Do not show information about vaccination certificate and just show QR Code

[benzman81]

Current Implementation

The app shows information about vaccination state, person name and birth date, and number of shots etc.

Suggested Enhancement

Do not show the information anymore to force validation via QR code (CovPass Check or similar).

Expected Benefits

Currently, literally just a few to almost no one checks the QR code when validating the vaccination state. Even the passport is not always checked.

Real world is like the following: „Please show me your vaccination state“ „Ok, here“ (opening the app presenting the QR code) „Could you you click on the code for the details?“ „OK“ (clicking to go to details) „Could you please scroll down a bit so that I see the number of shots“ (even that happens seldom) „Here we go“ (scrolling down) „Please come in“.

This or similar happens to me and others all the time. So I actually dont even need to be vaccinated and can just use a screenshot from someone else. Going further I could change name and birthdate using a photo editing software and all will be fine since no one validates the QR code.

That is why I wouldnt show any information about the vaccination state to force everyone to scan and validate the code. I dont get why everyone hypes the fact, that there are fake QR codes around since it is much simple to enter a 2G or 3G event just by using an edited screenshot 🤷🏼‍♂️

---

Internal Tracking ID: EXPOSUREAPP-10546

[vaubaehn]

Somewhat related discussion in Switzerland: https://github.com/admin-ch/CovidCertificate-App-Android/issues/295

I strongly support the idea behind this wishlist issue, but I'm mixed, though. As a user, I'd like to see the contents of the DCCs that I stored into my (wallet) app. This may even be obligatory, when I need to handle a number of DCCs (several tests, different vaccination doses etc.). And as long as such data can be displayed through the app, gate keepers will ask to see these data when they refuse to check the QR code with any official check app. In other words: if no detail information about the code can be displayed in the app, handling multiple codes becomes rather impossible for the user.

The best way is probably to promote checking the QR code using a check app massively:

• The politics would need to integrate this into the COVID legislation and require to use a check app and personal ID for matching.
• A media campaign could help to sensibilze venue owners to check the QR codes with check apps ("It's easy to forge/abuse DCCs. Do not trust them just by looking onto them when you want to keep your venue healthy")
• We, the users, can ask venues why they are not using check apps. I started to do that recently, introducing myself as "actively supporting the development of the CWA" (which is obviously not a lie 😁 ) - and that opens doors for a talk quite fast. I could see that some venues still/simply do not know that check apps exist and why it is necessary to scan the code. In other cases the argument to not to use them is: "It just takes too long. We have long qeues here always". Or:"We don't have special/enough devices to do so". I then demonstrate that scanning the QR and matching with ID takes much less time than searching for vaccination doses/name inside the submenus and try to explain that for scanning also a private mobile could be used...

Just my 2 cents.

[benzman81]

@vaubaehn yes, I also see the points. My experience is, that „it takes too long“ or is „more to do“ will win most of the time. Thats why I finally decided to open the issue knowing that there is a huge downside for the user. Maybe you can make a fantasy name setable to a QR code to identify it yourself. Sadly law is just as good as the controlling instance which seems to fail here :-(

[vaubaehn]

@benzman81

Maybe you can make a fantasy name setable to a QR code to identify it yourself. Sadly law is just as good as the controlling instance which seems to fail here :-(

I fully agree. I actually have fantasy names that I can present, as I am still using CWA 2.6.1 without signature validation. I'm just doing so to be able to debug business rules easily. I hope that politics wake up and change legislation accordingly. This probably requires SAP to ask RKI > RKI to ask BMG and BMG to convince federal states. SAP could also initiate a (larger) media campaign via RKI as the publisher. I'm aware that SAP/RKI already doing their best by using social media channels (like @coronawarnapp on twitter), but that's not enough though. And as the users it's probably the best way to demonstrate venue owners how fast and easy scanning is, actually.

P.S: similar arguments are valid for the promotion of CWA's great check-in feature imho.

[benzman81]

Just watched episode 8 (10.11.2021) from german tv show „Zervakis & Opdenhövel Live“. The checked how the certificates are checked by restaurants. Every restaurant that checked the certificate just let the user show the app an no one checked their ID either. The TV show called it „ideal“ (ger. „vorbildlich“), so even they dont know how to check correctly. Right after the test they showed how easy it is to get a fake vaccination certificate from telegram, but this is not even needed when it is not correctly checked. Why is this not communicated more? 3G or 2G does not make any sense this way 🤷🏼‍♂️ Sorry for being a bit emotional…

[MartinH-open]

I support the intention of this request. Sure, certificates need to be verified as well as people need to be indentified. (No way around!) States should enforce this in pandemic times.

