On paper, this latest effort should be much simpler, but the companies face a crowded app market and the potential for privacy concerns among some Americans.
“If Big Tech has specific apps they will work with, then this would go a long way to cut down on the volume of app solutions that are currently flooding the market,” said Sam Gazeley, digital research analyst at ABI Research. “It would help to a degree by removing the risk of fraudulent certification from forged documents entering circulation.”
In addition to verifying vaccine status, apps such as the CommonHealth app and the New York Excelsior Pass app developed by IBM provide a scannable QR code for entry at different businesses. They display no personal information beyond whether that person received a shot.
Some experts say companies such as Samsung, Google and Apple may play a significant role in the private and public sectors coming together to create verifiable credentials.
“Technology companies are helping lead the way in leapfrogging US efforts in verifiable digital Covid-19 credentials, but perhaps more importantly having portable digital consumer health data stored in digital wallets,” said Donna Medeiros, senior research director at market research firm Gartner. “This means using mobile phones to share our data in a standardized manner when, where and with whom we want.”
Vaccine status apps have seen early adoption in California, New York and Louisiana as more people download their data and store it on their device, due largely to local governments requiring proof of vaccination to enter certain areas. It’s also an appealing effort for smartphone makers that don’t have to manage the process themselves.
Gazeley said serving as a storage solution is less risky than creating location-monitoring softtware rife with privacy concerns.
Making a mark
Amy Loomis, research director at IDC who closely follows future of work trends, said Big Tech’s efforts to support vaccine health pass apps are innately better set up for success.
“Language matters,” she said. “No one wants to be ‘traced’ or tracked but we show ‘proof of’ all the time — proof of employment with a badge, proof of legal age with license.
“Even if [Apple and Google’s] involvement is limited to just providing the storage solution for the certificate itself, many will associate it with being issued by [the company] even if this is not the case,” Gazeley said. “So in this manner, it achieves more for them than the contact tracing app attempts.”
“The tech companies promised us that exposure notification apps would stop the pandemic. They failed,” said Cahn, founder and executive director of the Surveillance Technology Oversight Project and a fellow at the NYU School of Law. “Now, the vaccine apps will fail us once again, and I fear they will do lasting harm to public trust in the vaccines.”
He said the fact that some apps are easy to forge, not every citizen owns a smartphone and persisting questions around how user data is handled will limit the success of the tools. Chief among the privacy fears, he said, is the question of whether location or medical data will be collected and stored and who will have access to that information.
The Vaccination Credential Initiative — which includes IBM, Microsoft, Salesforce, Oracle, Mayo Clinic and the Commons Project — is playing a key role in developing US standards and guidelines for digital health passes. It requires participating apps to not save data on a central server or be aggregated, so an issuer wouldn’t know a person’s location history.
“Despite all of these apps, the best proof of vaccination is still the laminated CDC card I carry in my pocket,” he said.
Another major issue stems from what apps each venue or business decides to require for vaccination proof. Meanwhile, Samsung declined to share if it’ll open its digital wallet up to apps beyond CommonHealth but “without universal acceptance, the impact it will have on cutting down on the [app] noise will remain limited,” Gazeley said.