Feature description

Show a pass in Wallet on iOS for quick access in certain situations by just double clicking the side- / home button.

For example if in the future the case arises that you need a proof of vaccination for certain places to enter (e.g. restaurants), you could access the vaccination certificate quicker by using the wallet shortcuts than searching the CWA and opening the tab for the certificate there.

Problem and motivation

User acceptance, simplicity of use and speed of processing for entry controls increase.

Is this something you're interested in working on

No

Internal Tracking ID: EXPOSUREAPP-7811

I'd suggest to open this issue in https://github.com/eu-digital-green-certificates/dgca-wallet-app-ios, since I don't expect that CWA will implement any features of the vaccination certificate which the DGCA doesn't have.

I do think, that the scanning implementation should be done by the dgca (if it's even possible), but the CWA could add a wallet card by its own.

This is now also tracked in eu-digital-green-certificates/dgca-wallet-app-ios#69.

Please note that having to unlock the phone for opening the app and potentially handing out the phone is a privacy issue (reading mails, photos).

On the other hand, when the vaccination certificate is in the ios wallet, the vaccination information (owners name?) can be accessed by anybody with access to the phone (without need to unlock).

FYI Digitaler-Impfnachweis/certification-apis#37

As title of this feature-request says that vaccination certificates should be possible to import into Apple Wallet I would like to mention that also the (negative) results of rapid antigen tests could (and should) be able to import into Wallet too.

As I think much of the background-processes for creating the wallet passes would be similar, I don't want to create an additional feature-request, with this fairly similar topic, but maybe the rapid test results could be tracked in this thread too.

As title of this feature-request says that vaccination certificates should be possible to import into Apple Wallet I would like to mention that also the (negative) results of rapid antigen tests could (and should) be able to import into Wallet too.

As I think much of the background-processes for creating the wallet passes would be similar, I don't want to create an additional feature-request, with this fairly similar topic, but maybe the rapid test results could be tracked in this thread too.

I like your proposal as it would further more improve access speed to the information. Also, Apple Wallet Cards have a "expiring" timestamp AFAIK (See "expirationDate" here)so they could also be deleted/invalidated automatically.

I would consider creating a new issue. Your proposal is requesting changes in an other module. Therefore it has no direct connection to this issue.

Wouldn't any app that lets your create Apple Wallet Passes be sufficient for solving this problem? There are multiple apps that can create wallet passes from any qr-code (or barcode) you give them. And in the end the qr-code you receive after your vaccination is just that - a qr-code. 🤔

For your information: eu-digital-green-certificates/dgca-wallet-app-ios#69 (comment) says:

Unfortunately, this is a security and privacy concern, as already discussed in the CWA GitHub. As this would allow the QR code to be visible without any sort of user validation / passcode. We have discussed this internally and came to the conclusion to not implement it because of the security concerns and that it is out of scope.

So I would not expect any development on this, sorry.

For your information: eu-digital-green-certificates/dgca-wallet-app-ios#69 (comment) says:

Unfortunately, this is a security and privacy concern, as already discussed in the CWA GitHub. As this would allow the QR code to be visible without any sort of user validation / passcode. We have discussed this internally and came to the conclusion to not implement it because of the security concerns and that it is out of scope.

So I would not expect any development on this, sorry.

@Ein-Tim you probably could add a disclaimer that privacy is not ensured by using this feature.

Otherwise what I'm asking myself now, the privacy is also not ensured when a user is using a device not secured by any passcode / biometric authentication. Or am I wrong here?
Therefore a user with no passcode should not be allowed to use the vaccination / rapid test features, right?

@kevin-kraus

Since I'm also only a community member, I suggest that you add your comment to eu-digital-green-certificates/dgca-wallet-app-ios#69.

Otherwise what I'm asking myself now, the privacy is also not ensured when a user is using a device not secured by any passcode / biometric authentication. Or am I wrong here?
Therefore a user with no passcode should not be allowed to use the vaccination / rapid test features, right?

I think the difference here is that the user can protect his vaccination certificate & rapid tests in the app if he wants to, but he can't protect the Apple Wallet even if he wants to...

Edit: Apparently I was wrong with that, see eu-digital-green-certificates/dgca-wallet-app-ios#69 (comment).

@muuuh 1. You can disable access from Lock Screen and 2. you can only access cards which work with Apple Pay from the lockscreen https://support.apple.com/en-us/HT204003

Okay from the comments that I'm seeing in eu-digital-green-certificates/dgca-wallet-app-ios corona-warn-app/cwa-wishlist#69 there will be no implementation of this feature in the EU context. Otherwise will it still be implemented in the CWA? Because I cannot see any direct links between the whole EU-Certificate stuff and the CWA. Even if the EU don't want to implement it, doesn't necessarily mean that it won't be integrated into CWA.

