New South Wales and Victoria commence trial of COVID digital certificates on check-in apps

COVID-19 digital certificates for state-based check-in apps are slowly being rolled out in New South Wales and Victoria as the states prepare for post-lockdown life.
Written by Campbell Kwan, Contributor
Image: Getty Images

The New South Wales and Victorian governments have announced trials are underway to allow people to display COVID-19 digital certificates on their respective state-based check-in apps.

For New South Wales, the COVID-19 digital vaccination certificate will be available on the ServiceNSW app for certain users based in Lismore, Port Macquarie, Tamworth, and Wagga Wagga.

"Up to 500 customers, to be selected by the businesses involved, will participate in the pilot across Tamworth, Port Macquarie, Wagga Wagga and Lismore," Deputy Premier and Minister for Regional NSW Paul Toole said.

Meanwhile, the Victorian government said it commenced similar trials on Monday in businesses and events "across highly vaccinated parts of regional Victoria".

To add the COVID-19 digital certificate onto the ServiceVictoria app, users will need to go through the MedicareExpress Plus and give consent for the state-based apps to access the immunisation history. It is expected the same process will be used for the ServiceNSW app.

By giving consent, users will be consenting to their immunisation history data, which is stored in the Australian Immunisation Register database, being shared with the state-based check-in apps.

According to Services Australia, the consent will last for 12 months.

Alternatively, users can also link their COVID-19 digital certificate with the state-based check-in apps through using a myGov account or the individual health identifier.

All options follow the same consent conditions.

According to the NSW government, the COVID-19 digital certificate on the ServiceNSW app will include a number of security measures, such as a NSW Waratah logo hologram and rotating QR codes, much like the state's digital driver licence. The ServiceVictoria app has reportedly used similar measures for the COVID19 digital certificate in its trials.

Security researcher Vanessa Teague on Monday morning criticised the security of these upcoming COVID-19 digital certificates, saying they are insecure due to the lack of digital signatures. 

"The sad thing is not only that it's woefully insecure, but that it's woefully insecure with a lot of misleading marketing about how secure it is. If we can't have a digital signature like a normal country, at least tell people honestly they can't rely on the certs," she said.  

Other QR code-based vaccination certificates around the world, like in Europe [PDF], rely on QR codes and digital signatures that rely on QR codes and digital signatures that are cryptographically signed and verified.

Prior to the trials, people living in Australia could store their COVID-19 digital certificates on MedicareExpress Plus app, Apple Wallet or Google Pay, obtain a hard copy of the vaccination certificate, or separately download and store a digital copy of the certificate.

As states prepare to move out of lockdown once they reach 70% fully vaccinated rates, with New South Wales loosening restrictions for fully vaccinated people on Monday after reaching that figure, the Australian government is expecting to have its international digital vaccination certificates ready in the coming weeks to allow for outbound international travel in November.

"The government's intention is that once changes are made in November, the current overseas travel restrictions related to COVID-19 will be removed and Australians will be able to travel subject to any other travel advice and limits, as long as they are fully vaccinated and those countries' border settings allow," Australian Prime Minister Scott Morrison said at the start of this month. 


Editorial standards