If you’re a COVID patient, you may be concerned about the potential for your personal information to be shared with third-party companies. But if you don’t have a COVID Passport app, you may not know about the risks. The COVID Passport app is a mobile application that allows patients to access their medical records and other health information. The app is free and available on both Apple and Android devices. But according to one study, the app could potentially put your privacy at risk if it’s used by third-party companies to collect data about your health condition or other personal information. The study found that the COVID Passport app could be used by companies to collect data about patients’ mental health, social media activity, and other personal information. If you use the COVID Passport app, it’s important that you understand the risks and take steps to protect your privacy. If you have any questions or concerns, please contact our customer service team at 1-800-222-1222 or visit our website at covid.com/privacy/.
Research firm Symantec (Via Bleeping Computer) tested 40 digital vaccine passport apps and ten validation (scanners used by the people checking vaccine statuses) applications. The firm found that 27 suffer from some privacy and security risks, which should concern anyone using these apps to travel or gain access to places.
Many of these COVID passport applications generate QR codes that are not encrypted but instead encoded. This leaves a gaping security hole. Anyone with a QR scanner app at a checkpoint could decode the data and gain personal information because of encoding.
Additionally, the research firm discovered that an HTTPS connection wasn’t required in 38% of the cases. This could open passport users to man-in-the-middle attacks.
A third issue is specific to Android, and it concerns external storage access permissions. In total, 43% of the apps tested ask for access to the device’s local files, which could open other security holes.
Your safest bet is to stick with Apple Health and Google Wallet if they are an option for your COVID vaccine information, as these will have better security measures in place. If you must use a third-party app, pay attention to what permissions you grant it to ensure it isn’t asking for anything that seems sketchy.
RELATED: How to Automatically Revoke Permissions for Unused Android Apps