It could also allow the certificate/QR code to be shown through Apple Wallet hands-free on the Apple Watch, without having to open the app on the iPhone.
Considering the vaccination certificate will likely be important to show when traveling and crossing borders and the digital certificate is all about making that process easier, it would make a lot of sense to have it right next to where e.g. airline boarding passes are also accessible (in Apple Wallet).

Unfortunately, this is a security and privacy concern, as already discussed in the CWA GitHub. As this would allow the QR code to be visible without any sort of user validation / passcode. We have discussed this internally and came to the conclusion to not implement it because of the security concerns and that it is out of scope.

You can disable access from Lock Screen in the iOS settings.

That's true, navigate to the "TouchID & Code" or "FaceID & Code" or just "Code" section in the Settings and switch the toggle to off for Wallet in the section "Allow access from the lock screen".

And as I said in https://github.com/corona-warn-app/cwa-wishlist/issues/503 you can only access cards which work with Apple Pay from the lockscreen https://support.apple.com/en-us/HT204003

Since we cannot make sure that this is disabled on the iPhone the app is deployed on, this is still a privacy and security issue.

@jucktnich - I can access all my card from the lock screen even those that are not Apple Pay enabled. E.g. discount codes etc.

@PaulBallmann discount cards can also be Apple Pay enable see the support article

You also cannot make sure, that the user has a code enabled at all

I have to admit that I'm disappointed and can't really understand the decision .

As the passes wouldn't be added automatically, the users would have to decide proactive, whether they want the passes and so the personal information to be accessible in such a way (without Passcode and/or verification) or not. Maybe a warning could be implemented to inform the user about that.

Also I think it is problematic too, if the device has to be unlocked to access the information and I have to hand it to a an strange person for scanning the code, verification, etc, as they would have access to the entire device and all my private data and this would be much more problematic than only my personal Information in the wallet pass.

And as in some other thread explained, there are third party apps which let you create your own passes from an image of the qr-code, so they are accessible from the wallet app even if it is not natively supported from the original app. And as the qr-code doesn't change, it would be not that much work, to get it working.

So I don't really see myself using this app actively in the future, maybe only for creating the qr-code a single time for exporting via screenshot or so.

Also it seems more like paternalism for me as it doesn't let me decide on my own if I want to use it and take the risk or not.

So my hope for this topic for now lays on other third party apps and developers which are more user oriented and implement this feature, like the Luca-App, or export the certificate as image in the photo gallery.
If it is better from an privacy standpoint to be dependant to unknown, untrusted third party developers and (maybe) closed source apps, as the official app doesn't support this features should be discussed too.

@Ein-Tim - Yes, we make sure that passcode is enabled else the app won't start.

@ezadoo - Please understand that his is not in our hands. The EU did not put this into their spec and since this is privacy and security related we cannot just implement a feature that would expose a user that does not know about this issue.
Also handing over your phone to get the QR code scanned is not needed. You can unlock your phone and keep it in your hands while the QR code is scanned.

@PaulBallmann

Yes, we make sure that passcode is enabled else the app won't start.

Interesting, thank you. To which app are you referring? The example one?
I'm not sure if CovPass (the German app) has something like this implemented...

@Ein-Tim - Yes. This is implemented in the example wallet-app. I don't know how much of our core or app is used in the CovPass app.

Can someone proof/disproof if the Apple Pay integration is needed to be accessed without authentication

@jucktnich - I don’t know exactly what you mean. The apple wallet is not passcode protected by default and will let you see any certificates that are stored in the wallet on the lockscreen without authentication which goes against DGCA spec.

According to the apple support article you can only access cards with Apple Pay integration from the lockscreen "If you have a credit, debit, prepaid, store card, or a rewards card in Wallet that works with Apple Pay, double-click the Home Button from the Lock Screen to open Wallet. On iPhone X or later, double-click the Side button."

@jucktnich I have a Nespresso membership card that is only visible when the iPhone is unlocked and otherwise not accessible. Is that what you meant?

Yup, same with f.e. the iTunes pass and the tickets of the DB

@PaulBallmann

"The EU did not put this into their spec and since this is privacy and security related we cannot just implement a feature that would expose a user that does not know about this issue."

This is why I said, that a warning could (and should) be implemented, before the user adds it to the wallet, so the user is informed about the risks coming with that decision.

In this case the users themselves would know about this issue, but also could decide to take the risk, for the benefit of using Apple Wallet. I think every user should be able to decide on its own, not to have the EU to decide if the users should be able to make their own decision.

Also I think an institution like the EU and so the developers of this app could try to contact and find a solution with Apple to integrate more security for the sensitive personal informations, so that a verification with Face-ID, Touch-ID or passcode could be enabled, like it is the case for using credit-cards with Apple Pay, as from such an integration would profit millions of iPhone-Users in the entire EU.
As iOS15 in the US already supports drivers licenses in some states, so I see no reason, why not at least it should be tried to find a solution with Apple to integrate an EU-wide solution with an similar topic.

@ezadoo Something like with the driver license would be the icing on the cake

Thank your for your input on this issue. It is still not in spec nor scope. We will keep this in mind in case scope or spec change. There’s just too much fluctuation. I will get confirmation about the issue

According to the apple support article you can only access cards with Apple Pay integration from the lockscreen "If you have a credit, debit, prepaid, store card, or a rewards card in Wallet that works with Apple Pay, double-click the Home Button from the Lock Screen to open Wallet. On iPhone X or later, double-click the Side button."

I don’t know how this changes the scope of the issue but I will bring this up and will get back to you on that.

@PaulBallmann If you can't access the card from the lockscreen (without authentication) all the security concerns vanish.

@PaulBallmann if you make it an optional step … like [Add to Wallet] as a button the USER can decide whether (s)he want's to use this feature.

