Tim+ wrote:
Well, my GP was able to look up on his computer to see what vaccine Id had
and when so clearly the data is all being held on NHS computers somewhere
central as I didnt have my first dose at my GPs.

I dare say it wouldnt be too hard to make an app that could look up this
info.

I just logged into my Patient Access account. It shows both my covid jabs.

Lucky you, I wish I could do the same. My GP practice says it can't
provide this access because of privacy/data protection concerns.

... and, as I said in my previous response, how do you now guarantee
that the mobile phone you're carrying around is 'yours' and that you
haven't copied the "I've been inoculated" flag from someone else's NHS
records.


You seem obsessed with absolutes. No system is absolutely secure or
impossible to circumvent. As long as the majority of users can be
accurately identified surely thats €œgood enough€�?

Nothing is perfect. Yes, you can probably be fairly certain that the
record you have identified in the NHS databases is 'yours'.

However I still can't see how having an app installed in a mobile
phone which is *not* in any way locked to my identity will prove that
I've had the inoculation.

While some people may think their mobile phone is permanently and
inexorably locked to themselves it most certainly isn't true. There
(presumably) won't be a requirement to show the phone with the
inoculation app on it is yours will there? How would you prove that?
There's no inherent requirement in Android that you can only unlock
your phone with face recognition or fingerprint and even if there was
these can be changed if/when you transfer the phone to someone else.

--
Chris Green
·