A security flaw in Qatar’s coronavirus contact tracing app put the sensitive personal details of more than a million people at risk, according to an investigation by Amnesty International, writes Alex Hern, the Guardian’s UK technology editor.
The app, which is mandatory for Qatari residents to install, was configured in a way that would have allowed hackers “to access highly sensitive personal information, including the name, national ID, health status and location data of more than 1 million users”, according to Amnesty International’s security lab.
Claudio Guarnieri, the lab’s head, said the flaws, fixed following their discovery, “should act as a warning to governments around the world rushing out contact tracing apps that are too often poorly designed and lack privacy safeguards”.
The Qatari app uses a mixture of GPS and Bluetooth technology to track Covid-19 cases and warn people who may have been exposed to an infectious person. Like the UK’s app, it operates on a centralised model allowing the country’s interior ministry access to the information it gathers.