Same vaccine cert can be accessed in different phones simultaneously, says Lee

Same vaccine cert can be accessed in different phones simultaneously, says Lee

The former deputy health minister says this anomaly can be abused by people to enjoy benefits given only to those who are fully vaccinated.

The same digital certificate of a person being displayed on two different phones.
PETALING JAYA:
The government should close a loophole in the MySejahtera app which allows people to log in to other people’s accounts on their phones, said former deputy health minister Dr Lee Boon Chye.

A check by FMT found that digital certificates can be displayed on other people’s phones upon logging in with the account of a fully vaccinated person. This will allow those who are unvaccinated to pass off as being fully vaccinated.

Digital certificates are issued to those who have received the requisite number of doses of the Covid-19 vaccine.

The discovery of this loophole comes soon after the government loosened certain restrictions for the fully vaccinated under the various phases of the national recovery plan, such as being able to dine-in and participate in economic activities in 11 different sectors.

Dr Lee Boon Chye.

“I think the government should look into this bug and rectify it so that people will not be able to get away with it easily,” Lee told FMT.

“This may not be much of a problem in the Klang Valley as most adults there are already vaccinated, but if the unvaccinated want to do this and move around, that is a risk they have to take — and they should be responsible for their own actions,” he said.

Among other SOPs eased for the fully vaccinated are allowing them to travel more than 10km within their districts, according to the sitting capacity of their vehicle as opposed to the previous two-person rule.

Earlier this month, the government allowed married couples, forced to live apart in different states or districts because of work or other commitments, to visit one another. It also allowed parents to visit their children who are below the age of 18.

The fully vaccinated are also now allowed to pray at mosques, suraus and non-Muslim houses of worship.

A person is considered to be fully vaccinated two weeks after receiving the second dose of the Pfizer-BioNTech, AstraZeneca and Sinovac Covid-19 vaccine, or 28 days after receiving the single-dose vaccines such as Johnson & Johnson and CanSino.

Stressing that there has to be a “simpler way” for people to move around, Lee doubted whether making it mandatory for premises to double-check the digital certificate on MySejahtera with a person’s MyKad was the way forward.

“I don’t know if using the identity cards to verify will be useful as enforcement will become cumbersome. If you need to check their MyKad or other forms of identity, it becomes very complicated,” he noted.

Lee also advised people to guard their MySejahtera login details, noting that people were effectively “stealing your identity” the moment they logged in to the app with another person’s account.

“If you are registered with MySejahtera, you have your identity and it’s your responsibility to make sure it’s not stolen,” said the Gopeng MP.

FMT has reached out to the science, technology and innovation ministry (Mosti) for comment.

Stay current - Follow FMT on WhatsApp, Google news and Telegram

Subscribe to our newsletter and get news delivered to your mailbox.