iOS 15.1 Beta Lets Users Add COVID Vaccination Card to Wallet App

[CarlJ]

Except you just need some code to add a card to Apple Wallet. It‘s very easy to do. As long as these QR codes aren‘t routinely controlled, it‘s not really a high security solution.

The QR code includes the name, the vaccine, and dates administered, and the issuer. If it's digitally signed (I'm guessing it is - it's been a long time since I looked at the SMART Health Cards spec), there'll be basically no way to put in a fake one. If you alter the name, the digital signature will break. If you make up one of your own, it won't be recognized as a valid issuer. In either of those cases, it likely won't add to the Wallet. And it certainly won't scan properly in a proper vaccination-specific reader app (because they'll have a list of the public keys for the valid issuers).

Oh, yep, following the link from the article gets to this page, they're talking about the records being digitally signed and using the issuer's public key to decrypt/validate them. These won't be forged unless the issuer's private digital signing key is leaked (and if that happens they'll revoke the old key, issue a new key, and everyone in that state/whatever will need to go re-download their QR code that's been signed with the new key). Public/private key encryption is a lovely thing.

 

[iGüey]

 

[ELman]

I don't see my state having smart anything. We will be using physical drivers licenses and paper vaccination cards forever.

 

[doboy]

I mean, it's taking this long to add to a freakin' wallet? Come on.

 

[tomtendo]

I was able to do this under iOS 14

Bro we can read your attachment easily...

 

[JD2015]

Not gonna happen they already said

Never say never especially where you got to prove you are vaccinated for employment.

 

[osmar.rodriguez]

The Spanish Government is already issuing a Wallet version of the EU COVID Certificate. I hope that European format will also be compatible because it is already in use across the 27 EU Member States and 15 non-EU countries.

 

[poematik13]

6 months late lol

 

[Mojohanna32]

Cool - I love being able to store critical docs, tickets, boarding passes, etc. in Apple Wallet.

You can do this right now with vaxyes. It’s a site: gogetdoc.com/vaxyes

I’ve been carrying my card digitally this way in my wallet, for a couple of months.

 

[caloon]

The QR code includes the name, the vaccine, and dates administered, and the issuer. If it's digitally signed (I'm guessing it is - it's been a long time since I looked at the SMART Health Cards spec), there'll be basically no way to put in a fake one. If you alter the name, the digital signature will break. If you make up one of your own, it won't be recognized as a valid issuer. In either of those cases, it likely won't add to the Wallet. And it certainly won't scan properly in a proper vaccination-specific reader app (because they'll have a list of the public keys for the valid issuers).

Oh, yep, following the link from the article gets to this page, they're talking about the records being digitally signed and using the issuer's public key to decrypt/validate them. These won't be forged unless the issuer's private digital signing key is leaked (and if that happens they'll revoke the old key, issue a new key, and everyone in that state/whatever will need to go re-download their QR code that's been signed with the new key). Public/private key encryption is a lovely thing.

I didn‘t say that it would be a legit vaccine pass. As said, if someone would check the QR code, it wouldn‘t pass the test.
BUT the QR codes are not routinely checked, at least not in Europe. Even a screenshot of a vaccine pass like this would probably get you into most entry restricted events. Therefore, I doubt it‘s useful, and maybe even counterproductive.

 

[jclo]

Thanks for sharing your code with everyone.

Just FYI, this is a fake QR code that isn't mine.

 

[FasterQuieter]

it would be nice if the pass had a photo of you in it. Save you searching around for ID when you are asked.

 

[cmaier]

With fake vaccination cards already on the loose does it really mean anything?

the data is cryptographically signed so authenticity of the card, itself, is guaranteed. That is, it is essentially impossible to fake the “qr” code so that, when scanned, it produces the right information to match the textual information (name, vaccines, etc.). Of course, that just means that the card is authentic, but doesn’t prove that the person who is presenting it is the person whose name is listed on the card.

 

[rotax]

Forget about simple connectivity iphone super minis.

 

[cgaw23]

Awesome! Here in New Brunswick (The one in Canada haha) starting tomorrow we have to show vaccine status.

 

[naturalstar]

Nice. We were just talking about this in reference to upcoming travel for the rest of the year.

 

[webbuzz]

Unfortunate that those of us in states like AZ that continue to not do anything logical can't make any use of these types of things... even though we frequently will travel to states like CA where having it would be invaluable and hella convenient.

Illinois enters the chat.

 

[naturalstar]

Illinois enters the chat.

Are you serious? This state.... !

 

[lazyrighteye]

Excellent. Any step closer to not carrying a physical wallet is ok by me.
In Colorado, there is an official state-run app that allows users to pull up their COVID vaccination status. I used this method to attend Phish's annual summer tour-closing Labor Day weekend blowout. Was seamless. Hopefully, that app (or at least the state of Colorado) plays nice w/ wallet.

 

[Caviar_X]

Are you serious? This state.... !

Illinois is not a part of this program yet. But there is an online portal where fully vaccinated and educated people can print off their vaccine information.

 

[iOS Geek]

Illinois enters the chat.

Yup, I said the same thing 😂 I'm actually surprised Illinois hasn't jumped in on...any...of these things.

I was hoping we'd be on the list for the drivers license one since that is really the only reason I still carry my wallet, but nope. Not having exposure notifications really surprised me, especially when even Wisconsin got in on that one. I mentioned above that I get the availability alert for notifications in Wisconsin every time I cross the state line.

 

[simont90]

Hopefully means those of us in UK using NHS app won’t have to keep on deleting and adding the pass back on when it expires and it can do that automatically! First world problem but handy…

 

[naturalstar]

Illinois is not a part of this program yet. But there is an online portal where fully vaccinated and educated people can print off their vaccine information.

I just read that online. I'm on the site now learning more. Thanks!

 

[cmaier]

Why no support for EU DCC which is used by more than 400 million people? So many of iOS features are useless outside the US.

So maybe buy a smartphone from a european company. How do Nokia phones handle DCC?

 

[bookcase]

This would be cool if my state actually would join. I think it's silly that we have to carry around a paper postcard in 2021.