Still I propose to expose just the relevant certificate data (as QR-code or other means of data flow). There is no need to display the full name and birthday and other personal data to the verifier if instead the CWA app itself offered a way to check the indentity of the person and compare it against the given certificate. E.g. on request visitors are requested to use their biometric scan (fingerprint or face id per selfie) on their own smartphone to verify that the device regonizes them and only then present the certificate data (QR-code) with information that the owner has just successfully completed the self-identification within <60 seconds before. After such countdown has timed-out the owner needs to redo the biometric scan herself/himself to again display her/his QR-code for scaning. See me for details about this self-identification procedure which would be helpful for very many other apps which today require some identification card and therefore expose personal data which is not really required to be shared.

[Ein-Tim]

@MartinH-open

As the certificate does not contain information about your fingerprint / FaceID, etc., this would not add any layer of security to the whole process, as I still could store the certificate of anyone in my app. The app does not know who I am. So a cross check with an ID card, etc. is still necessary.

Or did I get misunderstand you here?

[MartinH-open]

@Ein-Tim right, the certificate does not contain information about your fingerprint / FaceID. It just contains a set of personal data points that are consider to be good enough (full name and birthday). Such personal data is considered to be verified with your ID card. The proposed procedure works best when in future (perhaps from Dec. 2021 in Germany) the smart eID will become available in some smartphones (using SE = secure elements). If not yet available you could still use an ID card connect via NFC with your smartphone. If CWA supported the identification with your ID card (via NFC or build-in) to open and expose your vaccination certificates then we would be fine here. Else upon time of import of your vaccination certificate the CWA could allow you to protect access to it via some biometric scan. Then only you can present your certificate in future (for some given time like 60 seconds or so. Screen should display the seconds left before time out). This is similar to some banking apps that protect access to transactions via biometric scan.

If real life people with such feature enabled could use the fast lane for "self-check-in" while others need to go thru manual identification and certificate scan which takes far longer. (Sure, if you have certificates for mulitple people (children) on you device each should be protected by it's own biometric scan.)

[Ein-Tim]

@MartinH-open

If CWA supported the identification with your ID card (via NFC or build-in) to open and expose your vaccination certificates then we would be fine here.

Yes, this would work, but consider a) whether this would really be faster than just scanning with CovPassCheck and looking at the ID b) AFAIK, every time the ID is scannend via NFC, there is some sort of security mechanism implemented, like a TAN, etc. This would slow the process down.

[MartinH-open]

@Ein-Tim The idea is to only once register your certificate with your ID card (or smart eID if you have that) and to bind your biometric scan (finger print or face ID) to that registration. (This is one time registration to be done best when you enter a new certificate to CWA) Then when checking-in you just unlock your certificate QR-code using your biometric scan. This will display your certificate data together with the information that you identified yourself just seconds ago. (admission control people can watch you as you identify yourself)

[chstdu]

Although I like the ideas concerning the electronic ID very much, there are many pitfalls (users from other countries, families, smartphones without fingerprint sensor, ...). Thus, we should continue these discussions separately in another issue. Then we can concentrate on the original information issue.

[MartinH-open]

@chstdu - I agree, the focus of my proposal here has a different scope and should be treated independent from the original request here. (I might start a seperate issue for my request some time in future and the reference it from here. I had started looking at similar requests and found this had the best match of all.) BTW - my proposal was meant as an additional option - not to replace the current CWA functionality.

[benzman81]

Yeah, this was kind of drifting into another direction.

I have another idea to get the user to not show the details and the controlling instance to make use of CovPass Check. Before opening the certificate details there should be a popup dialog with a warning hint to NOT show the following details to controlling instance and that they must use CovPass Check. The popup could also contain a QR code to download it for iOS and Android. Now, if a controlling instance wants you to show the details, you can present him the popup that clearly states NOT to show it to them and how to do it the right way.

Same is discussed for CovPass App here https://github.com/Digitaler-Impfnachweis/covpass-ios/issues/62