Person showing their COVID-19 passport

Do you use an app for your COVID vaccine? It might not be as secure as you’d hope. Apparently, about two-thirds of digital vaccination applications exhibit behavior that may put your privacy at risk.

Research firm Symantec (Via Bleeping Computer) tested 40 digital vaccine passport apps and ten validation (scanners used by the people checking vaccine statuses) applications. The firm found that 27 suffer from some privacy and security risks, which should concern anyone using these apps to travel or gain access to places.

Many of these COVID passport applications generate QR codes that are not encrypted but instead encoded. This leaves a gaping security hole. Anyone with a QR scanner app at a checkpoint could decode the data and gain personal information because of encoding.

Additionally, the research firm discovered that an HTTPS connection wasn’t required in 38% of the cases. This could open passport users to man-in-the-middle attacks.

A third issue is specific to Android, and it concerns external storage access permissions. In total, 43% of the apps tested ask for access to the device’s local files, which could open other security holes.

Your safest bet is to stick with Apple Health and Google Wallet if they are an option for your COVID vaccine information, as these will have better security measures in place. If you must use a third-party app, pay attention to what permissions you grant it to ensure it isn’t asking for anything that seems sketchy.

RELATED: How to Automatically Revoke Permissions for Unused Android Apps

Profile Photo for Dave LeClair Dave LeClair
Dave LeClair was the News Editor for How-To Geek. He is now a Mobile Analyst for PCMag. Dave started writing about technology more than 10 years ago. He's written articles for publications like MakeUseOf, Android Authority, Digital Trends, and plenty of others. He's also appeared in and edited videos for various YouTube channels around the web.
Read Full Bio »