Experts cite privacy risks from two Qatari apps required for FIFA World Cup visitors

Security chiefs at a Norwegian state-owned media company have announced a pair of apps that people visiting Qatar to attend the upcoming FIFA World Cup will be required to download onto their phones.

Øyvind Vasaasen, head of security at Norsk Rikskringkasting AS (NRK) or NRK, discovered that people visiting Qatar to attend the football World Cup, which was due to start in November instead of May, had to download and install two apps on their devices: Ehteraz and Hayya.

Ehteraz is a Covid-19 tracking app required for anyone over 18. Hayya enables visitors to keep track of football event schedules and access Qatar’s metro system for free. “It’s not my job to give travel advice, but personally I would never bring my mobile phone on a visit to Qatar,” Vasaasen said.

“When you download these two apps, you agree to the terms of the contract, and those terms are very generous. You essentially hand over all the information on your phone. You give the people who control the apps the ability to read and change things and tweak it. They also get the ability to retrieve information from other apps if they have the capacity to do so, and we think they do.”

Vasaasen’s strong opinions are based on the access permissions (listed below) associated with the two apps. Both apps are available on the Apple App Store and Google Play Store.

See more: Meta lists 400 credential-stealing mobile apps that compromised 1 million Facebook users

He is joined by Bruce Schneier, American computer security expert, lecturer at the Harvard Kennedy School and board member of the non-profit organization Electronic Frontier Foundation. “Anyone visiting Qatar for the World Cup must install spyware on their phone,” Schneier wrote.

It is unclear whether downloading Ehteraz and Hayya is mandatory or not. But just the basic app permissions were enough for Tor Erling Bjørstad from the provider of managed detection and response, Mnemonic, Martin Gravak in IT services and consulting company Bouvet, and Naomi Lintvedt, research fellow at the Faculty of Law at the University of Oslo, to express deep concern. Lintvedt told NRK:

“You cannot consent to parts of the use, only everything. If I understand the apps correctly, there will also be limited options to change permissions there. This means that if you want to go to WC, you have no choice. This is a mandatory app with no options.”

Qatar has previously come under scrutiny for its human rights record, including its preparations for this event. The Middle Eastern country, located on the Arabian Peninsula, also has strict rules (although some have been relaxed for the FIFA World Cup), failure to comply can earn violators up to three months in prison and $2,750 (QAR 10,000) ) nice.

Qatari authorities expect modest clothing that covers shoulders and knees, no public smoking or drinking (fair enough), adherence to strict LGBT policies and unmarried heterosexual couples, etc.

“They can cross-reference the information and find out who you meet and talk to. If you’re hunting the opposition, gays or others you don’t like, an app like this will make it much easier for you, says Gravvåk to NRK.

Bjørstad also mentioned that the apps are not that alarming, but added: “They process data, especially related to GPS and position, which has a great potential for abuse. In a way, you have to trust the people who develop or own the apps, and it is not a given that you especially want to trust the authorities in Qatar.”

“I know people who visited Saudi Arabia when that country had a similar terrifying app requirement. Some of them didn’t bother to download the apps and were never asked at the border,” Schneier added.

Let us know if you enjoyed reading this news LinkedIn, Twitteror Facebook. We would love to hear from you!

Image source: Shutterstock

MORE ABOUT PRIVACY