Vaccination Certificate in Wallet (iOS)

[kevin-kraus]

Feature description

Show a pass in Wallet on iOS for quick access in certain situations by just double clicking the side- / home button.

For example if in the future the case arises that you need a proof of vaccination for certain places to enter (e.g. restaurants), you could access the vaccination certificate quicker by using the wallet shortcuts than searching the CWA and opening the tab for the certificate there.

Problem and motivation

User acceptance, simplicity of use and speed of processing for entry controls increase.

Is this something you're interested in working on

No

---

Internal Tracking ID: EXPOSUREAPP-7811

[Ein-Tim]

I'd suggest to open this issue in https://github.com/eu-digital-green-certificates/dgca-wallet-app-ios, since I don't expect that CWA will implement any features of the vaccination certificate which the DGCA doesn't have.

[jucktnich]

I do think, that the scanning implementation should be done by the dgca (if it's even possible), but the CWA could add a wallet card by its own.

[Ein-Tim]

This is now also tracked in https://github.com/eu-digital-green-certificates/dgca-wallet-app-ios/issues/69.

[muuuh]

Please note that having to unlock the phone for opening the app and potentially handing out the phone is a privacy issue (reading mails, photos).

On the other hand, when the vaccination certificate is in the ios wallet, the vaccination information (owners name?) can be accessed by anybody with access to the phone (without need to unlock).

[dsarkar]

FYI https://github.com/Digitaler-Impfnachweis/certification-apis/discussions/37

[ezadoo]

As title of this feature-request says that vaccination certificates should be possible to import into Apple Wallet I would like to mention that also the (negative) results of rapid antigen tests could (and should) be able to import into Wallet too.

As I think much of the background-processes for creating the wallet passes would be similar, I don't want to create an additional feature-request, with this fairly similar topic, but maybe the rapid test results could be tracked in this thread too.

[kevin-kraus]

As title of this feature-request says that vaccination certificates should be possible to import into Apple Wallet I would like to mention that also the (negative) results of rapid antigen tests could (and should) be able to import into Wallet too.

As I think much of the background-processes for creating the wallet passes would be similar, I don't want to create an additional feature-request, with this fairly similar topic, but maybe the rapid test results could be tracked in this thread too.

I like your proposal as it would further more improve access speed to the information. Also, Apple Wallet Cards have a "expiring" timestamp AFAIK (See "expirationDate" here)so they could also be deleted/invalidated automatically.

I would consider creating a new issue. Your proposal is requesting changes in an other module. Therefore it has no direct connection to this issue.

[achisto]

Wouldn't any app that lets your create Apple Wallet Passes be sufficient for solving this problem? There are multiple apps that can create wallet passes from any qr-code (or barcode) you give them. And in the end the qr-code you receive after your vaccination is just that - a qr-code. 🤔

[Ein-Tim]

For your information: https://github.com/eu-digital-green-certificates/dgca-wallet-app-ios/issues/69#issuecomment-860031719 says:

Unfortunately, this is a security and privacy concern, as already discussed in the CWA GitHub. As this would allow the QR code to be visible without any sort of user validation / passcode. We have discussed this internally and came to the conclusion to not implement it because of the security concerns and that it is out of scope.

So I would not expect any development on this, sorry.

[kevin-kraus]

For your information: https://github.com/eu-digital-green-certificates/dgca-wallet-app-ios/issues/69#issuecomment-860031719 says:

Unfortunately, this is a security and privacy concern, as already discussed in the CWA GitHub. As this would allow the QR code to be visible without any sort of user validation / passcode. We have discussed this internally and came to the conclusion to not implement it because of the security concerns and that it is out of scope.

So I would not expect any development on this, sorry.

@Ein-Tim you probably could add a disclaimer that privacy is not ensured by using this feature.

