Security: Disable screenshot function

[coder66]

I was surprised to see that I can easily make a screenshot of the QR certificate. This is an issue, because in many locations one only needs to show the code, there is no check, no scan, etc.

To prevent misuse, it is important to disable the ability to make a screenshot of the certificate.

[thomasaugsten]

Can you please give a detailed description. How we can improve the security when a person checks your QR-Code via CovPass Check and we disable screenshots for you on your device. Disabled screenshot means we prevent you of doing a screenshot and save this screenshot on your device.

[coder66]

Sorry, I do not understand your reply. The check with CovPass can be done by opening CWA app and clicking on the certificate. How does one need a screenshot to check that with CovPass - makes no sense.

The issue here is that I can make a screenshot and then give this to a friend who can show this at the entry of a location. Usually there is no identity check done and the screenshotted certificate will show a correct result when scanned with the CovPass app. This type of misuse should be prevented, the same way why banking apps do not allow you to make screenshots.

[Ein-Tim]

@coder66

As there is an export feature for certificates in the app, disabling screenshots does not improve the security in any way.

[dsarkar]

@coder66 Thank you for your question. See the FAQ https://www.coronawarn.app/en/faq/#eu_dcc_check

In Germany, third parties can only reliably check whether it is a valid vaccination certificate, recovery certificate, or test certificate using the CovPassCheck app. Additionally, an identity check with photo ID should take place. .... A pure visual check of the certificates is not sufficient, as manipulated screenshots, apps or system settings (e.g. changed date) could be used, for example. ...

Unless no check on the identity is done, the system can always somehow be tampered with. Preventing screenshots will not solve this issue. Your friend could just scan the QR code with his app, or get a copy of your paper certificate which is actually even easier.

See also: https://www.bundesgesundheitsministerium.de/coronavirus/faq-covid-19-impfung/faq-digitaler-impfnachweis.html

Wie wird dabei sichergestellt, dass die Informationen aus dem gelben Impfheft echt und nicht gefälscht sind? Bei der Prüfung der analogen Impfpässe ist besondere Aufmerksamkeit geboten. Das gilt sowohl dann, wenn der analoge Impfpass genutzt wird, um z. B. Geschäfte zu betreten. Und es gilt auch dann, wenn die Informationen von dem analogen in einen digitalen Impfpass übertragen werden. Die Fälschung von Impfpässen ist strafbewehrt. Das gilt für analoge wie für digitale Impfdokumente.

Best wishes, DS

---

Corona-Warn-App Open Source Team

[coder66]

A screenshot is an easy way to give my buddy a valid QR code. IMHO this should be prevented

[thomasaugsten]

Not using the CovPass Check is violating the guideline to check for the 3G rules. Preventing screenshot will not add security it will limit the functionality for no reasons.

Why is not adding security was already mentioned. Like Scanning if the QR code, export as pdf, copy paper, using fake website.

We also cannot prevent screenshots on rooted Android or iPhones and

[coder66]

Like banking apps, also CWA should be hardened to not allow screenshots of sensitive data. This is common practice and does not limit the functionality in any way at all.

[coder66]

Not using the CovPass Check is violating the guideline to check for the 3G rules. Preventing screenshot will not add security it will limit the functionality for no reasons.

Why is not adding security was already mentioned. Like Scanning if the QR code, export as pdf, copy paper, using fake website.

We also cannot prevent screenshots on rooted Android or iPhones and

We all know how 3G works out in the wild. Almost nobody uses the CovPass check app. Just pointing fingers on rules and regulations does not mean the issue goes away.

[DerVogel2020]

See also #3949.

[coder66]

Thx, pls merge and prioritize.

This is an issue that should be fixed. I can see headlines "CWA not secure, just make a copy of your certificates and pass to friends".......

[thomasaugsten]

My banking app is not preventing me to screenshot my sensitive information. I own the data and is my responsibility and not of the app.

Screenshot disabling is not changing the checking behavior. Please address to federal authorities to improve the federal Verordnung.

[coder66]

My banking app is not preventing me to screenshot my sensitive information. I own the data and is my responsibility and not of the app.