I think that it will make a good impact for faster usage of the vaccination certificate. Even today we can see that the certificate will be needed to provide proof in more and more places daily (restaurants, events etc.). The CWA only displays the vaccination QR code. Therefore it should be relatively easy to just copy that QR-Code and insert it into a wallet pass.

Regarding the security/privacy issues I think we should give the user a explicit warning that private data could be exposed if they are using no passcode or do not turn off "Access to pass on lockscreen" in the settings. After checking that they have read the risk warning and accept the risk the user should have the choice to use the feature or not. Please stop the paternalism regarding privacy. If the user knows about the risk they should be in control if they accept it or not.

So, can we expect an implementation in CWA? @maugst

@jucktnich

I wrote:

Please note that having to unlock the phone for opening the app and potentially handing out the phone is a privacy issue (reading mails, photos).

On the other hand, when the vaccination certificate is in the ios wallet, the vaccination information (owners name?) can be accessed by anybody with access to the phone (without need to unlock).

You wrote:

@muuuh 1. You can disable access from Lock Screen and 2. you can only access cards which work with Apple Pay from the lockscreen https://support.apple.com/en-us/HT204003

Don't get me wrong. I'm in favor of an option to show the vaccination status in Apple Wallet.

I wanted to point out that both in terms of implementation and non-implementation you can argue with "data protection"/security (i.e. confidentiality).

I think that a conscious setting is necessary in which the user is again made aware of the consequences. With that, it should then be sufficient.

Still, I consider an implementation through third-party apps (unsure if the qr-code format fits) or saving the QR code as lockscreen background as a workaround.

@muuuh Dunno why i wrote this 😅

@kevin-kraus

I would consider creating a new issue. Your proposal is requesting changes in an other module. Therefore it has no direct connection to this issue.

As there are currently discussed mainly the privacy concerns and possibilities of integrating the support of Apple Wallet in general I'am refraining from creating a second issue for rapid tests as it would be very similar topic, until a final decision regarding this topic in general is made.

But maybe we could keep the possibility of integrating rapid tests in a similar way too it the back of our minds.

It would be great if we could clear this up quickly! It’s already pretty late for this feature and if we wait further maybe we don’t need it anymore.
I just don’t see any progression. But vaccinations and negative tests should be in the apple wallet or if this doesn’t work at least as an Apple Watch app!

I chime in here! Would be a HUGH step towards broad anticipation! double-plus-thumbs-up

But honestly, if it's not possible to show the QR-Code from the Lock Screen via Apple Wallet (see eu-digital-green-certificates/dgca-wallet-app-ios#69 (comment)) then I don't see a benefit that huge...

Still it would be nice to have!

Edit: Maybe that with the Lock Screen is maybe not true, investigating...

FYI: If you want your QR-Code in your Apple Wallet now, take a look at: https://twitter.com/kkrdvc/status/1404418854231674885

You can choose if can access the wallet when the device is locked.
Here is a screenshot of the setting for it

@Ein-Tim the benefit would be fe that you can use the pass on the watch

@Nils-witt afaik that's still not possible with cards not using Apple Pay and you also don't have triggers which would lead the pass to appear on the lockscreen as a message

Yes, there is no notification or similar to direct access a specific card in this case. But with double click on the home button the wallet requires biometrics(depending on your settings) before it shows any cards and then you can browse all of your cards.

EDIT: The switch for "Wallet" enables the biometric requirement (in the picture: it is disabled)

Hello everyone,

This feature request has been declined and will not be pursued further. We have decided against this feature because of the legal restrictions and drawbacks regarding the privacy of the stored data.

Corona-Warn-App Open Source Team

If the dgca team decides to implement it, would this still be declined?

Hello everyone,

This feature request has been declined and will not be pursued further. We have decided against this feature because of the legal restrictions and drawbacks regarding the privacy of the stored data.

Corona-Warn-App Open Source Team

What’s with negative tests? If there is no name or identity?

Hello everyone,

This feature request has been declined and will not be pursued further. We have decided against this feature because of the legal restrictions and drawbacks regarding the privacy of the stored data.

Corona-Warn-App Open Source Team

Can you explain that further please?

I said this at the dcga-app too, I can't understand the decision and I'm disappointed.

And as you can see on the frequency of interaction, this feature is highly requested by iOS-users.

And so that's the point where my story with the CWA ends, and for the certificates will never begin.

I don't see me cluttering my device with multiple apps for certificates, test results and checkin, wich are basically all doing the same.

And because I don't want to support such hypercritical paternalism, where the users will not be allowed to decide on their own, if they want to take the risk.
And as you can't prevent people from finding other ways, if they want to get this into Apple Wallet, this is nothing other than paternalism.