Otherwise what I'm asking myself now, the privacy is also not ensured when a user is using a device not secured by any passcode / biometric authentication. Or am I wrong here? Therefore a user with no passcode should not be allowed to use the vaccination / rapid test features, right?

[Ein-Tim]

@kevin-kraus

Since I'm also only a community member, I suggest that you add your comment to https://github.com/eu-digital-green-certificates/dgca-wallet-app-ios/issues/69.

Otherwise what I'm asking myself now, the privacy is also not ensured when a user is using a device not secured by any passcode / biometric authentication. Or am I wrong here? Therefore a user with no passcode should not be allowed to use the vaccination / rapid test features, right?

I think the difference here is that the user can protect his vaccination certificate & rapid tests in the app if he wants to, but he can't protect the Apple Wallet even if he wants to...

Edit: Apparently I was wrong with that, see https://github.com/eu-digital-green-certificates/dgca-wallet-app-ios/issues/69#issuecomment-860035348.

[jucktnich]

@muuuh 1. You can disable access from Lock Screen and 2. you can only access cards which work with Apple Pay from the lockscreen https://support.apple.com/en-us/HT204003

[kevin-kraus]

Okay from the comments that I'm seeing in eu-digital-green-certificates/dgca-wallet-app-ios corona-warn-app/cwa-wishlist#69 there will be no implementation of this feature in the EU context. Otherwise will it still be implemented in the CWA? Because I cannot see any direct links between the whole EU-Certificate stuff and the CWA. Even if the EU don't want to implement it, doesn't necessarily mean that it won't be integrated into CWA.

I think that it will make a good impact for faster usage of the vaccination certificate. Even today we can see that the certificate will be needed to provide proof in more and more places daily (restaurants, events etc.). The CWA only displays the vaccination QR code. Therefore it should be relatively easy to just copy that QR-Code and insert it into a wallet pass.

Regarding the security/privacy issues I think we should give the user a explicit warning that private data could be exposed if they are using no passcode or do not turn off "Access to pass on lockscreen" in the settings. After checking that they have read the risk warning and accept the risk the user should have the choice to use the feature or not. Please stop the paternalism regarding privacy. If the user knows about the risk they should be in control if they accept it or not.

So, can we expect an implementation in CWA? @maugst

[muuuh]

@jucktnich

I wrote:

Please note that having to unlock the phone for opening the app and potentially handing out the phone is a privacy issue (reading mails, photos).

On the other hand, when the vaccination certificate is in the ios wallet, the vaccination information (owners name?) can be accessed by anybody with access to the phone (without need to unlock).

You wrote:

@muuuh 1. You can disable access from Lock Screen and 2. you can only access cards which work with Apple Pay from the lockscreen https://support.apple.com/en-us/HT204003

Don't get me wrong. I'm in favor of an option to show the vaccination status in Apple Wallet.

I wanted to point out that both in terms of implementation and non-implementation you can argue with "data protection"/security (i.e. confidentiality).

I think that a conscious setting is necessary in which the user is again made aware of the consequences. With that, it should then be sufficient.

Still, I consider an implementation through third-party apps (unsure if the qr-code format fits) or saving the QR code as lockscreen background as a workaround.

[jucktnich]

@muuuh Dunno why i wrote this 😅

[ezadoo]

@kevin-kraus

I would consider creating a new issue. Your proposal is requesting changes in an other module. Therefore it has no direct connection to this issue.

As there are currently discussed mainly the privacy concerns and possibilities of integrating the support of Apple Wallet in general I'am refraining from creating a second issue for rapid tests as it would be very similar topic, until a final decision regarding this topic in general is made.

But maybe we could keep the possibility of integrating rapid tests in a similar way too it the back of our minds.

[iMonZ]

It would be great if we could clear this up quickly! It’s already pretty late for this feature and if we wait further maybe we don’t need it anymore. I just don’t see any progression. But vaccinations and negative tests should be in the apple wallet or if this doesn’t work at least as an Apple Watch app!

