When these two apps are downloaded on your device, you essentially hand over all of your phone’s data, and give the app’s administrators the ability to read, change, and tweak things
Highlights To Know ●As per their analysis, the two apps, Ehteraz and Hayya gain deep access into a user’s phone and have the ability to track user location as well as browsing history and app activity.
●Ehteraz is essentially a COVID-19 tracking app, whereas Hayya is the official World Cup app that allows users to keep track of their tickets as well as access free Metro in Qatar.
●NRK’s head of security, Øyvind Vasaasen highlights that Ehteraz in particular has several access requirements, including but not limited to reading, changing, or deleting content on the phone
If you’re excited to visit Qatar for the football World Cup, avoid carrying your smartphone with you. This is according to a series of analysis conducted by cybersecurity experts at NRK — the Norwegian broadcasting corporation — for the two apps the Qatar government will force visitors to download on their smartphones.
According to media reports, the COVID-19 app Ehteraz specifically requests access to several mobile rights, including the ability to read, delete, or change all content on the phone, as well as connect to WiFi and Bluetooth, override other apps, and prevent the phone from going into sleep mode.
Ehteraz is a COVID-19 tracking app, whereas Hayya is an official World Cup app that can be used to track match tickets as well as access Qatar’s free Metro.
The Ehteraz app, which all visitors to Qatar over the age of 18 must download, also provides an overview of your exact location, the ability to make direct phone calls, and the ability to disable your screen lock.
The Second App (Hayya app) does not ask for as much, but it does include several important features. Among other things, the app asks for permission to share your personal information with virtually no restrictions. Furthermore, the Hayya app allows you to pinpoint your phone’s precise location, prevent it from entering sleep mode, and view the phone’s network connections.
Vasseen states this is similar to allowing the authorities to get full access to your house — they get a key and they can get in, do whatever they want and chances are you might not even know what really has gone on in the background.
When these two apps are downloaded on your device, you agree to the terms of the contract, which are quite generous. You essentially hand over all of your phone’s data, and give the app’s administrators the ability to read, change, and tweak things. If they have the capability, which is believed they do, will also be able to retrieve information from other apps.
The broadcasting giant also connected with two IT security companies, Bouvet and Mnemonic to have an analysis of their own. They both compared it to the Norwegian COVID-19 app Smittestopp, which during its early stages was quite the privacy scandal, possessing the ability to track every move of a particular user.
NRK has submitted the findings about the security loopholes to FIFA and the organisers say they don’t wish to comment on the matter.