Alright might have to look in to it if I can find it. I thought because someone might use iPhone to scan the certificates and then you would need to show the qr code for that.
I’m not advanced enough tho to fix it if I happen to find it the repository.
I use both systems almost daily. I agree with you on that android is much more capable on the nfc front and many others.
It might not need fixing in the iOS implementation.
One of the two bugs in the Android version was that the author didn’t understand how a urn:nfc:wkt:T payload is structured and failed to parse it properly. But the iOS version might do that particular job upstream. As for the other bug, it was a piece of totally unrelated broken code that failed to fetch the ISO country code of the system in the NFC codepath. Again, this is probably handled completely differently in iOS.
To convince the right people to enable NFC in the official app, another implantee enthusiast and I are trying to put together arguments to present to our country’s officials next week.
We have to create a short Powerpoint presentation to summarize the pros and cons of enabling NFC, and I thought ot making a video to show a hypothetical nightclub bouncer checking someone’s COVID certificate at the door with the regular QR code, a full-size NFC card, a coin-sized NFC tag and an implant.
The video will show each scenario in sequence to compare the pros and cons of QR code vs NFC. The idea is to show that NFC will outperform QR codes in low-light conditions (you know, the “night” in nightclub, also known as “the day” in winter here 
), especially if the person presenting it pulls a crumpled dirty piece of paper out of their pocket.
The video seems like a good idea to me because, as the saying goes, pictures are worth a thousand words, and moving pictures are worth a thousand pictures - especially if your video is 40 seconds in length (that’s 1000 frames, for those who missed the feeble joke ) I figured that’s the most powerful way to convince someone that NFC is worth doing in 3 minutes or less.
I must shoot the video this weekend. I went to my local friendly booze joint yesterday and asked the tech-friendly bartender to play the bouncer today. He agreed. So I’ll go there later this afternoon with a camera, tripod, a cellphone with a screen recorder all set up, and fake NFC COVID certificates - basically a blank NTAG216 card and a blank NTAG216 coin tag with my own COVID certificate as a plain text NDEF record on them, and fake printed labels taped onto them to make them look smart on the video.
And sure enough, I ain’t got no NTAG216 coin tag. Only magic M1k tags. Fortunately, I found an ancient smartphone with an excellent NFC frontend that can read NDEFs off of Mifare Classics at the bottom of my drawer.
So I have all my stuff ready to go, and hopefully I’ll be able to grab a convincing video with all that stuff. Stay tuned…
There has been some fuzz about copying QR codes, like visually, with cameras with zoom, you can say NFC requires muuuch nearer attackers.
Reading certificates off NFC tags unbeknown to their bearers is one of the concerns we have to address. For sure the range is short, but to the credit of QR codes, once your piece of paper is folded up in your pocket, it’s completely unreadable. That’s more than can be said of NFC transponders.
Still, it’s not much of a concern: at the end of the day, there’s nothing really exploitable by someone looking to steal your identity in a COVID certificate.
Isn’t your identity in the actual code certificate so it would have to match like a driver’s license or some other form of ID?
The certificate has your name in it, as well as COVID- and vaccination-related information. But no SSN or national ID number.
Yes, like all “what you haves”, it doesn’t prove who you are. COVID certificate checking is a two-step process: first verify the person’s identify with the ID card or driver’s license, then verify the COVID status with the certificate.
What we’re trying to do here is move step #2 to NFC. Step #1 is still old-school. This would be different if the ID card was implantable, or - better - if the COVID certificate was in a chip that acted as both.
In other words, it would be ideal if the Apex was usable as a valid ID and could hold the COVID certificate also (which, technically, it can in an NDEF of course). But… that’s for Soon™ I guess
Any eid standard for Finland like Belgium has?
https://www.google.com/search?q=belgium%20eid%20java%20card%20GitHub
Not really. What happens here, for some reason, the government decided to delegate ID authentication to banks. There is a national ID thing that works in parallel, but as far as I can tell it’s not used a lot.
See here for instance: this is the login portal for the citizen’s website, where one chooses how to authenticate oneself:
It infuriates me no end that the state lets private concerns like bank handle such sensitive information. I’m 110% certain the banks love nothing better than to track and monetize the shit out of our government and health facilities’ usage patterns.
On the plus side, Vivokey could - and should - propose themselves as yet another alternative authentication method. The infrastructure for pick-and-choose your authenticator is pretty much already in place here, so Vivokey could easily be a new option quickly. It’s not like they’d have to force their way into a locked government-only IT infrastructure.