[riconeitzel]

I chime in here! Would be a HUGH step towards broad anticipation! double-plus-thumbs-up

[Ein-Tim]

But honestly, if it's not possible to show the QR-Code from the Lock Screen via Apple Wallet (see https://github.com/eu-digital-green-certificates/dgca-wallet-app-ios/issues/69#issuecomment-860042008) then I don't see a benefit that huge...

Still it would be nice to have!

Edit: Maybe that with the Lock Screen is maybe not true, investigating...

[Ein-Tim]

FYI: If you want your QR-Code in your Apple Wallet now, take a look at: https://twitter.com/kkrdvc/status/1404418854231674885

[Nils-witt]

You can choose if can access the wallet when the device is locked. Here is a screenshot of the setting for it

[jucktnich]

@Ein-Tim the benefit would be fe that you can use the pass on the watch

[jucktnich]

@Nils-witt afaik that's still not possible with cards not using Apple Pay and you also don't have triggers which would lead the pass to appear on the lockscreen as a message

[Nils-witt]

Yes, there is no notification or similar to direct access a specific card in this case. But with double click on the home button the wallet requires biometrics(depending on your settings) before it shows any cards and then you can browse all of your cards.

EDIT: The switch for "Wallet" enables the biometric requirement (in the picture: it is disabled)

[heinezen]

Hello everyone,

This feature request has been declined and will not be pursued further. We have decided against this feature because of the legal restrictions and drawbacks regarding the privacy of the stored data.

---

Corona-Warn-App Open Source Team

[jucktnich]

If the dgca team decides to implement it, would this still be declined?

[iMonZ]

Hello everyone,

This feature request has been declined and will not be pursued further. We have decided against this feature because of the legal restrictions and drawbacks regarding the privacy of the stored data.

Corona-Warn-App Open Source Team

What’s with negative tests? If there is no name or identity?

[iMonZ]

Hello everyone,

This feature request has been declined and will not be pursued further. We have decided against this feature because of the legal restrictions and drawbacks regarding the privacy of the stored data.

Corona-Warn-App Open Source Team

Can you explain that further please?

[ezadoo]

I said this at the dcga-app too, I can't understand the decision and I'm disappointed.

And as you can see on the frequency of interaction, this feature is highly requested by iOS-users.

And so that's the point where my story with the CWA ends, and for the certificates will never begin.

I don't see me cluttering my device with multiple apps for certificates, test results and checkin, wich are basically all doing the same.

And because I don't want to support such hypercritical paternalism, where the users will not be allowed to decide on their own, if they want to take the risk. And as you can't prevent people from finding other ways, if they want to get this into Apple Wallet, this is nothing other than paternalism.

So the only option, and the option I will recommend everyone of my friends and family, is to use third party apps for creating passes, where the passes are generated on unknown untrusted servers abroad, like somebody already mentioned above. But there is no alternative.

As for now, I'm too hoping for Luca-App or other third-party devs, and that they are more user oriented, and so there maybe could be a chance that they implement it.

[iMonZ]

I said this at the dcga-app too, I can't understand the decision and I'm disappointed.

And as you can see on the frequency of interaction, this feature is highly requested by iOS-users.

And so that's the point where my story with the CWA ends, and for the certificates will never begin.

I don't see me cluttering my device with multiple apps for certificates, test results and checkin, wich are basically all doing the same.

And because I don't want to support such hypercritical paternalism, where the users will not be allowed to decide on their own, if they want to take the risk. And as you can't prevent people from finding other ways, if they want to get this into Apple Wallet, this is nothing other than paternalism.

So the only option, and the option I will recommend everyone of my friends and family, is to use third party apps for creating passes, where the passes are generated on unknown untrusted servers abroad, like somebody already mentioned above. But there is no alternative.

As for now, I'm too hoping for Luca-App or other third-party devs, and that they are more user oriented, and so there maybe could be a chance that they implement it.