So the only option, and the option I will recommend everyone of my friends and family, is to use third party apps for creating passes, where the passes are generated on unknown untrusted servers abroad, like somebody already mentioned above. But there is no alternative.

As for now, I'm too hoping for Luca-App or other third-party devs, and that they are more user oriented, and so there maybe could be a chance that they implement it.

I said this at the dcga-app too, I can't understand the decision and I'm disappointed.

And as you can see on the frequency of interaction, this feature is highly requested by iOS-users.

And so that's the point where my story with the CWA ends, and for the certificates will never begin.

I don't see me cluttering my device with multiple apps for certificates, test results and checkin, wich are basically all doing the same.

And because I don't want to support such hypercritical paternalism, where the users will not be allowed to decide on their own, if they want to take the risk.
And as you can't prevent people from finding other ways, if they want to get this into Apple Wallet, this is nothing other than paternalism.

So the only option, and the option I will recommend everyone of my friends and family, is to use third party apps for creating passes, where the passes are generated on unknown untrusted servers abroad, like somebody already mentioned above. But there is no alternative.

As for now, I'm too hoping for Luca-App or other third-party devs, and that they are more user oriented, and so there maybe could be a chance that they implement it.

Thanks!
Actually I avoided the Luca app completely and just used the CWA app but with that feature they could bring me in.
I still don’t understand why we have two separate apps that get paid twice.

If the dgca team decides to implement it, would this still be declined?

@jucktnich I think eu-digital-green-certificates/dgca-wallet-app-ios#69 was declined for the same reasons, but I was not involved in making the decision, so there could be other reasons. I can ask for further details about the decision, although most of the arguments presented in the DGC issue probably also apply here.

Corona-Warn-App Open Source Team

@ezadoo

So the only option, and the option I will recommend everyone of my friends and family, is to use third party apps for creating passes, where the passes are generated on unknown untrusted servers abroad, like somebody already mentioned above. But there is no alternative.

Please do not recommend unsafe solutions on other services to others, especially if you know they are untrusted.

You can criticize our decisions as much as you want. That is totally okay and encouraged. What I think is not okay is to tell others to use a solution with even more privacy concerns because you don't agree with a decision that was made. Especially if there actually is an alternative, which is to store the certificate in the CWA.

Corona-Warn-App Open Source Team

I made now my own implentation for Apple Wallet. If CWA and CovPass would note integrate Apple Wallet, i have no other possibility.

The decission is very bad and in my opinion wrong, but that's now not my problem.

@heinezen the issue is on the dgca side in a Schrödinger's cat state

@heinezen

I don't see a problem there, it's your decision, what features you are implementing in the app.

But this is a feature that, as you can see on the interaction frequency on issues with this topic, is highly requested by iOS users.
And there are apps wich solve this issue.

That apps are not untrustworthy in general, many of them have been in the AppStore for years and have really good ratings and many users.

But as the passes have to be generated on the backend servers, as they have to be signed as a technical requirement from Apple to work in Wallet, nobody can say what really happens on this servers and that the passes are not stored there forever.
We have no hints that indicate something like that, but as the apps are closed source, you have no choice than trusting the developers.

And I personally can't and won't recommend solutions wich I personally don't use and when there are, from an feature and usability standpoint, better solutions for this topic.

And as there are no technical reasons for preventing the support for Apple Wallet, I see no reason for recommending people laborious solutions for this topic.

And as I said, only because you treat your users like childs, you won't stop users from doing something that they want to use and they will find a way for doing so.
It's not the question if they are doing it, rather than with wich app they are doing it.
You had the chance to prevent users from doing so, by providing an official and trusted way for doing that, but you chose that you know better than the users themselves, what they need and that they are not able to choose on their own.

Reopened for documentation purposes and avoiding duplicates.

@dsarkar Thanks. Please apply the wontfix label here.

Dear all!

We have seen this in the past already: Initially declined feature requests have been reassessed afterwards and have been implemented eventually. So, everybody is of course invited to continue to contribute (ideas, discussion, analysis, ...) to this (and all other) issue.

Corona-Warn-App Open Source Team

Hello everyone,

In the last few days I worked on another app with wallet passes and here is how you create passes and distribute them to the user (as I understood it):

1. You need an template for the pass(no user data and only stored on the server) and the signing certificate from apple

2. Creating the pass (Only on the Server) and singing it + save it on the server

3. Bringing the pass to the end user through the app (Direct communication between the app and the backend; no apple servers)

4. saving the pass into the wallet with user interaction required. When the user has iCloud active for the wallet, the iPhone uploads the pass into iCloud(I think it is encrypted)

5. (Optional) Updates to the pass with APNS over Apple servers.

