Experts cite privacy risks of two Qatari apps required for FIFA World Cup visitors


Security officials at a Norwegian government-owned media company have issued an alert about a few apps that people visiting Qatar to watch the upcoming FIFA World Cup will be forced to download to their phones.

Øyvind Vasaasen, head of security at Norsk Rikskringkasting AS (NRK) or the Norwegian Broadcasting Corporation, found that people traveling to Qatar to watch the FIFA World Cup, which would start in November instead of May, should download and install two applications on their devices: Ehteraz and Hayya.

Ehteraz is a required Covid-19 tracking app for anyone over the age of 18. Hayya allows visitors to follow the schedule of the football event and free access to the Qatar metro network. “It’s not my job to give travel advice, but personally I would never bring my mobile phone when visiting Qatar,” Vasaasen said.

“When you download these two apps, you agree to the terms set out in the contract, and those terms are very generous. You’re essentially handing over all the information on your phone. You’re giving people who control the apps the ability to read and They also have the ability to retrieve information from other apps if they have the ability, and we believe they do.

Vasaasen’s strong opinions are based on the access permissions (listed below) associated with both apps. Both apps are available on the Apple App Store and Google Play Store.

Permissions

apps

Ehteraz

Hayya
Read or edit (delete/edit) all content on the device Yes

NOT

Share personal information without restriction

NOT Yes
Access to connect to WiFi Yes

NOT

Access to connect to Bluetooth

Yes NOT
Full network access NOT

Yes

Replace other apps

Yes NOT
Prevent the device from entering sleep mode or shutting down Yes

Yes

Overview of the exact location of the device

Yes Yes
Make direct calls from the phone Yes

NOT

Disable phone screen lock

Yes NOT

GPS access

Yes Yes
Force restart the device Yes

NOT

Control vibration Yes

Yes

Learn more: Meta lists 400 credential-stealing mobile apps that compromised 1 million Facebook users

He is joined by Bruce Schneier, an American computer security professional, lecturer at the Harvard Kennedy School and member of the board of directors of the non-profit Electronic Frontier Foundation. “Anyone visiting Qatar for the World Cup should install spyware on their phone,” Schneier said. wrote.

It is unclear whether downloading Ehteraz and Hayya is mandatory or not. However, only basic app permissions were sufficient for Tor Erling Bjørstad of managed detection and response provider Mnemonic, Martin Gravåk of IT services and consulting firm Bouvet, and law school researcher Naomi Lintvedt. from the University of Oslo, to express deep concern. Lintvedt told NRK:

“You can’t consent to some parts of the use, just everything. As I understand the apps, there will also be limited options to change permissions. This means that if you want to go to the bathroom, you won’t you have no choice. This is a mandatory application with no options.

Qatar has already come under scrutiny for its human rights record, including the build-up to this event. The Middle Eastern country, located in the Arabian Peninsula, also has strict regulations (although some have been relaxed for the FIFA World Cup), failure to comply with these can net offenders up to three months in prison and $2,750 (QAR 10,000) fine.

Qatari authorities expect modest clothing that covers the shoulders and knees, no smoking or drinking in public (fair enough), adherence to strict LGBT policies and unmarried heterosexual couples, and more.

“They can cross-reference information and find out who you meet and who you talk to. If you hunt the opposition, gays or other people you don’t like, an app like this will make it easier for you,” Gravåk told NRK.

Bjørstad also mentioned that the apps are not that alarming, but added: “They process data, especially related to GPS and location, which has a high potential for abuse. In a way, you have to trust the people who develop or own the apps, and it’s not certain that you particularly want to trust the authorities in Qatar.

“I know people who visited Saudi Arabia when that country had an equally sketchy application requirement. Some of them just didn’t bother to download the apps and were never asked about it at the border,” Schneier added.

Let us know if you enjoyed reading this news on LinkedIn, TwitterWhere Facebook. We would like to hear from you!

Image source: Shutterstock

LEARN MORE ABOUT PRIVACY

Previous Co-ops Provide Update on Fiber Expansion in Eastern Watauga County
Next Global Cybersecurity Market Size Expected to Reach USD