Private proof-of-vaccination app Portpass continues to expose the personal credentials of users despite the company’s earlier assurances regarding data security. According to the report, personal information belonging to more than 17,000 users has been leveraged including passports data, driver's licenses, and financial information, etc. The user's profile on the app's website could be easily accessed by anyone publicly.
In late September, the Calgary-based smartphone app was taken offline for a short period after CBC News disclosed that users' information was being leveraged and anyone could have accessed the user's personal data.
After the incident, the app was relaunched in October and the Portpass website gave assurance to users that it will look after their private information and give full protection to their "health privacy and data security at the highest level" and that their "data and information is kept secure at all times." However, data security threats have still been constantly reported by software experts.
The Calgary-based app, asks its users to upload personal credentials on the app so it could be an aid in a proof-of-vaccination system for people who want to access restaurants, concerts, and other events that made it mandatory for attendees to be vaccinated against COVID-19.
Before September, the Portpass was excessively used by people; alongside, Calgary promoted its app as the "preferred and fastest" method for fans attending games at the Saddledome to show their vaccination status, however, they removed that description after the security flaws were reported.
In an interview, Portpass CEO Zak Hussein said, "I was unaware of that, that's crazy. At that point, I am considering pulling the plug on Portpass, especially considering Alberta and Ontario have since launched their own apps…”
"…Maybe we need to just take down this app because there's just all this going on and it's not worth it, I mean, I haven't even made a dollar on this”.
“I need to talk to the software developer about the next steps. I'm just going to tell them to turn off the app." He further added.
Reportedly, Hussein did not take the app down, instead updated the software on Wednesday with a note reading "Improved security of the app."