VerificationC19 app has a serious bug

Starting tomorrow, once you commit to an offer green pass To access activities and public places, the app Verifica C19 It will be used to perform millions upon millions of scans of QR codes related to green certificate. we know How it works And how to implement control with protection aggregate from the citizen. We now also know that she is influenced by what might be called serious bug.

Verification C19 app fatal error

The problem was highlighted by Niccol Segato, an engineering student at Milan Polytechnic, in the department problems From the project on Github. Affects the download version on devices AndroidNot iOS. Below is a translated form of the report.

in the app Android Just change the device date to change the validity of the certificate. For example, by providing the device date, an already expired certificate can be checked.

So it is enough change history To get a different result of the verification process.

From the system settings, it is enough to change the date of the device to change the result of the verification. It was tested with a certificate issued 11 days after the first dose of the vaccine, and therefore invalid by law, and therefore correctly identified as invalid yet by application on the device with the date specified in the correct manner. Postponing it to 15 days after the first dose, and therefore from the date of validity of the certificate, a new examination leads to a positive result.

and it is possible solution? It is provided by the same author of the report, which indicates that the date and time required to perform the scan was obtained from a central server or in any case from a source other than the device itself.

The date and time must be obtained from a single, authoritative source, such as a government server, and not from the device.

Use of VerificationC19 is also guaranteed Offline online, so in the absence of an internet connection (For up to 24 hours), it is unlikely that this would be the cure without affecting the modes of operation announced thus far.

Common sense should be enough to understand it, but to avoid doubt we put it in black and white: The existence of the problem does not allow it to be used to circumvent or modify the controls. It is necessary to emphasize this, given the need to include it among Instructions The answer to the question is on the company’s website Is it possible to fake or tamper with a COVID-19 green certificate?.

Update: As stated by our thank-you reader, the problem is of interest Also iOS version from the app.