NHS app and vaccination passport.

A photo on a phone proves nothing, it can be changed.

Passports go to great lengths to prevent the picture being changed.

A photo can be changed!

Passports go to huge lengths to prevent you changing the picture.

This is the whole point, a passport is designed to be locked to your identity, that's the whole point of its existence, nowadays there's more than just the photo identifying it as yours. Plus there's lots of 'cleverness' preventing people from changing the identity associated with a passport and also making it difficult to create false passports.

Phones have none of this, it's trivial to change the 'identity' tags on a phone, change the picture, register an app with a different bank account, whatever. The thing is designed to be customised, quite the opposite of a passport.

Every /serious/ proposal I've seen expects a Covid-19 "certificate" to contain name and d.o.b. so it can be cross-checked to other ID - e.g. a passport or driving licence. If that data is encrypted it'd be well beyond my DIY ability to change it.

Its easy enough to ensure that the one on the phone has to match the one in the central database that verifies it.

And that?s just as true of digital passports.

But how does that work in a phone app? I.e. if the app is installed on Fred's phone and confirms he's been jabbed, Fred then gives (or sells) his phone to Bert. What happens?

... or do you show the screen of your phone to passport control (or whatever) and they have to check that the DOB etc. matches your passport. In other venues how will this work - would you need your passport and/or driving licence to be cross checked with the Covid certificate on your phone?

But a vaccination passport can have all of that, just like the digital passport does.

it's trivial to change the 'identity' tags

But just as true of a digital vaccination passport on a phone.

With Barclays, you have to enter (part of) a password via a drop down menu. Which makes if near impossible for a bot to capture the password.

If your banking system allows stored passwords, I'd change it rather quickly.

Doing some Googling says you can use Android 10 with an S4. But each article I read seems to use a different way. And recommend different software to do this. All very confusing.

Ah, thanks for the reminder. Right, that's the banking app off my iPhone, along with two others I haven't used since they were installed. Twitter gone too, and I don't use it for email anyway.

Very probably. With cross-checks done automatically by reading the code from the phone and the data from the passport. That's one reason countries around the world want /digital/ certificates where possible. As is documented in masses of material about the WHO Smart Vaccination Certificates, Common Pass, MS's Smart Health Cards, EU's vaccine passports, etc etc

I'd imahine that'd depend on risk-assessment.

Fred needs to turn up at the check point with paper based picture ID proving that he is the person named (and DOB-ed) in the vaccinate certificate

Of course

how else could it possibly work

It won't, which it's why it's a nonsense to have this method of vaccine checking for entry to venues

Not gonna happen

I don't believe that "countries around the world" have access to our PP database. Only UK border control has that (indeed even they may not have that in real time).

Countries around the world have to take documents at face value, relying upon the built-in anti-fraud devices embedded into the documents. It is for this reason that *paper* based documentation is so much better here than digital variants

They may want these documents to be easily digitally read, but they still want paper documents

tim

Not everyone has a passport, and plenty of people don't have mobile phones at all, never mind smart phones.

OK, I had mine done in 1988. In those days there was a 10-year expiry date. I had to make a 50 mile round trip to Brighton to get it done too.

On 29 Apr 2021, Max Demian wrote

I've not had a problem with that sort of thing with mine (Moto G8); AFAIK, my wife's cheaper Moto is OK with them. (I can't remember the model of her phone, but it cost under 100 pounds.) Given how widespread the phone-as-code-reader is, I suspect it would have to be quite a bottom-range model that can't cope with that level of task.

The main problem for me -- I have tremor-dominant Parkinson's -- is that the camera doesn't have particularly good stabilisation. It's not too bad for happy snaps, but the zoom is pretty well unusable unless I happen to find something solid to brace it against.

I did not say that other countries wanted access to our database. I said they want digital certificates that can be easily read and verified. (Digital here includes an encrypted QR code.)

If your "they still want paper documents" applies to vaccination certificates that's at odds with the WHO and all the other work on digital options. And with the many who reckon a paper document is /much/ easier to forge. (Many passports are of course no longer just paper but biometric with embedded chips. Meanwhile the paper International Certificate of Vaccination or Prophylaxis - "Yellow Card"

[sorry, that should have continued] - "has little protection against alteration or forgery, does not incorporate digital technology nor have verifiable link with the holder" (to quote the Royal Society's report).

You can probably use most versions - although later versions are more resource hungry than earlier ones. So 10 may give a sub optimal experience, whereas 6 will probably "feel" similar in performance. I saw a demo of how to install Oreo (8) on it, and it said it works but was a bit slow.

Keep in mind these processes have been put together by a number of independent third parties, they are not the manufacturer "approved" way of doing it (since they abandoned supporting the device as soon as they thought they could get away with it). As a result there are multiple ways of doing it each if which probably work. So it is probably just a case of pick one that you can follow where there also seems to be a number of guides promoting.

Same as what happens with a digital passport or digital driver's license on the phone, they all get wiped by the seller before the phone is sold. Even if the phone is lost or stolen, any decent phone can be wiped remotely after you have noticed that it has been lost or stolen and cant be used by the thief or finder

Trivial for the system to do that auto.

They cross check with the central database, just like happens now with digital passports and digital driver's licences.

That?s what happens with even trivial stuff like ID checks when picking up a parcel or using a pub etc.