Screenshot disabling is not changing the checking behavior. Please address to federal authorities to improve the federal Verordnung.

I am sorry, this is unacceptable. CWA needs to take ownership and ensure secure operation. We call the above "Realitätsverlust" in German......

[thomasaugsten]

Preventing screenshot is not adding security.

Can we close the ticket?

[coder66]

No, it is not resolved

[thomasaugsten]

This will not be merged is already discussed with BSI and also the press understand is is not adding security.

To handover a copy please use the integrate export function than you can also handover a paper copy to your friend.

This means we can close it?

[coder66]

No, I disagree and this should be re-discussed. I checked again and my banking apps do not allow screenshots (Norisbank, Deutsche Bank and Sparkasse).

[thomasaugsten]

At the moment there is no reason for re-discussion there are no new fact to discuss.

Here are screenshot of the Sparkassen app

[coder66]

Also, I am wondering why the CWA team is downplaying this. It is an additional security which prevents people from making and sharing screenshotted QR codes of certificates. We all know this is illegal and so on, but we also know that fake stuff is happening. In that sense, it should be 1st prio to make the copying of certificate data as secure as possible. Making a screenshot is not really secure and for that reason it should be blocked.

The Sparkassen App does not allow screenshots of logged in accounts unless you specifically allow that in the settings. In the Noris/Deutsche Bank there is no option like that and screenshots are not possible at all. You are showing the login screen, that is invalid proof.

I am wondering why there is such a hesitance against additional, free security? We all want this pandemic to end and provide the highest security for users.

My main driver here is from being exposed to 3G in the public. The QR code is shown and almost never checked with CovPass Check. I have never been asked to show ID.

It is this "reality" which makes me drive this request. Yes, I am aware of regulations and laws, but they are not adhered to. So, it is easier to make the CWA app more secure and prevent possible misuse.

[DerVogel2020]

@coder66 what if you export the certificate and share the PDF file via WhatsApp or any other messenger? You can also screenshot the qr code in the PDF file.

[coder66]

@coder66 what if you export the certificate and share the PDF file via WhatsApp or any other messenger? You can also screenshot the qr code in the PDF file.

Yes, this is also an issue but due to the fact that exporting is a more complex method it will be less "obvious" for users. My approach here is to take all measures to prevent misuse of vaccination data. We know this is happening, and it potentially prevents us from getting closer to ending the pandemic.

[thomasaugsten]

Please open a new ticket to discuss how to improve the CovPass check usage. But a screenshot prevention in the Android CWA will not help here.

Please use the export functionality to share QR codes with family and friends. It is not complex open your certificate click on more and then export.

Closing because discussed multiple times and declined multiple times

[coder66]

Please open a new ticket to discuss how to improve the CovPass check usage. But a screenshot prevention in the Android CWA will not help here.

Please use the export functionality to share QR codes with family and friends. It is not complex open your certificate click on more and then export.

Closing because discussed multiple times and declined multiple times

Declining was "makes no sense to do". That is not a valid reason. I am aware that there is no big interest to do this - but the reasons are a bit too much "we just don't want to do this because we don't want to do this". This is not an ideal approach, as it makes one feel bad when actually we all are really trying to suggest how to make the app better and more secure.

Also the screenshot prevention has nothing to do with CovPass check - Why do you think these two relate?

[thomasaugsten]

Declining because multiple parties like BSI, SAP, TSI and external security expert see no security improvement in disabling this feature.

You mention multiple time you will add this because nobody is using the CovPass Check you will disable screenshot in the CWA. It makes more sense to enforce the CovPass Check usage.

[coder66]

First of all how did you discuss this so quickly with all involved?

Secondly, suggesting more usage of CovPass app is an excuse to not do anything about this.

This indifferent attitude also results in no progress.

[thomasaugsten]

Because we are discussing security topic before we release in thread modelings with all parties and not waiting for github issues.

Yes only CovPass Check add security to the process and allows to prove the QR code

No change on the CWA side will add security because it can manipulate at any time.

[coder66]

Sorry, you do not seem to understand or want to understand.

Please explain how disabling a screenshot of the QR code of my certificate (which is a key personal piece of information), is the exact same thing as enabling the making of a screenshot.