Proposal: Do not save scanned credentials #24
Description
Since the app contains a dedicated login screen and nice cards to display scanned credentials (again), I am assuming that the choice was made on purpose.
However I would like to encourage the idea of not saving the scanned credentials - or at least reduce the saving to an absolute minimum.
Assuming that the idea behind this feature is to have a list of (for example) customers that have visited my venue, I could probably do with a lot less details than the whole QR-credential which can include the name, DOB, vaccine, LOT number, dates, etc.
I do not know if there is concrete legislation for this, but at least in a few countries saving health related data (which vaccination credentials are a part of) cannot be saved without the users consent and especially not in an unsafe manner (I guess, this would open up the discussion, if a sqlite-database can be considered safe).
Also, especially since "replaying" the saved barcode allows for impersonation, as a user I would expect from the person checking my credentials to not save them.
I think, for 99% of all users of such a verifier app, just displaying a message containing the name, DOB and if the vaccination is acceptable (taking into consideration the amount of vaccinations and the time from the last shot) should be enough. Saving even those details should be an opt-in on the verifier settings.
Please don't get me wrong: not trying to badmouth your project - when it comes to the amount of supported vaccination certificates, it's the most advanced one I've seen so far. I'm just more sensible to this specific subject since I'm implementing vaccination certificate validation into my employer's apps right now and had to deal with those details :)