I don't think updates are necessary except for revoking the passes.

If you don't wanna share your data OUTSIDE the EU, you can use this one here:

https://coronapass.fabianpimminger.com

It will not store any data and will still give you the certificate for the wallet.

Didn't try it for other countries yet, but you can give feedback here. Perhaps fabs is willing to extend this feature.

If you don't wanna upload your certificate, you could use my instructions:

https://github.com/Hanashi/impfzertifikat-wallet

As the solution from Fabian Pimminger is already mentioned, the people responsible for the rejection of this feature request should have a look at the responses in the media.

As there is stated that a single developer can develop and provide a proper solution in the time of just 6 hours, and the official authorities are not able to.

Can someone please test if this solution is working with the german certificates too?

I just tried Fabian's soulution but in Germany you don't get an PDF, so I used an screenshot but got an 500 error.

@ezadoo

So the only option, and the option I will recommend everyone of my friends and family, is to use third party apps for creating passes, where the passes are generated on unknown untrusted servers abroad, like somebody already mentioned above. But there is no alternative.

Please do not recommend unsafe solutions on other services to others, especially if you know they are untrusted.

You can criticize our decisions as much as you want. That is totally okay and encouraged. What I think is not okay is to tell others to use a solution with even more privacy concerns because you don't agree with a decision that was made. Especially if there actually is an alternative, which is to store the certificate in the CWA.

Corona-Warn-App Open Source Team

As long as the CWA/CovPass team cannot get permission to publish your apps in the US (i.e., global) app stores, alternatives are needed and will be found. The SwissCovid app fills the contract-tracing gap in a reputable way (consider marketing it so people don’t install whatever dodgy app “Germany covid app” turns up) but now people are stuck without a good way to keep their digital Impfpasses. (Yes, person who keeps chiming in about keeping a second Apple ID, we realize you are very clever and we are very dim, but many of us live in the real, messy world and are seeking solutions that are sustainable for the real people living there.)

@ezadoo stated that a developer could build that feature in 6 hours, i wanted to see if it is really that easy and fast. So an afternoon later: Yes, it is.
It´s an pretty simple Node.js implementation: https://github.com/Nils-witt/VacxPass-Server

@heinezen

I just read an article about the vaccination certificate in Apple Wallet on an Apple-specific website.

https://www.iphone-ticker.de/impfnachweis-im-apple-wallet-derzeit-nur-ueber-umwege-176199/

And they are already recommending the mentioned third-party apps for creating passes wich work with Apple Wallet, as the official Apps are not willing to integrate support for Apple Wallet.

And so many other people are going to use the third-party apps.

And a also recommend reading the comments under the article to see how many iOS-Users are requesting this feature and how the mood about the decision is.

@ezadoo @Nils-witt @riconeitzel @amandadebler

We do not recommend storing the certificate in the Apple Wallet due to privacy risks involved. Whether the CWA implements the feature does not change the risk here. This is the reason why the feature was rejected in the first place.

You can still use other methods than Apple Wallet to store the certificate:

• storing the certificate inside the CWA
• keeping a copy of the printout in your physical wallet or pockets

All solutions or workarounds in this thread should be used at your own risk and are not endorsed by the CWA team.

Corona-Warn-App Open Source Team

If the CWA implemented this feature, this would mitigate the risk of being uploaded to untrusted servers, so it's better than using third party apps.

@heinezen For me the bigger privacy risk is an unlocked phone to show it and that I maybe hand over to someone who wants to scan the QR code.

German Logic:

CWA with Apple wallet support = privacy risk
Luca app where nearly every privacy expert says that this is a privacy mess and you shouldn’t use it = funded from the states (bundesländer)
This example can be continued endlessly

@heinezen For me the bigger privacy risk is an unlocked phone to show it and that I maybe hand over to someone who wants to scan the QR code.

+1

For everyone interested in my little project:
It´s now working well with my certificates and has now a client app:
https://github.com/Nils-witt/VacxPass-iOS

All development in those repos took around 12 hours (+/-).

@ezadoo stated that a developer could build that feature in 6 hours, i wanted to see if it is really that easy and fast. So an afternoon later: Yes, it is.
It´s an pretty simple Node.js implementation: https://github.com/Nils-witt/VacxPass-Server

I developed a small web app, which lets you add your certificates as a pass: CovidPass. It is developed in accordance with the GDPR and is hosted in Germany. Feel free to contribute

We do not recommend storing the certificate in the Apple Wallet due to privacy risks involved. Whether the CWA implements the feature does not change the risk here. This is the reason why the feature was rejected in the first place.

You can still use other methods than Apple Wallet to store the certificate:

• storing the certificate inside the CWA
• keeping a copy of the printout in your physical wallet or pockets

All solutions or workarounds in this thread should be used at your own risk and are not endorsed by the CWA team.