I personally prefer to NOT unlock my phone for anyone who wants to see my certificate but I'd be fine if anyone can see my name on the certificate.

Also: if the certificate only shows the QR Code with encrypted data: what can ANYONE see on the locked wallet view anyway? …

I would HIGHLY recommend to think about possible implementation options here. I really don't want to carry paper work with me just to prevent unlocking my phone in a "verification situation".

Thanks,
Rico

FYI: If you want your QR-Code in your Apple Wallet now, take a look at: https://twitter.com/kkrdvc/status/1404418854231674885

The comment above me (pointing people at a 3rd party app) getting reactions will be the end result of this: people will use 3rd party apps instead. Who knows what happens to the data then? If the details are sent to the backend, we've already lost.

That, to me, is the real threat of privacy problems here - people will find a way. So from a harm minimisation perspective, imo, it makes sense to include this feature in 1st party apps so they have a trustworthy option.

I was gonna say the same thing. If you've used Pass2U, it takes several seconds to generate a pass, and it will show you an error if you're offline. This indicates that the generation does not happen locally on the phone, but details are sent to a backend. The app's developer (and probably the servers) are in Taiwan, outside the EU. I don't intend to bad-mouth the developer, they may very well have implemented everything in a super privacy-preserving way and perhaps even GDPR-compliant, but who can know? It's not open source like this app. It may very well be that every QR code is uploaded and stored in a database, secretly sold off, or one day gets hacked and thousands of vaccination certificates are leaked and obtainable on the internet. And that's the solution users are being driven to (without being aware of the risks) if the official app does not support Apple Wallet natively. Putting it in the official app means being able to inform the user of potential risks.

Thats exactly what I said in one of my comments above:

If it is better from an privacy standpoint to be dependant to unknown, untrusted third party developers and (maybe) closed source apps, as the official app doesn't support this features...

And a little explanation regarding this topic:

There are many apps for generating wallet passes, all of them are generating the passes on their backend servers.

This seems to be an intended technical/security limitation from Apple as every pass has to be signed to work in the wallet app.

And as you can't include the signing certificate with the app for obvious security reasons, the pass has to be generated on an server with the signing certificate from the developer.
So everyone using such apps have no other choice than trusting the third party developers and that they don't store the sensitive personal information or the generated passes on their servers.

But this is exactly what will happen if the official app doesn't support this feature. And as there are already some users doing this many more will follow doing the same when they have their vaccination certificate.

@felixfbecker I developed a small web app, which lets you add your certificates as a pass: CovidPass. It is developed in accordance with the GDPR and is hosted in Germany. Feel free to contribute

Is it really better to have users download some third party app because they want this feature than just to clarify for the user that the wallet is accessible without a passcode? Not everyone has to use this.

Also one more thing to think about: Analog vaccination certificates also do not require a passcode and they were safe enough for us for a very long time.

I do not really understand the security concerns with having the pass on the Home Screen. The real threat here is all the validator apps that can store all scanned certificates. If we were really concerned about this we should have implemented Terminal Authentication like for ICAO Biometric Passports https://www.icao.int/publications/Documents/9303_p11_cons_en.pdf . As far as I understand, the only way to enable offline verification and limit the verification to only registered apps would be to encrypt the certificate and distribute decryption keys - like in the TA scheme to limit access to f.i fingerprints in passports.

On another note, what is the recommended process for the initial delivery of a digital version of the certificate (not paper) ? How is this done in most EU countries? In Sweden they require login with eIDAS (which many tourists of the tourists making up at least 30% of people tested do not have) to pick up Test certificates. This is a problem and means that a subject needs to visit the clinic twice to get a PDF on paper. In order to get it digitally it seems putting it in your Apple or Android Wallet in the way @marvinsxtr does it has the least security implications beyond using a photo.

This document talks about deployment via SMS https://ec.europa.eu/health/sites/default/files/ehealth/docs/digital-green-certificates_v4_en.pdf . Is this allowed? Would appreciate a pointer to a document regulating this? Or is this the authoritative source?

I don't know if this was stated before, but you can show your Medical ID on the Lockscreen (if this is activated in the settings), in the Medical ID there's you're name, DoB, weight, height, primary language, medical conditions, medical notes, allergies&reactions, medications, blood type, organ donor and you're emergency contacts. I think the data in the vaccination pass is nothing against this.

I don't no if this was stated before, but you can show your Medical ID on the Lockscreen (if this is activated in the settings), in the Medical ID there's you're name, DoB, weight, height, primary language, medical conditions, medical notes, allergies&reactions, medications, blood type, organ donor and you're emergency contacts. I think the data in the vaccination pass is nothing against this.

Exactly, that you have been vaccinated or tested negative is hardly something to hide like an STD.

CovPass and Corona-Warn-App (the Wallet apps from Germany) now both can export PDFs of the saved DCCs.
They both say that this PDF contains private data and should only be shown to authorized people.

I don't understand why it isn't possible to just add a similar note and let the user add the DCC in their wallet. There is literally no difference to the PDF which can be created, the user could set it as their wallpaper on the Lock Screen and the app can't do anything against it. Still this feature was implemented while the wallet integration was declined...

Here is probably the wrong place, I know, but I just had to comment this somewhere.

If you search for an official way to add your certificates to the Apple Wallet, I recommend https://github.com/GreenPassApp (Link to the App Store).
It's an official app from the Austrian Red Cross.

Good News everyone!

iOS 15.4 Beta 1 added support for EU digital Covid Certificates in the wallet app. See iOS & iPadOS 15.4 Beta Release Notes:

Verifiable health records now support adding vaccination records in the EU Digital COVID Certificate (EU DCC) format to the Wallet and Health apps. (79917344)