– It is not my duty to give travel advice, but I personally have not been to Qatar using my mobile phone.
This is what NRK says Security Manager Øyvind Vasaasen After a comprehensive review of WC applications.
Everyone who will travel to Qatar during the FIFA World Cup is required to download two apps called score And the Come on.
In short, Ehteraz is an infection tracking app created after the start of covid-19, while Hayya is an official World Cup app used to keep match tickets in order and access the free metro in Qatar.
In particular, the Ehteraz infection application requests a number of accesses to your mobile phone, such as reading, deleting or changing all the content on the phone, as well as accessing the connection to Wifi and Bluetooth networks, bypassing other applications and preventing the phone from shutting down. to sleep mode.
The Ehteraz app, which everyone over 18 coming to Qatar must download, also requests a number of other access methods such as an overview of your specific location, the ability to make calls directly through your phone and the ability to disable the screen lock.
– You can change the contents of your phone
Hayya app does not require the same amount but also requires a number of accesses. Among other things, the app requests access to share your personal information with almost no restrictions. In addition, the Hayya app provides access to know the exact location of the phone, prevent the device from going into sleep mode, and view the phone’s network connections.
– They can simply change the entire contents of your phone and take free control of the information contained, this is the conclusion reached by the Director of Security at NRK.
As part of the media house’s preparations to host a training course in Qatar, he reviewed the applications.
Vasaasen is absolutely terrified of what the NRK security review has revealed.
– When you download these two apps, you agree to the terms of the contract, and these terms are very generous. You are basically giving away all the information in your phone. You give those who control the apps the ability to read, change things, and adapt. They also have a chance to retrieve information from other apps if they have the ability to do so, and we believe they do.
The head of security explains that it’s basically like the authorities getting free access to your home.
– You say it is perfectly fine for the authorities to enter where you live. They get a key, they can get in. You don’t know what they are doing there. They say they may not take the chance, but you give them the chance. You would never, Vasassen points out.
Comparison of Smitstop
NRK asked Bouvet and Mnemonic, two independent IT security companies, to review the technical aspects of the applications and present their conclusions.
Special Ehteraz app receives criticism, compares to the first Smitestopp application in Norway.
– It was, after all, a privacy scandal. If someone has slightly more evil intentions than the Norwegian Institute of Public Health, you can do a lot of bad things with the information the app collects in the first place, says Martin. gravel hawk In the Bouvet Company.
It shows that the app keeps track of where you go and which cell phones are near you. This way, they can relate information and know who you will meet and talk to.
– If you’re chasing opponents, gays or others that you don’t like, an app like this will make it easier for you, says Gravråk.
The consequences can be dire
Mnemonic also compares Ehteraz to the first version of Smitestopp.
– Tor Erling Bjørstad in Mnemonic tells NRK that the consequences for individuals and groups if data deviates from Ehteraz could be significant.
He’s downloaded apps and analyzed what’s in the app bundles, and he doesn’t think the apps are hair-raising compared to the “normal apps” that most people use.
– At the same time, they process data, in particular associated with GPS and location, which has a high potential for abuse. In a way, you have to trust those who develop or own the apps, and it’s not unreasonable that you particularly wish to trust the authorities in Qatar.
However, his technical analysis did not find any indications that they could actually change things stored locally on mobile, but nevertheless warns that the reason may be that it has not yet been implemented. So it may come in a later update.
– Increases risk
Naomi Lintvedt, a research fellow at the University of Oslo Law School, reviewed the legal aspects of the applications at the request of NRK.
She agrees with the head of security at NRK that there is a lot that is hard to find, and Apps are described as “Very unfair.”
– You can not agree to parts of the use, but to everything. If I understand the apps correctly, there will also be limited options for changing permissions there. This means that if you want to go to the restroom, you have no other choice. This is a forced application, with no options, as you point out.
Lintvedt says frankly that if she were an employer, she would not allow employees to move their work to Qatar.
Even as a private person, she was very skeptical about using her own phone in the World Cup country.
– What are the main criticisms of these applications as you see them?
– HmmToo many years in the data being logged and used. They have very wide access to change and take over functions on your mobile phone, which seem completely unnecessary. It allows for government monitoring, and because it is Qatar, this must also be taken into account. She believes this increases the risk that the data will be used for purposes other than purely infection tracking.
silence from qatar
NRK has provided the findings to FIFA about the intrusive application data collection. They state that they do not wish to comment on the matter.
The Qatar World Cup Committee and the Qatari government have also come under fire from the apps. They also did not respond to NRK’s inquiries.
“Infuriatingly humble internet trailblazer. Twitter buff. Beer nerd. Bacon scholar. Coffee practitioner.”