The FIFA World Cup Qatar 2022™ kicks off today, and if you’re attending in person… well, you have my sympathy.
All visitors over the age of 18 entering Qatar are required to download an app called Ehteraz – billed as a Covid tracking and contact tracing tool. But hidden behind that innocuous mask are some frightening details. Ehteraz also has the ability to;
- Read, delete or change anything on your phone.
- Override all other apps.
- Connect to WiFi and Bluetooth without your permission.
- Determine your exact location.
- Make direct calls via your phone.
- Disable your screen lock.
- Prevent your phone from going into sleep mode.
That ability to block and erase other apps also gives Ehteraz ability to stop you using a VPN to get around the country’s heavily-filtered internet.
The leading for one-star rating for Ehteraz on GooglePlay says it all:
…The amount of permission controls required just to allow the app to run makes my device a vulnerability to hacks. There is really no reason for bluetooth to always be on when location information is allowed. It should not have the permission to modify my contents on my phone. Also why does it need to make calls on my phone? …
https://play.google.com/store/apps/details?id=com.moi.covid19
You’ll also be asked to download an app called Hayya. Ostensibly an official World Cup app to keep track of match tickets and allow access Qatar’s free Metro in Qatar, it also has a few hidden features;
- The ability to share your personal information with almost no restrictions.
- Prevent the device from going into sleep mode.
- View the phone’s network connections.
- Tracks where you go.
- Locates mobile phones nearby, effectively tracking out who you are meeting and talking to.
Øyvind Vasaasen, head of security at NRK, Norway’s state-owned broadcasting company, said, “It’s not my job to give travel advice, but personally I would never bring my mobile phone on a visit to Qatar.”
When you download these two apps, you accept the terms stated in the contract, and those terms are very generous. You essentially hand over all the information in your phone. You give the people who control the apps the ability to read and change things, and tweak it. They also get the opportunity to retrieve information from other apps if they have the capacity to do so, and we believe they do.
You’re saying that it is perfectly fine for the authorities to enter your home. They get a key, and they can get in. You don’t know what they’re doing there. They say they might not make use of the chance, but you’re giving them the opportunity.
https://www.nrk.no/sport/everyone-going-to-the-world-cup-must-have-this-app—experts-are-now-sounding-the-alarm-1.16139267
Sports website SB Nation noted:
Use online banking? A foreign government now has your banking details. Check work email on your phone? Corporate correspondence is now in Qatar’s possession. Did you take a photo from Pride, or ever use a rainbow flag avatar on Facebook? Homosexuality is illegal in Qatar, and officials have your location. Ever receive a nude from your significant other? You just imported pornography into the country — which is also a crime.
https://www.sbnation.com/soccer/2022/10/26/23424551/qatar-mandatory-covid-app-world-cup-tracking-personal-data
NRK submitted their findings about the apps’ security holes to FIFA. FIFA said that they didn’t want to comment on the matter.