online ID card becomes unstable or does not work at all. The field strength is given when the NFC chip is supplied with sufficient power by the surrounding system (e.g. mobile device). The exact field strength specifications can be found under point 6.2 in ISO standard 14443-2. (Tags using ISO 14443 for communication are part of class 4, which results in a minimum field strength of 2.0 A/m and a maximum field strength of 12 A/m.)

How do I get a stable connection on mobile devices?

Please make sure that your mobile device is in constant contact with your online ID card. Place the online ID card directly on the NFC interface and make sure that a stable position is maintained. The NFC connection must not be interrupted during use (PIN entry, the service / readout process). The NFC chip is often not located in the middle of the mobile device. If the location of the NFC interface is known to us, it will be specified at www.ausweisapp.bund.de/mobile-geraete.  
A protective cover or NFC-enabled cards (e.g. credit cards) stored inside it may further restrict connectivity.

Is identification on mobile devices as secure as with a card reader?

Using a mobile device is similar to using a basic card reader (security class 1) on a computer. The device on which the PIN is entered is always critical for security, because malware, in particular keyloggers which might read the PIN, may be present here. We recommend using current operating systems and virus scanners to prevent this.
By comparison, when using a comfort card reader (security level 3), the PIN never enters the computer and therefore cannot be intercepted.
But: With the PIN alone, no one can misuse your online ID card. The principle of possession (online ID) and knowledge (PIN) always applies. If you do not have both components, you cannot use the online ID card function.

Is there an alternative technology for mobile devices?

Yes, you can also use an external card reader for mobile use, which can be connected to the mobile device via Bluetooth. This card reader then communicates with the online ID card via NFC.
However, a direct Bluetooth connection from the smartphone to the online ID card is not possible because the online ID card does not offer a Bluetooth interface.
Currently there is only one Bluetooth card reader on the market that can be used with the online ID card: Reiner SCT CyberJack wave. Advice on pairing the device is available in our videos on YouTube.