Sandy B. Garfinkel and Emma M. Lombard of Eckert Seamans Cherin & Mellott, LLC write, in part:
If you are simply carrying a photographic image of your vaccine card in your phone, phones can be, and regularly are, hacked. Or, the owner of the phone may simply have inadequate protection from unauthorized access.
[…]
If you are using an app created explicitly for vaccine card authentication (commonly referred to as “vaccine passports”), you should still proceed with caution. Some “vaccine passport” programs connect to state-maintained databases for vaccine information. These apps have encountered security flaws.
Read more at Bloomberg Law.