Starting tomorrow, as soon as the obligation to show the Green Pass for access to public activities and places is triggered, the VerificationC19 application will be used to perform millions and millions of scans of the QR codes relating to the Green Certificate. We know how it works and how it controls while protecting the privacy of the citizen. We now also know that she is affected by what can be called a serious bug.
A serious bug for the Verification C19 application
The problem was brought to light by Niccolò Segato, an engineering student at the Politecnico di Milano, in the Issues section of the project on GitHub. It affects the download version on Android devices, not the iOS version. We report the report in translated form below.
It is therefore sufficient to change the date to obtain a different outcome from the verification process.
What is the possible solution? It is provided by the author of the report himself, suggesting the obtaining of the date and time necessary to perform the check from a central server or in any case from a source other than the device itself.
Since the use of VerificationC19 is also guaranteed offline, therefore in the absence of an Internet connection (for a maximum of 24 hours), this is unlikely to be the remedy without impacting on the operating modes declared so far.
Common sense should be enough to understand it, but for the avoidance of doubt we put it in black and white: the existence of the problem does not authorize us to exploit it to circumvent or alter the controls. It must be emphasized, considering the need to include the answer to the question Is it possible to falsify or tamper with a COVID-19 Green Certification in the FAQ on the institutional website?
.
Update: As reported by a reader, whom we thank, the problem also affects the iOS edition of the app.
Source: GitHub