A few days before the start of the World Cup, a new fuss invests the event, already at the center of one massive boycott campaign. Now the official app of the World Cup in Qatar is causing discussion, considered “invasive” and “dangerous” by various European authorities dealing with the processing of personal data.
The app in question is called Hail to Qatar 2022, and is the official Qatari application, heavily sponsored in the emirate, made for fans. Apps that European authorities strongly advise you to do not install.
Hayya to Qatar 2022: World Cup app tracks users
According to BfDi – the German Federal Data Protection Commission – the app stores sensitive data on the smartphone and communicates it to a centralized server in Qatar. It is the same dynamic that had already led to winds of controversy for Ehteraaz, the application created by Qatar itself to track infections during the Covid-19 pandemic. This, mandatory for all visitors to the emirate, obtains sensitive data and communicates them, like Hayya, to the central server.
The German regulator advised against downloading both apps, telling users in Qatar to “download them only if strictly necessary”. Also in this case the BfDi has suggested some precautions: download to a separate, possibly empty phone that does not contain mobile numbers, photos or audio.
At the moment Ehteraz is mandatory for anyone visiting Qatar, so it will also be for fans traveling to the World Cup which starts on Sunday. Hayya is also quite indispensable. This, in addition to containing digital tickets for the matches, provides free access to public transport to and from the Qatar 2022 stadiums.
The Norwegian investigation: violation of all basic safety rules
Norwegian public television NRK has carried out a thorough investigation into the matter, relying on two independent companies, experts in cybersecurity. The result is shocking: both companies agree that both applications have access to data with almost no restrictions. Ehteraz, in particular (which we remember to be mandatory), can “read, delete or modify everything that is present inside the smartphone”.
The app can even autonomously connect to certain Wi-Fi and Bluetooth networks, which is a critical cybersecurity vulnerability. Through connections, often malicious, anyone can enter the device. Finally, the app, again according to the NRK survey, can establish the priority of background applications, preventing the phone from activating “Flight/Do Not Disturb” mode (which would, at least in theory, make the device untraceable).
NRK said it has provided all the documentation to FIFA, which has not released any statements at the moment. However, the Norwegian cybersecurity authority has released an official statement in which, without half measures, it warned that “People who travel to Qatar will be constantly monitored by local authorities.”
Qatar 2022: the world of controversy
Recall that in Qatar le public displays of same-sex affection are punishable by up to 7 years in prison. Last year Nasser Al-Khater, president of the organizing committee of the World Cup, gave a controversial interview to CNN, stating that “public displays of affection between gays are frowned upon and this applies to everyone”. Words that had raised further controversy on an already very obscure world championship.
The Guardian reports that the exploitative working conditions for the construction of the sports facilities would have led to more than 6,500 dead in ten years. Figures that, again according to the English newspaper, are even underestimated. Meanwhile, a few days before kick-off, the Western world is promoting a campaign to boycott the event under the cry of Boycott Qatar 2022.