The 2G corona rule is now implemented widely throughout Germany. To go shopping you need to show your digital vaccination certificate. So the question that has people worried is: Do you know which app the shops, restaurants and cafes and other places are using to scan your certificate? Both the “Corona warn app” and the “CovPass check app” can scan the digital vaccination certificate.
Security flaw: How easy is it for someone to steal your digital vaccination certificate? They just have to stand at the door and “check” your vaccination status, which you must now prove. Do you keep track of everywhere your digital vaccination certificate was scanned?
Bar owner saves 200 digital vaccination certificates belonging to customers
A Cologne bar owner had almost 200 vaccination certificates on his mobile phone. He actually only wanted to check the vaccination certificates of his guests, but then a restaurateur in North Rhine-Westphalia suddenly saved all of the evidence in his Corona warning app. There is a security problem behind this.
It was just an accident: When the Cologne bar owner Tobias Mintert recently checked the vaccination cards of his guests, he used his Corona warning app instead of the CovPass check app provided for it. He noticed the mistake when he suddenly had more than 180 certificates saved on his cell phone.
He has long since deleted the certificates, but behind the seemingly small error lies a serious security problem. Anyone who scans the QR code of a digital vaccination card with a different app than the one provided will have access to the vaccination certificate.
Misuse of digital vaccination certificates possible
▶ Theoretically, you could use someone else’s vaccination certificate to prove compliance with the 2G rule. In theory, in addition to the QR code, the identity card must also be checked, but this does not happen in all restaurants and shops. This makes abuse easier.
In addition, the case in Cologne raises data protection concerns. “With the Corona warning app, other medically sensitive data such as exact vaccination dates and the vaccine used can get into the wrong hands,” criticized Ayten Öksüz from the North Rhine-Westphalia consumer protection center.
What you can do as a customer
As a customer, you should therefore always make sure at the entrance that the CovPass-Check app is actually used to check the code. This is the only way to ensure the protection of your own data at the moment.
The bar owner was also amazed that he was able to save almost 200 certificates on his mobile phone. Basically it is intended by the developers that the limit is not one. For example, parents can store the vaccination records of their children or spouses on one device and manage them more easily. Whether this should be possible with an unlimited number of certificates is another question.
Telekom criticizes lack of education
Telekom, which developed the Corona warning app, explains that the innkeeper simply used the wrong instrument for the certificate check in the case mentioned.
Mintert’s case shows that restaurateurs and retailers are barely informed about the correct procedure for checking the vaccination records of their customers in the wake of the new 2G regulations: Hosts who do not check carefully and correctly make it easier for unvaccinated people to misuse digital certificates.
Vaccination certificate plus identity card mandatory for inspection
The restaurateur Tobias Mintert has meanwhile recorded his experiences in a Facebook video, among other things.
It is important to ensure that those who control the vaccination status are sensitized. In other words, that you are not only satisfied with the presentation of your vaccination card, but that you always compare it with your identity card.