The code behind the NHS COVID Pass Verifier App
Two of the team behind the development of the NHS COVID Pass; Michael Measures, Technical Director and Philippa-Rose Hodgson, Product Director, introduce the code behind the new NHS COVID Pass Verifier App, which NHSX has just open sourced under a permissive MIT free software license.
What is the purpose of the Verifier App?
The official NHS COVID Pass Verifier app is a secure way to verify an individual’s NHS COVID Pass and check that they have been fully vaccinated against COVID-19, had a negative test, or have recovered from COVID-19.
A user can use the app to scan and verify an individual’s NHS COVID Pass to support international travel and entry into foreign countries, or domestically in England for entry into large-scale venues and events.
The app can be used to scan and verify one or more 2D barcodes that adhere to the EU Digital Covid Certificate and read the display the data held within an individual’s NHS COVID Pass. It does not store or transmit any personal data during this process.
How can I find out more about the NHS COVID Pass?
Find out more about demonstrating your COVID-19 status.
How can I find out more about the Event Research Programme?
Find out more about the Events Research Programme.
How can I find out more about the NHS Verifier app?
What about the Verifier app design?
As outlined above the COVID Pass Verifier app has been designed to scan 2D Barcodes in line with the EU Digital Covid Certificate standard (formally known as previously known as the EU Digital Green Certificates). There is a rich online set of developer resources available including:
What is meant by "Open Source"?
The term "open source" refers to something people can modify and share because its design is publicly accessible.
All code is made available as Free and Open Source Software.
It is released under the permissive MIT License - this allows you to copy and distribute the code for your own use.
Where is the repository located?
There is one main repository for the app on GitHub. From this repository, the app can be built for both android and iOS devices.
What information is recorded in the app?
The app scans and verifies the 2D barcode within an individual’s NHS COVID Pass. It does not store personal data, and at no point during the scanning process is personal or health data, held by, shared by or retained on the scanning device.
We will be using Azure App Insights to collect GDPR compliant metric data. This is designed to provide greater insight into the live operations of the app and allow us to understand how it is being used. Using this data can make useful observations such as error frequencies, request frequencies, service usage and oversight of the general activity. All metrics that are collated are completely anonymised and independent of actual user data, such as test or vaccine results.
How is this aligned to international standards?
After a full review, we chose to develop and build the Verifier app against EU standards. These were considered and selected as they meet both the needs of UK citizens but also bring benefits in international collaboration to facilitate travel. We are also monitoring other international standards as they develop, and will look to iterate the app to align with international standards as they become confirmed.
How can I use analytics?
A self-built app will be able to scan and verify 2D barcodes. However the keys required to successfully submit non personal analytical data have been removed.
How do I give feedback?
We welcome technical feedback from developers and security researchers. Participation in the code development is via GitHub.
We have a Code of Conduct for participants in order to create a safe and welcoming environment for all.
Bug reports and performance improvement suggestions can be made by opening an issue on GitHub. We will review Pull Requests on a case-by-case basis.
Who worked on this?
A wide range of people across the COVID Pass programme worked on the Verifier App. We would like to thank all those involved who generously gave their time and expertise to the development of the app. The power of open source comes from our ability to collaborate with talented people.
Make things open; it makes things better.