2022-11-14
Data Protection Agencies: If You’re Going to Qatar for the World Cup, Take a Burner Phone
Visitors to Qatar are required to download two apps to their smartphones: a COVID-tracking app called Ehteraz, and the official World Cup app, Hayya. Ehteraz has received scrutiny over its ability to allow remote access to users’ photos and videos, the ability to read and write to a device’s file system, and requiring location services to be always on.
Editor's Note
Burner phones are a good idea whenever you are traveling, in particular if you are traveling abroad and are required to install special tracking applications. Post Covid, these tracking applications have become quite common.

Johannes Ullrich
Many organizations had such policies for executive travel to China, Russia and other countries – add Qatar to the list. Maybe in the US we will soon require visitors to download apps featuring Beyonce or Taylor Swift…

John Pescatore
Over-permissioned apps are a threat. The Ehteraz app asks users to allow remote access to pictures and videos, make unprompted calls, and read or modify device data while the Hayya app asks for full network access and unrestricted access to personal data. It also prevents the device from going into sleep mode and views the phone’s network connections. Both need location data to operate, which is expected. This is an excellent time to take a loaner/burner device which has _MINIMAL_ data. Also at the event are 15,000 surveillance cameras with facial recognition capabilities, ostensibly to keep people safe. Given that Qatar has a lousy reputation when it comes to human rights, this may be a good time to pass on visiting.

Lee Neely
The apps make this problem obvious and burners an appropriate mitigation. However, the risk of international travel with information is not limited to a few countries or a particular technology. For government officials, journalists, activists, and even some business people, it is a more fundamental problem. In a world of fast and ubiquitous connectivity and efficient cryptography, consider leaving the data behind. consider disposable hardware in general, not just phones.
