Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Sensitive data from QR code can be scanned without owner's knowledge
See original GitHub issueAvoid duplicates
- Bug is not mentioned in the FAQ
- Bug is not already reported in another issue
The FAQ says:
Der QR-Code enthält dieselben Daten wie das digitale COVID-Zertifikat der EU. Bei der Überprüfung des QR-Codes mit der CovPassCheck-App werden jedoch nur der Status des Zertifikats, der Name, der Vorname und das Geburtsdatum angezeigt.
The above statement only holds for the official CovPassCheck app, but not for custom-built variants of the same app.
Technical details
- Device name: any
- OS version: any
- App version: any
Describe the bug
It is trivial to modify the CovPassCheck app so that it displays not only the name, transcribed name and birthday, but also the other information contained in the QR code.
Assuming that a owner of a CovPass certificate does not trust the user of “the” CovPassCheck app that the CovPassCheck app is indeed the official version that only displays the above-mentioned limited information, how can the owner of the certificate prove that the certificate is indeed valid, without disclosing the sensitive health information from the QR code to the user of “the” CovPassCheck app?
Should the owner of the QR code ask the user of “the” CovPassCheck app for a proof that the app is downloaded from a verified source? And if so, how can the owner of the QR code be reasonably sure that anything shown on the CovPasCheck phone is trustworthy?
Steps to reproduce the issue
Build CovPassCheck with a modified CovCertificate.birthDateFormatted property that shows the sensitive data from the certificate instead of the birth date.
Expected behaviour
The CovPass app offers different QR codes for typical validation scenarios. Each of these QR codes is digitally signed and contains only the necessary data for the specific kind of validation. Alternatively, the sensitive data is encrypted or protected in another way, to prevent unauthorized disclosure.
Issue Analytics
- State:
- Created 2 years ago
- Comments:11 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
The dutch system is build with these concerns in mind. There are 2 different QR Codes: One for international travel and one for inside The Netherlands only. The dutch QR Code has way more privacy features build in, to name a few:
Here are a few links to the Dutch FAQ for more information:
@rillig thanks for reporting. This topic has already been discussed in various other tickets. It is a known issue and the topic is in discussion with the EU. I don’t have further information on the current state of those discussions but maybe @alexcimander or @molk-ibm know more? Sadly this topic can’t move forward without modifications of the EU COVID Certificate schema. All member states need to agree on a standard that will be used otherwise those certificates will not be valid when traveling in the EU.