You can add your COVID vaccination certificate to the Apple Wallet… but should you?
The modern world hurts my brain. Let’s take the news that Apple enables users to store their COVID vaccination certificates in the Wallet and Health apps as an example.
When I first heard about it, I was pumped. Flashing my QR code to enter a restaurant or grab a coffee would be far simpler if it sat in my Apple Wallet. Friends, the time I’d save!
But, of course, the world had something to say about that.
While putting my digital certificate of vaccination in an easy-to-access place is cool… is it safe? And because I can do it, does that mean I should?
Something that seemed simple on the surface is actually a minefield. I wanted some clarity on this issue.
While American users can do so already, it’ll most likely be in April when iOS 15.4 drops that people in Europe will be able to put their corona vaccine certificates into the Apple Wallet. I wanted to know where I stood beforehand, so I got in touch with some security and privacy experts to try and make sense of it all.
Strangely, a number declined to comment, with one of them saying the topic was a “hornet’s nest.”
Thankfully, John Fokker — Head of Cyber Investigations at Trellix — was more than happy to talk to me and shine some much needed light on the issue.
When I asked Fokker about the potential downsides of adding a COVID-19 vaccination certificate to the Apple Wallet, he explained the major issue was about handing over personal health data from a “government controlled platform to a private entity.”
While there are obviously increased usability benefits to such a move, he pointed out that users should be aware of the service’s terms and conditions while uploading this sort of data.
Specifically, it’s not Apple that can access your data, third-party apps can be given permissions to access information on the Health and Wallet apps.
To counter this, Fokker advised digital mindfulness. He told me users had to be “more aware of their own health data” and be “be diligent with giving permission to [the] third-party apps” trying to access it.
Wise advice all around.
The digital driver’s license debate
Last year, a similar discussion arose over Apple’s announcement to allow users to import their driver’s license to the Wallet app. There was substantial backlash over the move, leading to the feature being delayed.
The American Civil Liberties Union (ACLU) released a report saying that digital driver’s licenses would make showing ID more convenient, “and thus easier to ask for.”
On top of this, the ACLU pointed towards digital IDs allowing more “centralized tracking” and, in a worst case scenario, could lead to online activities being tied to “verified, real-world identities.”
In other words, a digital ID sitting in the Apple Wallet could be a privacy nightmare. So, is there a chance similar things could happen with vaccination QR codes?
Looking on the bright side
To answer the question above, yes and no — with the emphasis on the latter.
A vaccination certificate is substantially different to a driver’s license — it needs to be used alongside ID in order for it to be effective. Alone, it proves little.
In fact, a digital corona vaccination certificate sitting in the Apple Wallet has some potential benefits.
Fokker told me such a move could lead to a “more unified approach to development and security standardization.”
Currently, vaccine apps that generate the QR code are the responsibility of separate governments, each with “their own budget and security requirements.” Moving to a platform like the Apple Wallet app could negate this.
In the long term, Fokker told me, one could argue that moving to a platform like this could be safer and more beneficial for the average user.
COVID vaccine certificates in the Apple Wallet app: not a huge concern
To put it bluntly: there are no obvious dangers of moving your vaccine certificate to the Apple Wallet. This does come with a large caveat though, as this is only true if you tightly control what apps can access your data.
In this way, vaccination certificates differ from digital IDs. The majority of the former are digital by nature, while the most common forms of identification (driver’s licenses and passports) are paper-based. Digitizing them opens a huge and wriggling can of worms — while the vaccine pass system could actually benefit from being incorporated into the Apple Wallet.
So, there you have it! A little bit of respite before the modern world messes with our heads again.