Thanks! Actually I avoided the Luca app completely and just used the CWA app but with that feature they could bring me in. I still don’t understand why we have two separate apps that get paid twice.

[heinezen]

If the dgca team decides to implement it, would this still be declined?

@jucktnich I think https://github.com/eu-digital-green-certificates/dgca-wallet-app-ios/issues/69 was declined for the same reasons, but I was not involved in making the decision, so there could be other reasons. I can ask for further details about the decision, although most of the arguments presented in the DGC issue probably also apply here.

---

Corona-Warn-App Open Source Team

[heinezen]

@ezadoo

So the only option, and the option I will recommend everyone of my friends and family, is to use third party apps for creating passes, where the passes are generated on unknown untrusted servers abroad, like somebody already mentioned above. But there is no alternative.

Please do not recommend unsafe solutions on other services to others, especially if you know they are untrusted.

You can criticize our decisions as much as you want. That is totally okay and encouraged. What I think is not okay is to tell others to use a solution with even more privacy concerns because you don't agree with a decision that was made. Especially if there actually is an alternative, which is to store the certificate in the CWA.

---

Corona-Warn-App Open Source Team

[Hanashi]

I made now my own implentation for Apple Wallet. If CWA and CovPass would note integrate Apple Wallet, i have no other possibility.

The decission is very bad and in my opinion wrong, but that's now not my problem.

[jucktnich]

@heinezen the issue is on the dgca side in a Schrödinger's cat state

[ezadoo]

@heinezen

I don't see a problem there, it's your decision, what features you are implementing in the app.

But this is a feature that, as you can see on the interaction frequency on issues with this topic, is highly requested by iOS users. And there are apps wich solve this issue.

That apps are not untrustworthy in general, many of them have been in the AppStore for years and have really good ratings and many users.

But as the passes have to be generated on the backend servers, as they have to be signed as a technical requirement from Apple to work in Wallet, nobody can say what really happens on this servers and that the passes are not stored there forever. We have no hints that indicate something like that, but as the apps are closed source, you have no choice than trusting the developers.

And I personally can't and won't recommend solutions wich I personally don't use and when there are, from an feature and usability standpoint, better solutions for this topic.

And as there are no technical reasons for preventing the support for Apple Wallet, I see no reason for recommending people laborious solutions for this topic.

And as I said, only because you treat your users like childs, you won't stop users from doing something that they want to use and they will find a way for doing so. It's not the question if they are doing it, rather than with wich app they are doing it. You had the chance to prevent users from doing so, by providing an official and trusted way for doing that, but you chose that you know better than the users themselves, what they need and that they are not able to choose on their own.

[dsarkar]

Reopened for documentation purposes and avoiding duplicates.

[Ein-Tim]

@dsarkar Thanks. Please apply the wontfix label here.

[dsarkar]

Dear all!

We have seen this in the past already: Initially declined feature requests have been reassessed afterwards and have been implemented eventually. So, everybody is of course invited to continue to contribute (ideas, discussion, analysis, ...) to this (and all other) issue.

---

Corona-Warn-App Open Source Team

[Nils-witt]

Hello everyone,

In the last few days I worked on another app with wallet passes and here is how you create passes and distribute them to the user (as I understood it):

1. You need an template for the pass(no user data and only stored on the server) and the signing certificate from apple

2. Creating the pass (Only on the Server) and singing it + save it on the server

3. Bringing the pass to the end user through the app (Direct communication between the app and the backend; no apple servers)

4. saving the pass into the wallet with user interaction required. When the user has iCloud active for the wallet, the iPhone uploads the pass into iCloud(I think it is encrypted)

5. (Optional) Updates to the pass with APNS over Apple servers.

I don't think updates are necessary except for revoking the passes.

[riconeitzel]

If you don't wanna share your data OUTSIDE the EU, you can use this one here:

https://coronapass.fabianpimminger.com

It will not store any data and will still give you the certificate for the wallet.