I don’t know if that could be something that fidesmo offers an option to the fidesmo banks as well as Vivokey.
Not trying to put Vivokey down, but I suspect fidesmo has a bigger market share than Vivokey does on its own, even in Finland.
I totally understand that. The problem at this point is that Fidesmo does not want to play in the identity space. That’s why you don’t have to sign up for any kind of account to install or use the Fidesmo app. However your point is valid because if we made a identity application for VivoKey, It could easily be installed on non-vivokey devices if we allowed. It would just be a matter of sorting out the business case for non-vivokey devices.
Okay, so in the end I went to my favorite bar in the evening because the place was jam-packed the whole afternoon and my buddy was busy. When he finally found time, he took the job very seriously: we shot a pretty convincing series of simulated COVID certificate checking using various methods.
Best of all: because it was nighttime and the light at the front door was pretty dim, reading the QR code turned out to be really, really difficult, further highlighting how much better a solution NFC is. Okay I’m being a bit disingenuous if I’m honest: many people will present an image of their QR code on their phone. Still, it shows NFC is a convenient alternative, and there’s always gonna be people who will come with an unreadable piece of paper anyway.
Check it out (faces and names blurred to protect the guilty ):
Just got an email to confirm that the video - and a Powerpoint presentation making a case for enabling NFC - will be reviewed by the relevant authorities next week. And my pull request for the code fix hasn’t even been reviewed after a week, let alone merged in, and I’m not holding my breath because other PRs have been lingering for weeks.
Bureaucracy moves at a glacial pace. I think the NFC COVID checker has a very good chance to make it to the Google Play store in time for the next pandemic
I was about to say, did you really expect it to go fast? I just hope 1 day an interested dev will see it and review it for fun.
Well, we kind of are in the middle of a pandemic a bit… I was expecting it to be expedited actually - or at least, I was expecting other PRs that are more essential than NFC to be expedited.
The original author of the NFC code has been assigned to the review job.
If things go well our vax doesn’t work for some mutants and we keep this pandemic for a while.
Nah. Even critical security issues take weeks for gov stuff, at least here in germany. You could have emailed them that you have the finnish private key for certs and they wouldn’t look at it until tuesday.
You’d be surprised how efficient Finnish public servants can be. Not that lot though, unfortunately.
Do you know if the Belgium app can do this ?
I want to put mine also on my next or XSIID if possible ?
I’ll answer your question more generically, in the form of an explanation, and as an update on the current goings on:
The Belgian COVID checker app, like the Finnish app, the French app and all the others in the EU zone, are all more or less direct derivatives of the DGCA Verifier App, which is the EU’s reference implementation. In other words, when a feature makes it into the DGCA Verifier app, eventually (days to weeks later) it may or may not trickle down to your local version, depending on what your local authorities reckon is useful to keep or not to keep from the reference application.
In the case of the NFC feature, it’s always been in the DGCA Verifier app. From what I can tell from the git log, it used to work, then the author / maintainer of the NFC feature fucked it up on purpose for some reason, and I made a pull request to essentially unfuck it a couple weeks ago. If the NFC feature was ever enabled in one of the national implementations, no doubt it was disabled in a hurry when the feature got fucked up.
But most likely it was never enabled in any national implementation, because it turned out QR codes sort of naturally won out and left the NFC option behind altogether.
So my advice to you is this: if you want the Belgian CovidSafe app to support NFC, get in touch with the local maintainers of that app and urge them to enable the NFC feature in the DGCA Verifier app in their own implementation (and since you’re at it, tell them to urge the DGCA Verifier app maintainers to accept my fucking fix, because the EU being the EU, they still haven’t even reviewed it, despite being a TWO LINE FIX!! )
You might have to argue the case in favor of NFC - because you know, they’re public servants and they don’t like to work if they don’t have to. If you need arguments, I can send you the powerpoint I sent the Finnish authorities for that very purpose, and you can use the video above to shows a real-life example of NFC COVID certificate checking in action.
As for the update: the Finnish authorities told me they’d review our request in January, because they have “other important things to do at the moment” and now is not a good time. Whatever… So anyway, if NFC happens in the Finnish app, it won’t happen before January at best. Probably February. Who knows… COVID might be gone by the time NFC gets enabled
Rosco, thanks for the clear answer.
I checked and the maintainer is the government itself so no point to contact. Egof Health
so i think this is also a dead end for the Belgian app 
