Updated 2022-11-22: Clarification Regarding the Use of the “Ehteraz App” During the FIFA World Cup in Qatar
The Ehteraz app is not required for FIFA fans to enter the country. Also, the app’s permissions apply to Android, but not to iOS, which requests Bluetooth & cellular data use and background app refresh permissions.
Updated on 2022-11-18: Qatar WC app warning
Officials for the Dutch, German, French, and Norwegian governments have warned against installing Qatar’s World Cup apps Ehteraz and Hayya, citing several privacy and security concerns. German officials specifically recommend that in cases where the use of any of the apps is necessary, that users install the apps on a separate phone that does not store any of their personal data and then wiping the device after use during the World Cup events.
Overview: Data Protection Agencies: If You’re Going to Qatar for the World Cup, Take a Burner Phone
Visitors to Qatar are required to download two apps to their smartphones: a COVID-tracking app called Ehteraz, and the official World Cup app, Hayya. Ehteraz has received scrutiny over its ability to allow remote access to users’ photos and videos, the ability to read and write to a device’s file system, and requiring location services to be always on.
Note
- Burner phones are a good idea whenever you are traveling, in particular if you are traveling abroad and are required to install special tracking applications. Post Covid, these tracking applications have become quite common.
- Many organizations had such policies for executive travel to China, Russia and other countries – add Qatar to the list. Maybe in the US we will soon require visitors to download apps featuring Beyonce or Taylor Swift…
- Over-permissioned apps are a threat. The Ehteraz app asks users to allow remote access to pictures and videos, make unprompted calls, and read or modify device data while the Hayya app asks for full network access and unrestricted access to personal data. It also prevents the device from going into sleep mode and views the phone’s network connections. Both need location data to operate, which is expected. This is an excellent time to take a loaner/burner device which has _MINIMAL_ data. Also at the event are 15,000 surveillance cameras with facial recognition capabilities, ostensibly to keep people safe. Given that Qatar has a lousy reputation when it comes to human rights, this may be a good time to pass on visiting.
- The apps make this problem obvious and burners an appropriate mitigation. However, the risk of international travel with information is not limited to a few countries or a particular technology. For government officials, journalists, activists, and even some business people, it is a more fundamental problem. In a world of fast and ubiquitous connectivity and efficient cryptography, consider leaving the data behind. consider disposable hardware in general, not just phones.
Read more in