Enrico204
commented
3 years ago I can demonstrate you that, even without the source code, everyone is able to modify and build a different version of this app.
You said that you're a cybersecurity consultant. This is a basic concept of cybersecurity. I don't think that you have any cybersecurity skill.
GDPR is not violated in this app, as this app won't save the result. Can the GDPR be violated in other apps? Yes, however there is no way for the maintainer of this app to block others to violate the GDPR.
Everyone can read a QR code and save all data inside a QR code.
Also, a verifier MUST see your data to verify that the EU green pass is valid for your identity. How they are supposed to verify that the QR code that you're using is actually yours?
This issue is full of non-sense.
Lazza
Because the source code is available it may be downloaded, modified, built and installed on a smartphone. The modifications may be done to perform several type of frauds. The main problem is that a person showing his green pass QR to a verifier is not able to distinguish a valid and genuine app by an altered app. So, I think is mandatory to modify/enhance the app in a way to assure it is genuine and its code is not different from the official one. Without this feature this sw is an open door to potentially access and save personal and private data of every italian citizen in violation of privacy and GDPR rules and a facilitation to commit other crimes and frauds.