Corona-Warn-App Open Source Team

How is carrying a copy of the printout any different / more secure than having the certificate exported into the wallet app? It contains the same QR code so I don't really get why you would suggest this as a viable alternative while denying the wallet export due to privacy issues.

@heinezen For me the bigger privacy risk is an unlocked phone to show it and that I maybe hand over to someone who wants to scan the QR code.

+1

@heinezen For me the bigger privacy risk is an unlocked phone to show it and that I maybe hand over to someone who wants to scan the QR code.

You can unlock your phone and keep it in your hands while the QR code is scanned.

Corona-Warn-App Open Source Team

When we are already talking about hypothetical choices, we should consider the possibility to disable the Wallet access from the lockscreen in the same way.

Also if you search in Google for the search term "Impfpass Apple wallet", etc you are getting already a huge amount of results from big news- and tech-websites wich are promoting all the mentioned apps and so the interest in this feature and the amount of users for this solutions will grow in the future.

@heinezen For me the bigger privacy risk is an unlocked phone to show it and that I maybe hand over to someone who wants to scan the QR code.

You can unlock your phone and keep it in your hands while the QR code is scanned.

Corona-Warn-App Open Source Team

Even for ApplePay you are sometime required to give your phone to a person behind plexiglass so that the person holds it to the payment device. So handing a completly unlocked device to a person that could even run away with it is more a security issue than having the vaccination certificate in the wallet. Even the apple emergency pass is able to be shown on locked phones with even more sensitive information.

Since there are websites propagating the use of third party apps or websites you should really provide a safe implementation. Using thrids party apps or websites is an issue for the whole pandemic as, when certificate is needed to be uploaded, a thrid party company can collect many certificates and sell them or whatever and many people checking the certificate skip the fact that they should compare the certificate data against an ID.

@heinezen For me the bigger privacy risk is an unlocked phone to show it and that I maybe hand over to someone who wants to scan the QR code.

You can unlock your phone and keep it in your hands while the QR code is scanned.
Corona-Warn-App Open Source Team

Even for ApplePay you are sometime required to give your phone to a person behind plexiglass so that the person holds it to the payment device. So handing a completly unlocked device to a person that could even run away with it is more a security issue than having the vaccination certificate in the wallet. Even the apple emergency pass is able to be shown on locked phones with even more sensitive information.

Since there are websites propagating the use of third party apps or websites you should really provide a safe implementation. Using thrids party apps or websites is an issue for the whole pandemic as, when certificate is needed to be uploaded, a thrid party company can collect many certificates and sell them or whatever and many people checking the certificate skip the fact that they should compare the certificate data against an ID.

That’s not true!
The device stays in the hands of the owner.
And only the owner will put the device on the payment device and no one else.
I don’t know where you are but payment devices should always be outside of the glass.
It’s the same thing you don’t give your wallet to the cashier and say: „take out the money“ if you pay with cash

That’s not true!
The device stays in the hands of the owner.
And only the owner will put the device on the payment device and no one else.
I don’t know where you are but payment devices should always be outside of the glass.
It’s the same thing you don’t give your wallet to the cashier and say: „take out the money“ if you pay with cash

That is real world experiance and also happens with credit and giro card. Of course, it should not happen, but it happened and still happens to me, so your statement "That’s not true!" is wrong, I wouldnt come up with it if it does not happen ;-)

That’s not true!
The device stays in the hands of the owner.
And only the owner will put the device on the payment device and no one else.
I don’t know where you are but payment devices should always be outside of the glass.
It’s the same thing you don’t give your wallet to the cashier and say: „take out the money“ if you pay with cash

That is real world experiance and also happens with credit and giro card. Of course, it should not happen, but it happened and still happens to me, so your statement "That’s not true!" is wrong, I wouldnt come up with it if it does not happen ;-)

In which area do you live? I have never seen that kind of sad actions.

@iMonZ same here, some terminals can't be accessed, since there's a Plexiglas in between

Since the feature is still declined and the situation regarding the IOS wallet has not changed so far, we will close this issue again. We will reopen the issue if a solution has been found.

Corona-Warn-App Open Source Team

That’s not true!

The device stays in the hands of the owner.

And only the owner will put the device on the payment device and no one else.

I don’t know where you are but payment devices should always be outside of the glass.

It’s the same thing you don’t give your wallet to the cashier and say: „take out the money“ if you pay with cash

That is real world experiance and also happens with credit and giro card. Of course, it should not happen, but it happened and still happens to me, so your statement "That’s not true!" is wrong, I wouldnt come up with it if it does not happen ;-)

In which area do you live? I have never seen that kind of sad actions.

