Google brings ‘Covid Cards’ to Android phones that show whether you have had a vaccine or been tested

Google is bringing digital Covid documents, which it calls a “Covid card” to Android phones and tablets.

The feature is part of its Passes API, which is used for loyalty cards and airport boarding passes, and would be used to show vaccination and test statuses.

“Starting today, developers from healthcare organizations, government agencies and organizations authorized by public health authorities to distribute COVID vaccines and/or tests will have access to these APIs to create a digital version of COVID vaccination or test information”, Google said in its blog post announcing the update.

Once the digital Covid Card is saved on the device, it can be accessed via a shortcut on the home screen – as long as the device is using Android 5 or later and has the Play Protect certification, which is what gives devices access to the Play Store.

The information does not sync across devices, with the user having to manually input it if they are using multiple phones or tablets, Google says, adding that it “does not retain a copy of the user’s COVID vaccination or test information.”

Information from the card is also “not shared by Google with its various services or third parties and it is not used for targeting ads”, the search giant continues, and is protected by either a password, pin, or biometric unlock such as Face ID when showing it to others.

The feature will be rolling out in the United States first, with other countries coming at a later date.

open image in gallery

Google and Apple, being dominant in the smartphone ecosystem due to the duopoly of their Android and iOS operating systems, have been instrumental in developing the contact tracing method used in the UK. However, there have been allegations that the data is not kept securely.

The software giant had been informed of a privacy issue that made the data available to third-party apps since February 2021, according to a report from The Markup, but said that the issue was not a “severe enough” flaw.

The information shared included data about whether a phone registered a person as being in contact with someone who had the coronavirus, the device’s name, MAC address, and advertising ID, security researchers said.

“Exposure Notifications uses privacy preserving technology to help public health authorities manage the spread of COVID-19 and save lives. With the Exposure Notification system neither Google, Apple, nor other users can see your identity and all of the Exposure Notification matching happens on your device. We were notified of an issue where the Bluetooth identifiers were temporarily accessible to some pre-installed applications for debugging purposes”, Google said in a statement to The Independent.

“Immediately upon being made aware of this research, we began the necessary process to review the issue, consider mitigations and ultimately update the code. These Bluetooth identifiers do not reveal a user’s location or provide any other identifying information and we have no indication that they were used in any way - nor that any app was even aware of this.”

Google did not provide an answer as to why, if the company knew about these issues before Android 11, they were not fixed prior to the rollout of the contact tracing framework, when asked at the time.