Security experts and regulators are warning attendees of the World Cup not to download Qatar’s World Cup apps for visitors due to serious privacy concerns.
The latest warning comes from the German Federal Data Protection Authority, which said in a statement that the two apps visitors are being asked to download go much further than the app’s privacy notices indicate.
Of the two apps – Ehteraz and Hayya, one collects data on telephone calls, while the other prevents the device on which it is installed from going into sleep mode. The data gathered by the apps does not remain locally on the device but is also transmitted to a central server.
The Norwegian Data Protection Authority went further, describing the Ehteraz app as an “infection tracking app” that can retrieve personal information from users’ phones. The authority notes that they do not know what these apps actually do or what the users’ personal data will be used for.
The German and Norwegian authorities recommend that attendees do not download the apps, or take a second burner phone that the apps can be installed if they are required by Qatari authorities to install the apps upon arrival in the country.
Security experts agree with the advice, with Darren Guccione, chief executive officer and co-founder at cybersecurity software company Keeper Security Inc. telling SiliconANGLE that “you wouldn’t give a stranger the keys to your house but phone apps can unknowingly harvest detailed, personal information about those who use them.”
“It’s particularly concerning when a nation-state is collecting unauthorized information through an app, or worse yet, remotely accessing a device,” Guccione explained. “Users should take extreme caution when downloading any app, and when traveling, utilize a secondary phone instead of their primary one.”
Joseph Carson, chief security scientist and advisory chief information security officer at privileged access management solutions provider Delinea Inc. noted that there is always a major increase in cybercrime targeting unsuspecting fans and followers at events like the World Cup.
“Many fake, fraudulent websites, apps, or emails that appear official will come loaded with an abundance of scams,” Carson explained. “These scams can result in stealing the victims credentials, passwords, credit card information, infecting their computer or smartphone with malicious software or even ransomware. These can lead the unknowing victim to spread malware to family and friends, losing sensitive data or a major financial impact.”
Image: FIFA World Cup Qatar 2022
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.