Qatar 2022 World Cup Apps – Analysis by F-Secure Labs
The Qatar 2022 World Cup apps are no stranger to controversy. Much like the Qatar 2022 World Cup itself. While most of us are watching the games from home, many travelers from all across the world are heading to Qatar to experience the event in the flesh. In this blog post we are going to focus on the privacy issues with the Qatar 2022 apps, Ehteraz and Hayya to Qatar 2022. And we’ll also give you some security tips for mitigating some of the risks if you are travelling to Qatar.
The Qatar 2022 apps for World Cup tourists
The first of the two apps in question is Ehteraz contact tracing app used for verifying health information upon entering Qatar. The app is required to be shown when entering health care facilities. To use this app, users are requested to provide sensitive information, such as passport details, phone number, etc.
According to analysis run by F-Secure Labs, the Ehteraz app constantly tracks users by using geolocation and Bluetooth. The app also prompts to make phone calls. These shouldn’t come as big surprise to users, as the app asks for permissions to do so. This is also expected, as most contact tracing apps require these functionalities. However, it does not absolve the app.
Privacy risks, but not spyware
While F-Secure Labs detected no malicious functionality, the Ehteraz app is quite privileged with its permissions. As the app collects personal data, there are always privacy risks. In addition, the app transfers the collected data to an external server. It is impossible to say how the data is being processed or protected after being transferred to the server.
So, while the app indeed has potential privacy issues, nothing proves that the app really is malicious. Neither does anything indicate that the app is spyware, as it has been labeled in some publications. While spyware collects information without your consent and knowledge, Ehteraz app informs you what it collects.
Unclear how the data is processed
Much of the same also applies to the Hayya to Qatar 2022, the official Qatar 2022 World Cup app. F-Secure Labs found no indication of malicious activity, such as stealing credentials. But it has the same potential privacy issues with collecting and transferring data.
With both of the apps, much of the controversy is based on the fact that there’s no way of knowing how the collected data is used. This is even more problematic, as Qatar doesn’t have the reputation of being the most liberal of nations when it comes to human rights and internet privacy.
Because of the potential risks the app pose, some countries have issued warnings based on the Qatar 2022 World Cup apps. For example, the Norwegian data protection regulator issued that “There is a real possibility that visitors to Qatar, and especially vulnerable groups, will be monitored by the Qatari authorities.”
How to mitigate privacy risks when travelling
It can be difficult to avoid downloading the Qatar 2022 World Cup apps. However, you can take some steps to mitigate the risks. After all, taking care of your own privacy is important. Whether you expect trouble or not.
1. Download the Qatar 2022 World Cup apps only when needed
To be fair, as most apps collect some data, it’s good for your privacy to download any apps only if and when needed. This applies to the World Cup apps as well. This limits the time they can collect data about you. Also, just like any app, delete the apps once you don’t need them anymore.
2. Use a blank phone and laptop
If possible, don’t take your own phone with you. Instead, use a blank device. If you can’t do that, backup your phone and then delete all the files, photos, etc. Only after should you install the apps. This applies to laptops as well. It’s also good to always have your devices with you, and not store them in secure lockers or hotel rooms. as they can be opened with a master key or pin code.
3. Avoid public WiFi
Anyone can set up a public WiFi hotspot. They can also name it conveniently to something like “Free Airport WiFi” or “Hotel Guest” and such. The owner of this hotspot could monitor your network traffic.
4. Use VPN
VPN is a crucial travel partner. With its encryption and data tunnel, you can use any WiFi safely. You can also better access media from your home country when changing your virtual location. Some countries restrict access to internet and content you’d have no problems connecting to at home.
Travel safe with F-Secure TOTAL
1.5 million visitors are expected to arrive to Qatar to enjoy the World Cup. This will surely attract all kinds of scams, phishing, and cyber criminals, also before you ever arrive to Qatar. It’s better if you are prepared. Before you travel, we strongly recommend you install the newest system updates and protect all your devices with complete protection. You can start a free F-Secure TOTAL full online protection 30-day trial, with no credit card required. Surely, this will be enough to secure your whole trip. Travel safe!
Categories
