The Qatar government's mandatory apps for those attending Soccer World Cup are a data security and privacy nightmare, security experts have warned.
Fans who will arrive to Qatar for the World Cup, will have to download two apps - Ehteraz, an app aimed to track COVID-19, and Hayya, which will be used to enter games, as well as to gain free access to Qatar's public transportation for ticket holders.
The Ehteraz contact tracking app was criticized by security experts, as it allows remote access to users' pictures and videos, as well as make unprompted phone calls, according to The Register. Moreover, the COVID-19 tracking app requires the location services to be constantly on and gives the app the ability to read and write to the file system.
The Hayya app, which allows ticket holders to enter stadiums and use the public transportation system for free, also raised warnings from experts. Hayya can be used to determine the exact location of the decide, prevent it from going into sleep mode, and can view the phone's network connections, according to NRK (Norwegian Broadcasting Corporation).
NRK's head of security Øyvind Vasaasen has commented regarding the possible privacy violations in the Qatar World Cup saying: "It’s not my job to give travel advice, but personally I would never bring my mobile phone on a visit to Qatar."
"It’s not my job to give travel advice, but personally I would never bring my mobile phone on a visit to Qatar."
Øyvind Vasaasen, NRK's head of security
With roughly 1.5 million fans expected to visit the Gulf state during the World Cup, a potential leak of data could lead to a massive violation of privacy.
French data security authority warns fans going to Qatar
French data protection authority CNIL has recommended fans traveling to the World Cup use a "burner phone", in order to avoid the possible data and privacy violations that the mandatory apps might cause, according to Politico.
“Special care should be taken with photos, videos, or digital works that could place you in difficulty with respect to the legislation of the country visited,” a CNIL spokesperson told Politico.