Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Amnesty Sounds Alarm Over Gulf, Norway Virus Apps

Amnesty International warned Tuesday that contact-tracing technology developed to contain the novel coronavirus threatens users’ privacy, highlighting Bahraini, Kuwaiti and Norwegian apps as “among the most dangerous”.

Amnesty International warned Tuesday that contact-tracing technology developed to contain the novel coronavirus threatens users’ privacy, highlighting Bahraini, Kuwaiti and Norwegian apps as “among the most dangerous”.

Many countries have turned to smartphones to trace people’s movements and track their contacts, allowing officials to monitor coronavirus infections and spot new outbreaks.

But detailed technical analysis of 11 such apps around the world showed that Bahrain, Kuwait and Norway’s offerings were “carrying out live or near-live tracking of users’ locations”, the rights group said.

Bahraini and Kuwaiti officials told AFP Tuesday that the apps were for the “sole” purpose of combatting the spread of the COVID-19 disease.

“The ‘BeAware’ app was designed for the sole purpose of advancing contact tracing efforts and saving lives,” said a Bahraini government spokesperson, adding that more than 402,000 people in the country had downloaded it.

“It is an entirely voluntary opt-in app… and all users are informed of its use of GPS software before downloading.”

A Kuwaiti official also said the country’s app was “solely linked to the novel coronavirus” and was “established to track people who break a mandatory 28-day self-quarantine”.

Advertisement. Scroll to continue reading.

But Amnesty reported that the tools were frequently uploading GPS coordinates to central servers, meaning users’ whereabouts could be tracked in real time.

Less invasive apps use Bluetooth proximity scanning to detect encounters with infected users.

“Bahrain, Kuwait and Norway have run roughshod over people’s privacy, with highly invasive surveillance tools which go far beyond what is justified in efforts to tackle COVID-19,” said Claudio Guarnieri, head of Amnesty International’s security lab.

Authorities in Norway said Monday they would suspend the “Smittestopp” (Infection stop) app over privacy fears.

On Friday, Norway’s data agency, Datatilsynet, said it would stop the Norwegian Institute of Public Health handling data collected via the app.

It had previously said the limited spread of coronavirus in Norway, alongside the app’s limited effectiveness due to the small number of people actually using it, meant the invasion of privacy resulting from its use was disproportionate.

– ‘Are you at home?’ –

“The Norwegian app was highly invasive and the decision to go back to the drawing board is the right one,” Guarnieri said.

“We urge the Bahraini and Kuwaiti governments to also immediately halt the use of such intrusive apps in their current form.

“They are essentially broadcasting the locations of users to a government database in real time — this is unlikely to be necessary and proportionate.”

Amnesty singled out Bahrain for linking its tool to a televised competition called “Are you at home?” in which 10 phone numbers registered with the app were called daily to ensure self-isolation.

Prizes were awarded to those users who were called and found to be at home.

Participation in the programme was initially mandatory, but an opt-out was later introduced.

The latest warnings come just weeks after Amnesty found that a digital tool developed in Qatar had exposed the data of more than a million users.

The glitch, which was fixed shortly after Amnesty flagged it, made users’ ID numbers, locations and infection status vulnerable to hackers.

Privacy concerns over the app, which is mandatory for residents and citizens on pain of prison, had already prompted a rare backlash and forced officials to offer reassurance and concessions.

Non-compliance is punishable by up to three years in jail, the same as for failing to wear a mask in public, in a state battling one of the world’s highest per-capita infection rates.

Users and experts had criticised the array of permissions required to install the app, including access to files and allowing the software to make unprompted phone calls.

Related: Coronavirus Tracing App a Test for Privacy-Minded Germany

Related: French Virus Tracing App Goes Live Amid Debate Over Privacy

Related: European Virus Tracing Apps Highlight Battle for Privacy

Related: COVID-19 Contact Tracing Apps: Effective Virus Risk Management Tools or Privacy Nightmare?

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.