Qatar Covid-19 app ‘exposed 1m people’s personal details’

A field hospital set up by Qatari authorities to treat people infected with the coronavirus Covid-19 is pictured of May 11, 2020 in Doha. - Qatar has established a series of field hospitals to treat patients with mild cases of coronavirus including one in the densely-populated industrial area where an outbreak of Covid-19 among the largely migrant worker population has made it the epicentre of the Gulf country's virus crisis. (Photo by KARIM JAAFAR / AFP)

A security flaw in Qatar’s coronavirus contact tracing app put the sensitive personal details of more than a million people at risk, according to an investigation by Amnesty International, writes Alex Hern, the Guardian’s UK technology editor.

The app, which is mandatory for Qatari residents to install, was configured in a way that would have allowed hackers “to access highly sensitive personal information, including the name, national ID, health status and location data of more than 1 million users”, according to Amnesty International’s security lab.

Claudio Guarnieri, the lab’s head, said the flaws, fixed following their discovery, “should act as a warning to governments around the world rushing out contact tracing apps that are too often poorly designed and lack privacy safeguards”.

The Qatari app uses a mixture of GPS and Bluetooth technology to track Covid-19 cases and warn people who may have been exposed to an infectious person. Like the UK’s app, it operates on a centralised model allowing the country’s interior ministry access to the information it gathers.