Security experts and regulators are warning attendees of the World Cup not to download Qatar’s World Cup apps for visitors because of serious privacy concerns.
The latest warning comes from the German Federal Data Protection Authority, which said in a statement Tuesday that the two apps visitors are being asked to download go much further than the app’s privacy notices indicate.
Of the two apps, Ehteraz and Hayya, one collects data on telephone calls, while the other prevents the device on which it is installed from going into sleep mode. The data gathered by the apps does not remain locally on the device but is also transmitted to a central server.
The Norwegian Data Protection Authority went further, describing the Ehteraz app as an “infection tracking app” that can retrieve personal information from users’ phones. The authority notes that they do not know what these apps actually do or what the users’ personal data will be used for.
The German and Norwegian authorities recommend that attendees do not download the apps, or take a second burner phone on which the apps can be installed if they are required by Qatari authorities to install them upon arrival in the country.
Security experts agree with the advice. Darren Guccione, chief executive officer at cybersecurity software company Keeper Security Inc., told SiliconANGLE that “you wouldn’t give a stranger the keys to your house but phone apps can unknowingly harvest detailed, personal information about those who use them.”
“It’s particularly concerning when a nation-state is collecting unauthorized information through an app, or worse yet, remotely accessing a device,” Guccione added. “Users should take extreme caution when downloading any app, and when traveling, utilize a secondary phone instead of their primary one.”
Joseph Carson, chief security scientist and advisory chief information security officer at privileged access management solutions provider Delinea Inc., noted that there is always a major increase in cybercrime targeting unsuspecting fans and followers at events such as the World Cup.
“Many fake, fraudulent websites, apps, or emails that appear official will come loaded with an abundance of scams,” Carson explained. “These scams can result in stealing the victims credentials, passwords, credit card information, infecting their computer or smartphone with malicious software or even ransomware. These can lead the unknowing victim to spread malware to family and friends, losing sensitive data or a major financial impact.”