Google brings ‘Covid Cards’ to Android phones that show whether you have had a vaccine or been tested

Google says the data is ‘not shared by Google with its various services or third parties and it is not used for targeting ads’

Adam Smith
Thursday 01 July 2021 09:07 EDT
Comments
(AFP via Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Google is bringing digital Covid documents, which it calls a “Covid card” to Android phones and tablets.

The feature is part of its Passes API, which is used for loyalty cards and airport boarding passes, and would be used to show vaccination and test statuses.

“Starting today, developers from healthcare organizations, government agencies and organizations authorized by public health authorities to distribute COVID vaccines and/or tests will have access to these APIs to create a digital version of COVID vaccination or test information”, Google said in its blog post announcing the update.

Once the digital Covid Card is saved on the device, it can be accessed via a shortcut on the home screen – as long as the device is using Android 5 or later and has the Play Protect certification, which is what gives devices access to the Play Store.

The information does not sync across devices, with the user having to manually input it if they are using multiple phones or tablets, Google says, adding that it “does not retain a copy of the user’s COVID vaccination or test information.”

Information from the card is also “not shared by Google with its various services or third parties and it is not used for targeting ads”, the search giant continues, and is protected by either a password, pin, or biometric unlock such as Face ID when showing it to others.

The feature will be rolling out in the United States first, with other countries coming at a later date.

(Google)

Google and Apple, being dominant in the smartphone ecosystem due to the duopoly of their Android and iOS operating systems, have been instrumental in developing the contact tracing method used in the UK. However, there have been allegations that the data is not kept securely.

The software giant had been informed of a privacy issue that made the data available to third-party apps since February 2021, according to a report from The Markup, but said that the issue was not a “severe enough” flaw.

The information shared included data about whether a phone registered a person as being in contact with someone who had the coronavirus, the device’s name, MAC address, and advertising ID, security researchers said.

“Exposure Notifications uses privacy preserving technology to help public health authorities manage the spread of COVID-19 and save lives. With the Exposure Notification system neither Google, Apple, nor other users can see your identity and all of the Exposure Notification matching happens on your device. We were notified of an issue where the Bluetooth identifiers were temporarily accessible to some pre-installed applications for debugging purposes”, Google said in a statement to The Independent.

“Immediately upon being made aware of this research, we began the necessary process to review the issue, consider mitigations and ultimately update the code. These Bluetooth identifiers do not reveal a user’s location or provide any other identifying information and we have no indication that they were used in any way - nor that any app was even aware of this.”

Google did not provide an answer as to why, if the company knew about these issues before Android 11, they were not fixed prior to the rollout of the contact tracing framework, when asked at the time.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in