Researchers find security flaws in Qatar's mandatory contact tracing app
As part of a survey of the human rights compliance of contact tracing apps Amnesty International's Security Lab discovered that security vulnerabilities in Qatar's mandatory contact tracing app, EHTERAZ, would have allowed attackers to access the personal information, including name, national ID, health status, and location data, of the app's more than 1 million users because the central server did not have security measures in place to protect the data. The authorities fixed the problem within 24 hours of being notified. People who fail to download the app could face up to three years in prison and a fine of QR200,00 ($55,000). The Qatari app generates a colored QR code that incorporates users' personal information; Amnesty found that as no authentication was required anyone could request a QR code for any EHTERAZ user. The app's requirement that users grant access to video and picture galleries as well as the ability to make unprompted calls has led users to object on privacy grounds. A further difficulty is that the country's many migrant workers typically lack compatible phones.
https://www.amnesty.org/en/latest/news/2020/05/qatar-covid19-contact-tracing-app-security-flaw/
https://amp.france24.com/en/20200525-qatar-virus-tracing-app-stirs-rare-privacy-backlash
Writer: Amnesty International; Agence France Presse
Publication: Amnesty International; France 24