The Corona-Warn-App recently received a new feature that is currently raising concerns among privacy advocates. There are legitimate doubts that user privacy is maintained here.
Unless you’re going to a supermarket or other convenience store, you need to make time. Because then the Corona Protection Ordinance requires that you show both a 2G proof and an ID card at the shop entrance. Further measures will soon be added in many areas of life, because then citizens will sometimes also need a rapid test that is updated daily. The Corona app wants to simplify various scenarios and offers a new function that bypasses the waiting time on site. The problem: It could be at the expense of privacy.
Everything can be stored in the federal government’s Corona app: the rapid test, proof that you have recovered, or the vaccination certificate. All of this is necessary in order to participate in social life at all. A new function (from version 2.15) now makes it possible to identify yourself as vaccinated or recovered in advance. If you buy a ticket for a flight or a concert, for example, you can have yourself verified directly at the time of purchase.
Corona warning app: Doubts about data protection with the new check-in function
However, the Corona app itself does not check the status. Instead, an external online verification tool steps in to check the identity. And this is exactly where data protection officials are sounding the alarm: How is the anonymous use of the Corona app supposed to work? Because the app promises not to pass on any personal data. The validation services are not supposed to store data in the long term either, but details could still be clearly linked to people.
The professor for IT security and identity management at the Hasso Plattner Institute, Anja Lehmann, is concerned. She told Netzpolitik.org: “In my opinion, T-Systems used an infrastructure to fight the pandemic for its own commercial interests and benefited from the advantage of being involved in the development of the CWA.” Because companies should be able to offer the test tool against payment, which creates competition and thus accelerates the spread of the tool. At least in theory. It is not yet clear which companies are explicitly working on and offering the tool.
However, Lehmann sees this step as damaging the reputation of the Corona app, which to date has primarily been characterized by its anonymity.
This is how the new feature works
The verification does not work automatically, but requires the active consent of the user. Once this has been done, you will receive a suitable QR code when you buy the ticket. You can either scan it with the Corona app or upload it directly. Based on this, the app recognizes which proof is required in order to be able to take part in the flight, concert and the like.
You can then send the appropriate proof to the organizer or the tool. If you have given your consent, the validation tool checks the evidence and gives the green light. You and the organizer will then receive confirmation of this afterwards.
The FAQ of the warning app emphasizes: “The check itself takes place on-the-fly in the main memory of the server of the validation service. The memory areas involved are automatically cleaned. Also involved log files do not store any personal data or information about the certificates. Documented for billing purposes the technology only means that a check has been carried out for the ticket provider. No personal data is processed here either. The only remaining storage location for a certificate is the user’s smartphone.”
This post originally appeared on Inside Digital.
Shop recommendation for cell phones & smartphones
Offer from BestCheck.de | Prices incl. VAT plus shipping