Two fake CoronaCheck apps in circulation pass the QR codes of their users to an external server, the
on Thursday based on its own research.
It is unknown who subsequently has access to the codes and what happens to them.
One of the counterfeit apps allows people who do not have a legitimate QR code to copy someone else's code.
They can then show it in an environment that resembles that of the real CoronaCheck app.
The second app is intended for entrepreneurs.
They can thus pretend that they are performing a check in the CoronaCheck app, while in practice all QR codes produce a green check mark.
Even if, for example, a code has long since expired.
With both apps, the codes are forwarded to a remote server without telling the users.
This can be dangerous because it is unclear who can access this server and what happens to the codes afterwards.
It is unclear how many codes have already been forwarded to a remote server.
It is also not known how often the two apps are used in the Netherlands.
Its use is prohibited.Keywords: