The ELCARD wallet application never reads any private information stored on the mobile device. Moreover, it does not use any sensor data except from the camera.
Permission to access the user’s camera is only needed to scan bar codes in two different situations:
- During registration, the bar code contains the address of the ELCARD server and a string that identifies this registration in progress (it does not contain any personal information about the user). The ELCARD wallet will remember the server address but not the registration identifier.
- During offline authentication (when using the ELCARD wallet app without internet access), the bar code contains a “challenge”, i.e., a 6-digit value that allows computing a one-time password. This value is not stored afterwards.
No other image seen by the camera is handled or stored by ELCARD wallet.