European privacy experts have warned fans travelling to the FIFA World Cup in Qatar that their personal data could be at risk through the download of two mobile applications known as the official World Cup app “Hayya” and the Covid-tracking app “Ehteraz”.
Sources are reporting that both applications will be required by fans either entering the stadiums or if medical attention is required whilst in the country.
Since Qatar was announced as host for the competition there has been substantial controversy surrounding the tournament, which kicked off on Sunday, November 20.
The factors of note include human rights issues, the environmental impact of hosting the tournament, alleged corruption within FIFA, a supposedly weak Qatari soccer culture and strict laws against same-sex relationships.
Now, experts have warned that applications developed for the event, Hayaa and Ehteraz, are a form of spyware which pose privacy and security concerns as they could provide the Qatari authorities access to user’s data as well as the power to read, delete or change content and make direct calls.
Additionally, Neil Jones, director of cybersecurity evangelism at Egnyte, argued that the data collected by the applications could also be a treasure trove for would-be cyber-criminals.
“If you plan to travel to the event, I will strongly recommend the purchase of a burner phone, if the privacy-limiting capabilities cannot be disabled,” Jones remarked.
Other European regulators also have misgivings about the Qatari applications. The German foreign ministry, the federal office for information security and the commissioner for data protection and freedom of information are analysing both applications, a spokesperson for the commissioner told POLITICO.
The two applications of note will be required by fans to access the stadiums (Hayaa) and if visiting healthcare facilities (Ehteraz) so they may be partly unavoidable.
Consequently, the general advice is to use either a device that has been factory reset, or a new phone, both of which can be disposed of or reset on leaving the country.
It is also strongly advised to only allow the absolute minimum permissions on all applications, such as location settings and disabling permissions to make calls on behalf of the user in applications.
Reporting
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).