Security News > 2022 > March > Dozens of COVID passport apps put user's privacy at risk
Roughly two-thirds of test digital vaccination applications commonly used today as safe passes and travel passports exhibit behavior that may put users' privacy at risk.
The risks are substantial as these apps are required for large populations worldwide, allowing hackers an extensive target base.
Digital passport apps store proof of a person's COVID-19 vaccination status, full name, ID number, date of birth, and other personally identifiable information encoded in a QR code or displayed directly in the app.
The issuers of these apps are typically the health and IT departments of governments, while the developers are often contracted experts in mobile software development.
Symantec's team looked into 40 digital vaccine passport apps and ten validation applications and found that 27 suffer from some of the following privacy and security risks.
If you're obliged to use a digital vaccination passport app, avoid third-party wallets from obscure vendors and prefer those from firms that vet them more vigorously, like Apple Health and Google Wallet.