Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Amnesty Sounds Alarm Over Gulf, Norway Virus Apps

Amnesty International warned Tuesday that contact-tracing technology developed to contain the novel coronavirus threatens users’ privacy, highlighting Bahraini, Kuwaiti and Norwegian apps as “among the most dangerous”.

Amnesty International warned Tuesday that contact-tracing technology developed to contain the novel coronavirus threatens users’ privacy, highlighting Bahraini, Kuwaiti and Norwegian apps as “among the most dangerous”.

Many countries have turned to smartphones to trace people’s movements and track their contacts, allowing officials to monitor coronavirus infections and spot new outbreaks.

But detailed technical analysis of 11 such apps around the world showed that Bahrain, Kuwait and Norway’s offerings were “carrying out live or near-live tracking of users’ locations”, the rights group said.

Bahraini and Kuwaiti officials told AFP Tuesday that the apps were for the “sole” purpose of combatting the spread of the COVID-19 disease.

“The ‘BeAware’ app was designed for the sole purpose of advancing contact tracing efforts and saving lives,” said a Bahraini government spokesperson, adding that more than 402,000 people in the country had downloaded it.

“It is an entirely voluntary opt-in app… and all users are informed of its use of GPS software before downloading.”

A Kuwaiti official also said the country’s app was “solely linked to the novel coronavirus” and was “established to track people who break a mandatory 28-day self-quarantine”.

But Amnesty reported that the tools were frequently uploading GPS coordinates to central servers, meaning users’ whereabouts could be tracked in real time.

Advertisement. Scroll to continue reading.

Less invasive apps use Bluetooth proximity scanning to detect encounters with infected users.

“Bahrain, Kuwait and Norway have run roughshod over people’s privacy, with highly invasive surveillance tools which go far beyond what is justified in efforts to tackle COVID-19,” said Claudio Guarnieri, head of Amnesty International’s security lab.

Authorities in Norway said Monday they would suspend the “Smittestopp” (Infection stop) app over privacy fears.

On Friday, Norway’s data agency, Datatilsynet, said it would stop the Norwegian Institute of Public Health handling data collected via the app.

It had previously said the limited spread of coronavirus in Norway, alongside the app’s limited effectiveness due to the small number of people actually using it, meant the invasion of privacy resulting from its use was disproportionate.

– ‘Are you at home?’ –

“The Norwegian app was highly invasive and the decision to go back to the drawing board is the right one,” Guarnieri said.

“We urge the Bahraini and Kuwaiti governments to also immediately halt the use of such intrusive apps in their current form.

“They are essentially broadcasting the locations of users to a government database in real time — this is unlikely to be necessary and proportionate.”

Amnesty singled out Bahrain for linking its tool to a televised competition called “Are you at home?” in which 10 phone numbers registered with the app were called daily to ensure self-isolation.

Prizes were awarded to those users who were called and found to be at home.

Participation in the programme was initially mandatory, but an opt-out was later introduced.

The latest warnings come just weeks after Amnesty found that a digital tool developed in Qatar had exposed the data of more than a million users.

The glitch, which was fixed shortly after Amnesty flagged it, made users’ ID numbers, locations and infection status vulnerable to hackers.

Privacy concerns over the app, which is mandatory for residents and citizens on pain of prison, had already prompted a rare backlash and forced officials to offer reassurance and concessions.

Non-compliance is punishable by up to three years in jail, the same as for failing to wear a mask in public, in a state battling one of the world’s highest per-capita infection rates.

Users and experts had criticised the array of permissions required to install the app, including access to files and allowing the software to make unprompted phone calls.

Related: Coronavirus Tracing App a Test for Privacy-Minded Germany

Related: French Virus Tracing App Goes Live Amid Debate Over Privacy

Related: European Virus Tracing Apps Highlight Battle for Privacy

Related: COVID-19 Contact Tracing Apps: Effective Virus Risk Management Tools or Privacy Nightmare?

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...