The FIFA 2022 World Cup is set to begin in a matter of days, but European cybersecurity experts are urging sports fans traveling to Qatar to think twice before downloading the event’s official event apps. Authorities from Germany, Norway, and France have all recently issued notices about the nation’s ticket and accommodations app, Hayya, as well as its COVID-19 contact tracing app, Ehteraz, citing the highly suspicious levels of personal data access each requires. According to their Google Play Store listings, Hayya is available under the banner of Qatar’s Supreme Committee for Delivery & Legacy, while Ehteraz is owned by the Ministry of Interior.
Both apps—which Qatar reportedly requires for entry into World Cup events—request private information that far oversteps the European nations’ own regulations regarding fundamental human rights and data protections. These permission grants include the ability to amass phone call metadata, which is often used to pinpoint geographic location and other device fingerprints. The apps also prevent users’ phones from entering into Sleep mode, thus preventing the disabling or silencing of messaging and phone calls. Both Hayya and Ehteraz could potentially transmit phone data to a central server instead of letting it remain locally on devices, making that information susceptible to third-party monitoring.
[Related: Egypt’s official COP27 app may be greenwashed spyware.]
“We are alarmed by the extensive access the apps require,” Norway’s Data Protection Authority said in a statement translated from Norwegian provided by Information Security Media Group, a multimedia company focused on information security, risk management, privacy and fraud. The Data Protection Authority also added that, “There is a real possibility that visitors to Qatar, and especially vulnerable groups, will be monitored by the Qatari authorities.”
As a potential workaround, experts suggest World Cup attendees ostensibly bring a blank burner phone solely for downloading Hayya and Ehteraz, so as to limit any private data local authorities could potentially access. Information Security Media Group also advises against connecting visitors’ standard phones to open Wi-Fi networks.
Human rights advocacy groups such as Amnesty International have voiced concerns over FIFA’s 2010 decision to host the World Cup in Qatar for years, citing the its history of migrant labor abuse, intensely discriminatory LGBTQ+ laws, as well as various other autocratic issues. The World Cup takes place between November 20 and December 18.
The post Cybersecurity experts blow the whistle on official apps for World Cup attendees appeared first on Popular Science.
from Popular Science https://ift.tt/wzK8gIH
0 Comments