True story at the vaccination center for my first jab in Bavaria:
I had to hand over my iPhone for scanning the registration, because the scanner cable was too short. So the iPhone was completely unlocked behind the glasses.

That’s not true!

The device stays in the hands of the owner.

And only the owner will put the device on the payment device and no one else.

I don’t know where you are but payment devices should always be outside of the glass.

It’s the same thing you don’t give your wallet to the cashier and say: „take out the money“ if you pay with cash

That is real world experiance and also happens with credit and giro card. Of course, it should not happen, but it happened and still happens to me, so your statement "That’s not true!" is wrong, I wouldnt come up with it if it does not happen ;-)

In which area do you live? I have never seen that kind of sad actions.

True story at the vaccination center for my first jab in Bavaria:
I had to hand over my iPhone for scanning the registration, because the scanner cable was too short. So the iPhone was completely unlocked behind the glasses.

Exactly, I've experienced this too, also from both sides.
As I did the checkin myself, I've experienced this problem multiple times.

But this case doesn't exist in the minds of the developers here stakeholders like BMG and RKI, neither does the option to disable the wallet access from lockscreen.

//corrected the responsibility

Dear @ezadoo, dear community.

We will come back to this thread with any news if there should be any new development regarding this issue, and of course in the meantime feel free to continue the discussion here. Just for clarification: The developers do not decide which features will be implemented. This is to be decided by several other stakeholders, amongst them BMG and RKI.

Corona-Warn-App Open Source Team

@dsarkar & @heinezen

Could you please let us know why exactly this feature has been declined? The reason @heinezen gives in #2965 (comment) is a very general one.

Is the problem here also the accessibility from the lock screen?

https://www.computerbild.de/artikel/cb-News-App-Check-iOS-15.1-Impfnachweis-wandert-in-die-Wallet-30805397.html

@iMonZ Please see corona-warn-app/cwa-wishlist#646 (comment) and what's written in the article:

Einen Haken hat die Sache aber wohl: Derzeit testet Apple das Feature nur mit Zertifikaten, die man in den USA ausgibt. Und die unterscheiden sich von denen, die wir in Deutschland als Impfnachweis in der Apotheke erhalten. Ob zum Launch von iOS 15.1 auch deutsche Impfnachweise in der Wallet Unterstützung finden, steht nicht fest.

According to Apple (https://developer.apple.com/news/?id=7h3vwlh5) only SMART Health Cards are able to use this feature. So this feature is useless for Europe at the moment.

As it come to my attention that it is now possible to export the Certificate as pdf and a note that the pdf contains sensitive personal data and it should only be shown to authorized personal.

And I want to ask the same question that Ein-Tim asked regarding this topic elsewhere:

I don't understand why it isn't possible to just add a similar note and let the user add the DCC in their wallet. There is literally no difference to the PDF which can be created, the user could set it as their wallpaper on the Lock Screen and the app can't do anything against it. Still this feature was implemented while the wallet integration was declined...

Why is this from a privacy standpoint not a problem, and why isn't a similar note displayed and sufficient for a the Wallet-integration?

With the PDF Feature the decision here simply seems like hypocrisy.

It’s very stupid saying that every one can see your private information. Because all people who want to see my certificate can make a Foto of it when they say they will check it. And When you loose your phone you can disable it with find my.

I wonder if official support for vaccination cards released in iOS 15.1 is going to change the stance on this feature request.

@nikolaykasyanov

Please see my comment above: #2965 (comment)

If you search for an official way to add your certificates to the Apple Wallet, I recommend https://github.com/GreenPassApp (Link to the App Store).
It's an official app from the Austrian Red Cross.

@Ein-Tim that was an awesome hint! The CWA could do it the same way as GreenPassApp asks you if you really want to add the pass to your wallet because it needs to be send to their server. This way the user can decide on its own.

Isn’t there someone who can publish an modified version of the cwa with the wallet feature implemented to show the dev team an solution?

Looks like this can be easily done even with a web app:

https://covidpass.marvinsextro.de/de-DE

Disclaimer: I have no affiliation with the operator of that site and I cannot verify whether it's secure and trustworthy.

Also possible via the TK App of the "Techniker Krankenkasse" health insurer:

https://www.tk.de/techniker/leistungen-und-mitgliedschaft/online-services-versicherte/tk-app-2027886

What is the process to get this feature reconsidered?
The attack vector of “someone unauthorised can access the certificate” is, as other have pointed out, not a real one:

1. What information can be extracted?
2. How can this information be used against the victim?
3. What does the attacker need to achieve in order to carry out the attack?
4. What are the risks involved with the suggested solution?
5. What are the risks involved with a comparable attack scenario when the proposed solution is not implemented?

