Schweizer "COVID Certificate"-App

Hello everyone

It seems that the Swiss authorites have created a COVID certificate app that corresponds to the criteria of FDroid. This is a welcome novelty!

Can anyone help me with the following questions?

  1. There are two versions of the app, a verifier and a wallet: https://f-droid.org/de/packages/ch.admin.bag.covidcertificate.verifier/ und https://f-droid.org/de/packages/ch.admin.bag.covidcertificate.wallet/. Do I need both of them?

  2. Both apps have the anti-feature “This app tracks and reports your activity”. What exactly do the apps do?

I’m very grateful for any hints!

In my understanding:

The first Link is just the verifier app. You need this app for checking others certificates if there are valid or not.
The second link is for the wallet, where you can scan and store your persona certificate. This App you need if you want to join an event and you have to show your digital CORVIT certificete at the entry.

2 Likes

For your second question, this is mostly related to the function to send error reports or simulare to the developers. Usaly you can disable this in the settings. I don’t have this app, but i’m pretty sure there are not gathering any data if you don’t want to. The source code is public and if there where any violation in the data privacy, this will pop up very quilckly in the Swiss IT News.

1 Like

Thank you very much.

I would have hoped and expected that privacy focused individuals such as those who use F-Droid would reject such methods of monitoring. Paranoia is rife within the security/privacy collectives so it’s fair to assume that this could be used maliciously, even if set with good intentions.

Assuming…“privacy focused individuals”. Ironically, free/libre “open source” software is… well… more open than private, by nature. In fact, no form of “privacy” appears on F-Droid’s home page. “Privacy” shows up relatively deep into F-Droid’s About page. So, yes, many F-Droid users are “privacy focused,” but it is incorrect to assume a homogenous group, as with most topics and groups. I for one, do agree with you about privacy concerns inherent in such apps. :grin: But that doesn’t mean it’s the same for all F-Droid users.

Thanks for your opinions

A question out of interest: What do you mean by “such methods of monitoring”? The purpose of the COVID Certificate App is to display (wallet version) resp. to validate (verifier version) an official certificate indicating that some person has been vaccinated against or tested negatively for COVID-19. It’s not a contact tracing or proximity tracing app. As long as the anti-feature “This app tracks and reports your activity” relates to error reports and the like, such as Dalli75 supposed, I don’t see a real privacy issue.

The SwissCovid app (which is not the subject of this thread), used for proximity tracing, certainly needs to be looked at differently. However, due to its design (https://www.bag.admin.ch/bag/de/home/krankheiten/ausbrueche-epidemien-pandemien/aktuelle-ausbrueche-epidemien/novel-cov/swisscovid-app-und-contact-tracing.html), I would argue it’s largely acceptable for privacy focused individuals. The only problem with the app, as far as I know, is, that it isn’t Google-free, because it uses the Google Play Services (and hence not open-source, which is, in my understanding, the reason it’s not available on F-Droid).

I’m curious why the apps don’t have non-free network tags too…

The apps want permissions including camera and network.

If you read through this “privacy and terms” stuff, you see they say they are processing personal info’ including name and date of birth, and vaccination and illness details, plus “Technical data about the user’s device, such as operating system version, app version, IP address, etc., is transmitted and stored with each retrieval.” So you are trusting the Swiss government, or their IT contractors, to process and delete the information as they say they will.

Ironically, ClassyShark3xodus does not find any trackers. :laughing:

It is a form of individualization and segregation based off nothing more than whether you were willing to buy into the celebrity backed campaigns and allowed yourself to be injected with untested chemical cocktails. I’m not looking or wanting to start a debate or argument about covid or the vaccine but this app isn’t part of freedom, regardless of how freely the libraries or whatever may be. I would however fully support if privacy respecting individuals (how ever you want to personally entail the term within the magical roundabout) were to create a version of covid apps that actually spoofs information and allows the input of data, meaning anyone can claim anything anywhere, like how freedom ought to be, like how freedom was until we accepted the overnight change.

Thanks for the link. It seems that they process personal data contained in your COVID certificate when you use specific functions according to chapters 3.4.2 and 3.4.3. This is certainly important to know. On the other hand, the Swiss government also runs the system that generated your COVID certificate in the first place. So if it was the governments aim to process and not delete the mentioned personal data, they don’t need you to use the app.

How soon will our phones alert when near phones owned by people we may like or dislike based on personality, finances, club memberships, criminal records, driving records …? :laughing:

IMO, Covid Certificates are another example where printed cards are sufficient, but some people want to use more complex technology, because they can…

I’m with you when it comes to phones alerting by standard near phones owned by specific people. However, I think it’s somewhat far-fetched to relate such a scenario to a Google-free open-source app that handles COVID certificates generated by the same government that issued the app and runs the server-side part of the app. The corona crisis has brought some progress regarding transparency and privacy standars in (Swiss) government apps, which I appreciate. Hopefully, they will continue to make their apps more transparent etc. in the future.

Still, of course, no one should be urged to use apps if there exist good alternatives. Indeed, after the vaccination in Switzerland you geht a printed version of the COVID certificate. You’re free to download a PDF version (which you can copy to your smartphone and display with any PDF reader) and you’re also free to use the app.

1 Like

Is this what we want to be helping?

The green certification becomes mandatory to be in possession for many businesses such as:

Personally I think this is disgusting and comparable to the actions of a group who were most prevalent during the 1940s but I’ll avoid the direct word at the risk of being banned.

This is far far from freedom, I am actually rather surprised that no privacy focused individuals (uh oh) have bothered to create spoof copies of real apps for use with false data. If it was written privately and released over Tor then how would anyone even know who made it?

This will soon be fully enforced across countries in Europe and North America.

Show me your covid app on your phone that will accuse you of being a ped0 until it gets answers for itself.

Freedom :heart:

Sorry, but this lost you all credibility on this topic. I prefer to get my information from doctors and medical researchers. Please stay home in self-isolation watching your pr0n for the duration. :laughing:

Nazis. Godwin’s law.

1 Like

No, I shall continue life as normal. I haven’t followed a single guideline since day one and yet somehow I remain alive. You also completely ignored my last comment by focusing on one element of a comment I posts days ago, is that you Mr Pfizer? I did also state that I’m not trying to draw argument unlike yourself so your lack of credibility across numerous threads has now just been further reduced. Congratulations.

As I don’t think it has been mentioned already: while the apps only claim to be officially valid in Switzerland, I’ve found they will accept, display, and verify certificates from EU countries, and my expectation is that the display method would be accepted by most places outside of Switzerland. It appears to display a different QR code than the PDF version, as well: I’m not sure if the code is static, or if it changes regularly to impede tracking.

As such, the apps may well be useful open-source, more trustworthy, alternatives for many of us outside of Switzerland as well.