The other app apparently allows entrepreneurs “who do not want to discriminate” to carry out checks on the CoronaCheck app, while in practice all QR codes produce a green check mark. This also includes QR codes that have expired or are not even a corona ticket at all.
But the codes that are scanned with it are also – without being told – forwarded to an external server. Whether there are any entrepreneurs who actually use the fake scanner app is unknown. Its use is prohibited.
Sending the QR codes is not necessary for the app to work: they are stored locally on the user’s phone. It is unclear whether and how the codes are being misused; the makers of the app did not respond to questions about it. It is also not known how many QR codes have been forwarded.
Earlier, the makers hinted at a new feature in the app, which allows any user to “put a QR code in their name”. They are probably referring to a function where users can load a QR code matching their initials. It is unknown whether that option has to do with the data collection.
In the Dutch QR codes, only initials and, in some cases, date of birth or month of birth are processed. The intention is that ID cards will also be checked at the door, but that does not always happen.
Shared QR codes are often quickly blocked by the makers of the CoronaCheck app. At the moment there are 1258 QR codes on the blacklist, of which 997 Dutch and 261 from outside the Netherlands.
Even if hundreds, thousands or even tens of thousands of QR codes were to be shared at once, there is technically no obstacle to blocking them, sources around the CoronaCheck app report.