Android phones will be able to store COVID-19 vaccine cards in the US

Although there is still a lot of legal and ethical debate surrounding its implementation and requirement, it might only be a matter of time before COVID-19 "passes" will become just as common as membership cards and tickets. As with the paper version of those IDs, there might be security and privacy concerns regarding paper-based COVID-19 testing and vaccination certificates. Just as many have already started digitizing their IDs and credit cards, Google is now offering Android's built-in Passes functionality to store these COVID-19 "cards" in people's phones directly.

More recent versions of Android have wallet-like Passes API that apps like Google Pay use for, well, passes and IDs. This is handy for those who either don't want to carry physical cards or are worried about those cards being lost forever in transit. Now Google is offering the same convenience and promises of security and privacy to healthcare organizations and governments for storing equally sensitive information regarding patients' COVID-19 tests and vaccines.

Google has announced an update to that API to take into account COVID-19 information. Once enabled for certain health institutions and agencies, people can then input their test or vaccine information manually. This rather tedious process is actually designed to remove the need to store the information in the cloud, particularly Google's, reducing the risk of leaking the information to third parties.

The system is designed to make it easier for people to store and, if required, share their COVID-19 information without having to fumble for cards or papers. While convenient, it is also more secure and private, according to Google, since a lock screen for the phone is required to even store a COVID card. Google itself doesn't store that information, so users will have to input the card for every device they want it to be available.

Naturally, there will be questions of privacy given Google's involvement. The company assures users, institutions, and regulators that it does not store any of this information, nor will it share it with third parties. That said, it does admit it will be taking some pieces of data, including the number of times the COVID card was accessed as well as COVID vaccine information.