The Qatar football match requires people over the age of 18 to download two apps on their phones: one is the Ehteras app, which is a Covid tracker, and the other is Haya, the event’s official app. You can track tickets and it’s free. Entitles you to use the subway. Norwegian public media continuously What these apps do on your phone, and find trouble, at least: According to security researchers who reviewed privacy policies, downloading these apps is tantamount to voluntarily handing over your house keys to Qatari authorities.
Ehteraz has almost complete control over the phone: it requests access to read, delete, or change all content on the phone, as well as connect to Wi-Fi and Bluetooth, override other apps, and prevent the phone from roaming. sleep If that’s not enough, the app also gives you access to many functions on the device, such as viewing your exact location, making calls directly from the phone, and preventing the screen from locking.
Haya is a little more gentle than this, but it allows you to share a person’s personal information without any restrictions, and it also has access to the phone’s exact location. It can also prevent the phone from being put into sleep mode, and it can also view the device’s network connections.
“When someone downloads these two apps, they accept the terms of the contract, which are very permissive. A person is essentially handing over all the information on their phone. This allows the people who control the apps to read and change things on the phone. If these people have the ability, they can get information from other apps. The option is also given. We think that’s it,” said Yvind Vasasen, head of security at NRK.
NRK also asked two independent IT companies to review the applications and give their opinion. Ehteraz also received a bad rating from them, according to Bouvet expert Martin Gravåk, who can do a lot of damage with the information the app can collect: the app tracks, for example, where the phone’s owner goes, and can also detect nearby mobile phones. That way
Information can be easily linked, and with data, anyone can know who is meeting and talking to whom.
Another expert, Mnemonic’s Tor Erling Bjørstad, downloaded the apps and analyzed what he found in the app bundles, and based on that, he didn’t think they were any more dangerous than other commonly used apps. “At the same time, the data being processed, especially related to GPS and location, has a high chance of abuse. In a sense, one has to trust the developers or the owners of the applications, and of course no one wants to trust the Qatari authorities in particular,” he said.
The expert’s technical analysis shows no indication that what is stored locally on the device can actually be changed, but warns that one reason for this is that the technology has not yet been implemented. Legally, apps can do anything on the phone, but technically they can’t do anything else.
According to an analyst interviewed by NRK and who works at the University of Oslo’s Faculty of Law, there are many problems with the applications, and he describes them as “very intrusive”. A person can’t agree to choose which parts of the user agreement they accept, he said, and they have to tick all of them to use the apps. Changing permissions on apps is also limited. The attorney will not allow anyone to bring a work phone to the vet.
NRK submitted a report to FIFA regarding app security holes, and the organization said it would not comment on the matter.