Major privacy concerns for attendees.
Security advisers from Western countries are warning delegates attending the COP27 climate summit not to download the Egyptian government’s official app. The app is supposed to help attendees of the event with navigation but has major privacy concerns – allowing the app to be used as a surveillance tool.
The app is recommended on the official UN website for the COP27.
POLITICO says a potential vulnerability was found by four different cybersecurity experts that reviewed it. The news outlet claims that the app can allow the Egyptian government to read users messages, emails, and even communications via encrypted messaging platforms like Signal and WhatsApp.
The app can track location through GPS and WiFi. It also requires a permission that could allow the government to spy on conversations even when the device is in sleep mode.
The app also gives the government back-door privileges to scan users’ devices.
Some experts said much of the access and data the app gets are fairly standard. Additionally, so far, there is no evidence that people’s messages and emails have been read or users’ location tracked.
The main problem is the combination of the access it has and the Egyptian government’s record with tracking. According to Privacy International, following the Arab Spring, the Egyptian government has cracked down on dissidents and used emergency rules to track citizens both online and offline.
The Egyptian government refuted the cybersecurity risks alleged by POLITICO.
The app’s privacy notice states that the Egyptian government has the right to use the data provided by those who have downloaded the app, including photos, camera access, GPS location, and Wi-Fi details.
“Our application reserves the right to access customer accounts for technical and administrative purposes and for security reasons,” the privacy statement adds.
But the security reviews conducted by POLITICO found that the app requires other permissions that users are allowing unwittingly and that have not been disclosed in the privacy statement. For instance, the app can track what users are doing on other apps.