Amnesty slams Qatar tracing app for exposing data of a million users

People wearing protective masks queue for services in Qatar’s capital Doha as the country begins enforcing the world’s toughest penalties for failing to wear masks in public while it battles one of the world’s highest coronavirus infection rates. (File/AFP)
Short Url
Updated 27 May 2020

Amnesty slams Qatar tracing app for exposing data of a million users

  • Glitch made users’ ID numbers, location, infection status vulnerable to hackers
  • More than 47,000 of Qatar’s 2.75 million people have tested positive for

DOHA: A security flaw in Qatar’s controversial mandatory coronavirus contact tracing app exposed sensitive information of more than one million users, rights group Amnesty International warned Tuesday.
The glitch, which was fixed on Friday after being flagged by Amnesty a day earlier, made users’ ID numbers, location and infection status vulnerable to hackers.
Privacy concerns over the app, which became mandatory for residents and citizens on pain of prison from Friday, had already prompted a rare backlash and forced officials to offer reassurance and concessions.
Users and experts had criticized the array of permissions required to install the app including access to files on Android devices, as well as allowing the software to make unprompted phone calls.
Despite insisting the unprecedented access was necessary for the system to work, officials said they would address privacy concerns and issued reworked software over the weekend.
“Amnesty International’s Security Lab was able to access sensitive information, including people’s name, health status and the GPS coordinates of a user’s designated confinement location, as the central server did not have security measures in place to protect this data,” the rights group said in a statement.
“While Amnesty International recognizes the efforts and actions taken by the government of Qatar to contain the spread of the COVID-19 pandemic and the measures introduced to date, such as access to free health care, all measures must be in line with human rights standards.”
More than 47,000 of Qatar’s 2.75 million people have tested positive for the respiratory disease — 1.7 percent of the population — and 28 people have died.
Like other countries, Qatar has turned to mobiles to trace people’s movements and track who they come into contact with, allowing officials to monitor coronavirus infections and flag possible contagion.
“The Ehteraz app’s user privacy and platform security are of the utmost importance,” Qatar’s health ministry said in a statement on Tuesday.
“A comprehensive update of the app was rolled out on Sunday May 24 with expanded security and privacy features for all users.”
But Etheraz, which means “Precaution,” continues to allow real-time location tracking of users by authorities at any time, Amnesty said.
“It was a huge security weakness and a fundamental flaw in Qatar’s contact tracing app that malicious attackers could have easily exploited,” said Claudio Guarnieri, head of the group’s security lab.
“The Qatari authorities must reverse the decision to make use of the app mandatory,” he said.


Iran’s coronavirus death toll rises above 25,000

Updated 38 min 7 sec ago

Iran’s coronavirus death toll rises above 25,000

  • 3,521 new cases were identified in the last 24 hours in Iran

DUBAI: Iran’s death toll from the novel coronavirus rose by 175 to 25,015 on Thursday, the highest in the Middle East, with the total number of identified cases spiking to 436,319 in the country, according to health ministry. Health Ministry spokeswoman Sima Sadat Lari told state TV that 3,521 new cases were identified in the last 24 hours in Iran.