Question 1:
The certificate encodes full name, date of birth, date(s) and make(s) of vaccine or date(s) when infection(s) was/were diagnosed, as well as the issuing authority.
The certificate does not include information about the nationality/nationalities, place of birth, place(s) of residence or other personally identifying information.

Question 2:

• The combination of full name and date of birth can often (but not always) be used to find more personally identifying information, such as place of birth, places of residence, etc. All of this data could be used for stalking or doxxing the attack victim. Some of such data might be used to gain access to the victim’s accounts via social engineering.
• The date(s) and/or make(s) of vaccination could be used to undermine the victim’s standing, if (e.g.) it is a public figure. (Queue jumping, being vaccinated at all, artificially delaying vaccination, getting a vaccine not destined for the victim’s demographic at the time, etc.)
• The date(s) of previous diagnosed infection(s) can be used to discriminate against the victim e.g. when applying for a job or an insurance.

Question 3:
In order to carry out the attack, the attacker has to come into physical possession of the (potentially unattended) device of the victim. They have to invoke Wallet (double tap on home or sleep/wake button), select the pass added by CWA, and scan/take a photo of the QR code.

Question 4:
The suggested solution of giving the user the option, to add a vaccination certificate to Wallet, allows an attacker with physical access to the victims device to capture the information detailed under 1. If the device is left unattended, this can happen without the victim noticing the attack.

Question 5:
Except for the chance of capturing the extractable data without the victim noticing the attack when the device is left unattended, all negative outcomes already exist today, without implementing the proposed solution. In addition, though, forcing users to unlock their devices in order to access the certificate QR code has risks of its own:

• Users will be tempted to use weaker Passcodes for easier access to the certificate at the point of contact.
• The passcode can be spied on, giving an attacker unrestricted access to all on-device data, even exposing other passwords, (through keychain) and OTP two factor authentication codes.
• An unlocked device can be snatched out of the user’s hands, giving the thief unrestricted access to most device data.

I think the last point makes an immensely strong case, that not implementing the proposed solution of opt-in support for adding a vaccination certificate to Apple Wallet actually creates a larger attack surface, with more severe consequences for the attack victim, than not doing so.
Further, with the feature being opt-in, every user can do their own risk assessment, and come to a conclusion on whether or not this risk is worth the benefits on their own.

I have the strong impression that we blow hypothetical risk scenarios way out of proportion here. We can have a look at existing implementations that have Wallet integration for the very same passes (GreenPass App, TK app, various web services) and see that those things are not an issue.

The functionality is optional (and can't be non-optional, in iOS a pass can only be added to the wallet with user consent) and the users have additional full system control over the wallet being accessible in the locked state. However they have the true benefits of not having to unlock their phone for their passes (that is a security plus in my book…). And in case they have a watch they sync passes with, that makes a good backup in case the phone runs out of battery. With the added importance of the pass these days, this is a huge plus.

With other apps already having wallet integration with, to my knowledge, none of the issues considered here, it is hard to explain why the CWA doesn't do this. I am strongly for reopening the issue.

If I had time, I would open an Online Partition for CWA implementing apple wallet, but I don't :-(

What's the privacy concern anyways? If I lose the printed paper, everyone can see all my data just fine and I don't even have the option to remotely delete it.

By the way, there are already services that allow you to import your certificate into your wallet, and yes, it is accessible from the Lock Screen without unlocking the phone (tried it myself).

And yes, I would prefer if this was possible right from the covid app, not only for vaccination certs but also for test results that got imported into the app :)

https://www.heise.de/ratgeber/Tipp-Corona-Impfausweis-im-Apple-Wallet-auf-iPhone-hinterlegen-6283647.html

Update: Didn‘t see the previous comments that mentioned this already, but still want to point out it would be nice to have this feature also for tests

@dsarkar So is there a plan to implement this feature?

@abrenner94 Currently there is plan to implement this feature.

EDIT: So sorry, typo:

Currently there is NO plan to implement this feature. It had been declined in the past due to privacy concerns. However, it might be reevaluated at some point.

@dsarkar

There is plan to implement this feature OR there is no plan to implement this feature?

If this will be implemented, please reopen this issue.

What privacy concern? It’s absolutely safe, some people have the QR code on a peace of plastic in their pocket. And other countries are implementing this, you don’t implement this, because you are to lazy I bet, and the money the government spend is not enough for you.

Dear @GamerHD007,

Thanks for your comment. In general, the decision which features are implemented lies not the competence of the development team, but other stakeholders, which involve several governmental entities.

Then this topic should be discussed again with the different stakeholders and governmental entities.
Because if an PDF-Export is no privacy-concern with an displayed warning, then the same should be applied to the Wallet too.