Didn't try it for other countries yet, but you can give feedback here. Perhaps fabs is willing to extend this feature.

[Hanashi]

If you don't wanna upload your certificate, you could use my instructions:

https://github.com/Hanashi/impfzertifikat-wallet

[ezadoo]

As the solution from Fabian Pimminger is already mentioned, the people responsible for the rejection of this feature request should have a look at the responses in the media.

As there is stated that a single developer can develop and provide a proper solution in the time of just 6 hours, and the official authorities are not able to.

Can someone please test if this solution is working with the german certificates too?

[Nils-witt]

I just tried Fabian's soulution but in Germany you don't get an PDF, so I used an screenshot but got an 500 error.

[amandadebler]

@ezadoo

So the only option, and the option I will recommend everyone of my friends and family, is to use third party apps for creating passes, where the passes are generated on unknown untrusted servers abroad, like somebody already mentioned above. But there is no alternative.

Please do not recommend unsafe solutions on other services to others, especially if you know they are untrusted.

You can criticize our decisions as much as you want. That is totally okay and encouraged. What I think is not okay is to tell others to use a solution with even more privacy concerns because you don't agree with a decision that was made. Especially if there actually is an alternative, which is to store the certificate in the CWA.

Corona-Warn-App Open Source Team

As long as the CWA/CovPass team cannot get permission to publish your apps in the US (i.e., global) app stores, alternatives are needed and will be found. The SwissCovid app fills the contract-tracing gap in a reputable way (consider marketing it so people don’t install whatever dodgy app “Germany covid app” turns up) but now people are stuck without a good way to keep their digital Impfpasses. (Yes, person who keeps chiming in about keeping a second Apple ID, we realize you are very clever and we are very dim, but many of us live in the real, messy world and are seeking solutions that are sustainable for the real people living there.)

[Nils-witt]

@ezadoo stated that a developer could build that feature in 6 hours, i wanted to see if it is really that easy and fast. So an afternoon later: Yes, it is. It´s an pretty simple Node.js implementation: https://github.com/Nils-witt/VacxPass-Server

[ezadoo]

@heinezen

I just read an article about the vaccination certificate in Apple Wallet on an Apple-specific website.

[https://www.iphone-ticker.de/impfnachweis-im-apple-wallet-derzeit-nur-ueber-umwege-176199/]()

And they are already recommending the mentioned third-party apps for creating passes wich work with Apple Wallet, as the official Apps are not willing to integrate support for Apple Wallet.

And so many other people are going to use the third-party apps.

And a also recommend reading the comments under the article to see how many iOS-Users are requesting this feature and how the mood about the decision is.

[heinezen]

@ezadoo @Nils-witt @riconeitzel @amandadebler

We do not recommend storing the certificate in the Apple Wallet due to privacy risks involved. Whether the CWA implements the feature does not change the risk here. This is the reason why the feature was rejected in the first place.

You can still use other methods than Apple Wallet to store the certificate:

• storing the certificate inside the CWA
• keeping a copy of the printout in your physical wallet or pockets

All solutions or workarounds in this thread should be used at your own risk and are not endorsed by the CWA team.

---

Corona-Warn-App Open Source Team

[jucktnich]

If the CWA implemented this feature, this would mitigate the risk of being uploaded to untrusted servers, so it's better than using third party apps.

[tobsen]

@heinezen For me the bigger privacy risk is an unlocked phone to show it and that I maybe hand over to someone who wants to scan the QR code.

[iMonZ]

German Logic:

CWA with Apple wallet support = privacy risk Luca app where nearly every privacy expert says that this is a privacy mess and you shouldn’t use it = funded from the states (bundesländer) This example can be continued endlessly

@heinezen For me the bigger privacy risk is an unlocked phone to show it and that I maybe hand over to someone who wants to scan the QR code.

+1