Several versions of TousAntiCovid Verif: why do they show more info on your QR Code?

The sanitary pass verification application now has two specific control modes, TAC Verif Plus and TAC Verif OT. Intended for healthcare and transport professionals, they show more information than the general public version.

It is a gesture that has become daily for many French people. Each time you enter a restaurant or to use certain transport such as TGV and planes, the same request: ” Health pass please “. But not all controllers use the same mode of the official TousAntiCovid Verif application depending on the situation. Two new modes were implemented in the verification application during the summer, TAC Verif Plus and TAC Verif transport operators.

This information is in the QR codes, from the beginning

The basic TAC Verif service, accessible to any individual on Android and IOS, confirms the validity of the scanned health pass. But without displaying more details than the name, first name and date of birth of its owner. This is the mode, among other things, used in restaurants, bars or even places of leisure and culture such as cinemas.

Contrary to what is still requested in the tutorial of the application, restaurant owners and employees of places of recreation do not have the legal right to require an identity document to verify this information – only the forces of order have the right.

What happens when you scan a pass with TAC VERIF (here, it is fraudulent, but no sensitive information appears)

Except that the QR code of a health pass contains a lot more information than that. The pattern contains

  • the first and last name of the subject,
  • his date of birth,
  • the number of doses injected compared to the vaccination schedule,
  • the date of the bite,
  • the targeted disease,
  • the vaccine used,
  • the manufacturer of the medical product,
  • the issuer of the certificate,
  • the Member State of the European Union in which the vaccination took place.

This sensitive data is accessible from the QR code, without any restriction. Open source players like Sanipasse have been used to decipher health passes very simply, for a long time.

It is therefore important to remember that, from the start, the information on health passes is not really protected, but freely accessible to anyone from the moment your QR code is readable.

The basic verification mode, however, reduced the accessibility of your data, by showing only part of it to most control actors. The two new modes put in place are more talkative. They use the same app, and are unlocked by scanning specific QR codes that reveal additional options.

TAC Verif OT for transport gives access to everything

The TAC Verif transport operators, or OT, mode is ” available to all actors in charge of border control, airlines, shipping companies, land and associated operators and provided for in the decree of June 1 (2021, editor’s note) on the Health Pass », Explains the General Directorate of Health in Cyberguerre. Still according to the DGS, the mode has been in place since June 2, 2021.

Depending on the information provided to Cyberguerre, the companies concerned such as the airlines must send a form to the General Directorate of Civil Aviation (DGAC) or to the General Directorate of Infrastructures, Transport and the Sea (DGITM). These departments are responsible for asking IN groupe, the company that develops health pass applications and TAC Verif, the QR code that unlocks the specific mode.

A complex process which gives access to ” all the information contained in the QR-code “, Already mentioned earlier in the article, as well as a” counter since the injection or withdrawal to allow the operator to apply the rules according to the country of departure and the country of arrival “, Always according to the DGS. Many countries ask to verify information in addition to the simple possession of a health pass. Since November 10, 2021 and an update of the application, this mode checks the validity directly according to the country of arrival or departure selected.

An overview of the TAC Verif OT interface // Source: Screen capture obtained by Numerama

TAC Verif Plus, a mode for healthcare professionals

The second mode, TAC Verif Plus, concerns healthcare professionals. More precisely the ” doctor, pharmacist, nurse, dental surgeon, midwife and physiotherapist because they are the ones who are authorized to screen “, According to the DGS. a site allows the caregivers concerned to directly access the QR code that unlocks this version, using their health professional card number.

Source: Cyberwar screenshot

To determine whether the test is free or not

According to the authorities, the mode was implemented from October 12, 2021 in anticipation of the end of free Covid-19 screening tests, which were systematically covered by health insurance until October 15, 2021. It is also used to check the vaccination obligation which concerns caregivers.

For this, the application displays ” all the information contained in the QR Code, and provided for by decree, in the same way as the transport operator mode “, Once again according to the DGS. Very concretely, ” the headteacher (health, editor’s note) can flash proof of vaccination and display all info to ensure cycle is complete + 7 days ». For the justification of the free testing, ” the person presents their completed vaccination cycle to the health professional and therefore their test is taken care of, same as they present a recent positive certificate which means that their PCR is taken care of ».

To sum up, yes, these versions accessible to professionals show more information than the basic version of the TAC Verif application. A device that certainly simplifies the verification work of the professionals concerned. But such a control of the accessibility of these versions seems relatively futile, insofar as all this information contained in the QR codes can in any case be read from open source readers.

Leave a Comment