@dsarkar Was the topic discussed and declined as Wallet Integration in general or only regarding the vaccination certificate?
As it becomes again more relevant to have a covid-test, and an test result contains less private (health) data, would it be necessary/useful to create an different issue for the Wallet Integration for covid-tests, so this Test topic could be discussed officially?

It's the hobbyist lawyers of the RKI again.

In general, the decision which features are implemented lies not the competence of the development team, but other stakeholders, which involve several governmental entities.

@dsarkar can you please let us know whom we need to petition in order to get the decision not to implement this functionality re-evaluated?

I have outlined above, how the lack of this functionality actually puts users of “Corona Warn App” at risk, and I’m happily volunteering to elaborate and discuss this point directly with the stakeholders in opposition to adding the functionality.

I think the responsible person is from the Rki. The contract page is here:
https://www.rki.de/DE/Service/Kontakt/kontakt_node.html;jsessionid=6632B869771DA5B1EE1C1582E80F008D.internet081

But in my opinion, it would also helping if we would at least get a Apple Watch app, because it would complied with the „very good“ privacy understanding of the rki.

@Gernot

I have the strong impression that we blow hypothetical risk scenarios way out of proportion here. We can have a look at existing implementations that have Wallet integration for the very same passes (GreenPass App, TK app, various web services) and see that those things are not an issue.

You nailed it!
There is a german phrase for it. "Der Markt regelt"

Your comment applies to the CovPassCheck-App, too.

Just look at this issue

This issue is once again a prime example of why digital progress in Germany takes forever or doesn't happen at all. Germany destroys its own progress far too often with nonsensical data protection rules.

@kevin-kraus Not exactly. There are scenarios where data protection is good and can be well integrated and regarded. But people still "protest" against them. This here, however, is indeed over exaggerated. The problem is: if it goes to court. there are only two outcomes: right or wrong. So the risk is quite always quite high.

@treysis But where's the data protection issue with the potential Wallet integration?

As it wouldn't be mandatory and the user would have to decide proactively to use this feature, if a similar notice as seen with the pdf export is shown.

So data protection seems to be used simply as "killer argument".

Theoretically the argument that Wallet passes are by default synced via iCloud could be used, however, if I store the exported PDF in the iCloud the app can't do anything against it.

So besides of "The certificate would be available on the lockscreen thus other people with physical access to your device could scan the certificates QR code and steal your certificate", I don't see other good arguments against this feature.

But everyone else (in a shop or restaurant) scanning the certificate could do the same, which is why the certificate doesn‘t say much without checking the ID card…

@Ein-Tim Yes. And the access from lockscreen without password can also be deactivated, if you disable the double-click in the settings.

Good News everyone!

iOS 15.4 Beta 1 added support for EU digital Covid Certificates in the wallet app. See iOS & iPadOS 15.4 Beta Release Notes:

Verifiable health records now support adding vaccination records in the EU Digital COVID Certificate (EU DCC) format to the Wallet and Health apps. (79917344)

h/t @achisto

FYI @dsarkar, I suggest you transfer this info to the internal ticket.

Good News everyone!

iOS 15.4 Beta 1 added support for EU digital Covid Certificates in the wallet app. See iOS & iPadOS 15.4 Beta Release Notes:

Verifiable health records now support adding vaccination records in the EU Digital COVID Certificate (EU DCC) format to the Wallet and Health apps. (79917344)

h/t @achisto

FYI @dsarkar, I suggest you transfer this info to the internal ticket.

Awesome! Thanks for the info!

Good News everyone!

iOS 15.4 Beta 1 added support for EU digital Covid Certificates in the wallet app. See iOS & iPadOS 15.4 Beta Release Notes:

Verifiable health records now support adding vaccination records in the EU Digital COVID Certificate (EU DCC) format to the Wallet and Health apps. (79917344)

h/t @achisto

FYI @dsarkar, I suggest you transfer this info to the internal ticket.

Just before everyone updates to iOS 15.4 Beta 1:

You can't add them to your Wallet app right now as only verrified records can be added and the verification isn't working right now.

Good News everyone!
iOS 15.4 Beta 1 added support for EU digital Covid Certificates in the wallet app. See iOS & iPadOS 15.4 Beta Release Notes:

Verifiable health records now support adding vaccination records in the EU Digital COVID Certificate (EU DCC) format to the Wallet and Health apps. (79917344)

h/t @achisto
FYI @dsarkar, I suggest you transfer this info to the internal ticket.

Just before everyone updates to iOS 15.4 Beta 1:

You can't add them to your Wallet app right now as only verrified records can be added and the verification isn't working right now.

Let's try to fix them, dear cwa team!

But actually, what do they mean with verified?
If Apple uses the same servers as cwa(RKI) then a scan of the QR code should be enough for verifying, right?

Someone has a documentation to this topic?