Last week, several news outlets reported that Qatar’s World Cup apps pose serious privacy and security risks. Visitors to Qatar are required to download two apps: Ehteraz, a COVID-19 tracking application, and Hayya, which allows fans entry into the football stadiums and access to transportation services.
In particular, Ehteraz can read and write to a phone’s file system, allow remote access to users’ pictures and videos, and requires location services to be turned on.
Qatari authorities can use this unchecked access to visitors’ phones to track their every movement and phone and social media contacts as well as call history, even after people leave the country.
In an interview with The Register, data security expert Tom Hansen explained that:
“After accepting the terms of these apps, moderators will have complete control of users’ devices. . . All personal content, the ability to edit it, share it, extract it as well as data from other apps on your device is in their hands. Moderators will even have the power to unlock users’ devices remotely.”
Data authorities across Germany, France, and Norway were quick to voice grave concern and warned European football fans to use a burner phone and avoid downloading the invasive apps if possible.
The UK’s ICO (Information Commissioner’s Office), however, has not released official guidance and told reporters that its office is “aware of the reports” and considering “the potential impact.”
In a World Cup marred by scandals around FIFA’s corruption and the abhorrent human rights record of the