Another Event-Related Spyware App

Last month, we were warned not to install Qatar’s World Cup app because it was spyware. This month, it’s Egypt’s COP27 Summit app:

The app is being promoted as a tool to help attendees navigate the event. But it risks giving the Egyptian government permission to read users’ emails and messages. Even messages shared via encrypted services like WhatsApp are vulnerable, according to POLITICO’s technical review of the application, and two of the outside experts.

The app also provides Egypt’s Ministry of Communications and Information Technology, which created it, with other so-called backdoor privileges, or the ability to scan people’s devices.

On smartphones running Google’s Android software, it has permission to potentially listen into users’ conversations via the app, even when the device is in sleep mode, according to the three experts and POLITICO’s separate analysis. It can also track people’s locations via smartphone’s built-in GPS and Wi-Fi technologies, according to two of the analysts.

Tags: , , ,

Posted on November 15, 2022 at 7:16 AM10 Comments

Comments

Somebody Anon November 15, 2022 10:15 AM

Is this deliberate or is it because some programmers are too lazy or incompetent? Hanlon’s razor “never attribute to malice that which is adequately explained by stupidity.”

Ted November 15, 2022 1:40 PM

@SomebodyAnon

I don’t know, but I get the impression that Egypt’s government may be, in the words of The Guardian, an “authoritarian regime.” Freedom House gives the country a score of 18 out of 100 (“Not Free”).

The South Sinai governor recently boasted about the level of surveillance at COP27. 500 taxis have been outfitted with cameras that are connected to a “security observatory.” Everything is recorded: audio and visual.

So it may be worth giving all the extra permissions in the COP27 app another careful look. Better yet, as Western security advisers suggest, skip this download.

https://www.theguardian.com/environment/2022/nov/06/egypt-cop27-climate-surveillance-cybersecurity

John White November 15, 2022 2:30 PM

@SomebodyAnon: It’s deliberate. The current traitor regime in Egypt closely collaborate with the zionist entity. They are declared enemies of humanity.

Tom-Ottawa November 15, 2022 4:44 PM

Some phones offer separate “sections” for work & personal. Why not a “Traveller” section, walled off from the others by different encryption & password, looking like it was all alone.

RealFakeNews November 15, 2022 9:29 PM

At risk of having my post deleted for violating political speech, it is not surprising that these particular apps are draconian spyware. Just look which groups they are written for.

COP, and football.

I think you can infer the rest of my post. The topic is unavoidable; for as long as people ignore certain global shenanigans, this will continue.

Clive Robinson November 15, 2022 9:29 PM

@ ALL,

“Last month, we were warned not to install Qatar’s World Cup app because it was spyware. This month, it’s Egypt’s COP27 Summit app”

And next month it will be another Government App that “you have to have”

It’s not going to stop any time soon if ever.

It’s something I realised with US Customs agents quite some time ago, and I’ve mentioned and discussed it before.

The upshot is that to put it mildly, you don’t own your mobile / smart device, others do.

Firstly App developers can do oh so many things you can not including installing back doors you can not remove. Likewise the manufacturer of the phone. Then there is the OS developer they can own your mobile / smart device when ever they want to. Then there are the various “mobile network service providers” they in effect “own your SIM” but so do the people that made the SIM for the Service Provider, and in turn they usually alow the Network Provider to control the SIM.

There are a few more people as well, what you need to remember is that you are right at the bottom of this “dung hill”.

Which is why my standing advice to all travelers is,

Leave your electronics at home

If they can not get at your electronics then they can not steal either the devices or the myriad of data on them.

If you need electronics then buy new and as cheaply as posible then dump them either before tou leave that country or as soon as you get home.

Mostly I give them to “charity” for “childrens education” after doing a bit more than a “factory reset” where possible.

But… All electronics these days contain “Systems On a Chip”(SOC) for doing I/O and similar control of decices. Which means they run at quite a significant privilege level when it comes to the OS etc.

Worse these SOC’s contain one to as many as four ARM or MIPS processors, and significant amounts of RAM and problematically Flash or EE ROM.

As an ordinary user you can not get to the Flash/EE ROM so can not check it or re-program it. As these devices have to boot and be operational before the OS any malware they have on them is extrodinarily privileged…

So you can not “clean up the device” which means it will track you and your activities as long as you have it…

So your only solution is “get rid of it”, don’t take my word for it do your own research, but you will find what I’m saying is quite factual.

Oh and one other thing remember that NSA director who publicly stated the US kill on “meta-data” well, these junk apps provide hostile entities with “meta-data” so the problem is not exactly a new one.

After the US colaberated with Putin’s Russia to fly a missile down the beam of a satellite phone in use by a military commander, killing by meta-data became an established if unacknowledged fact. It’s why all those years back Osama Bin Laden, dumped all his hightech satellite phones etc and went back to couriers on foot, donkey, and where common vehicular transport. They were carrying his communications on memory cards stuffed up their back passage (as smugglers have done for millennium). Further from what has been said, the messages were encrypted, and then hidden using stego, in a type of pornography that would be highly frowned upon in that part of the world, hence giving an excuse for why it was hidden up the couriers back passage…

Let’s just say most of us do not have to go to such lengths, because at the end of the day they did not work out for Osama Bin Laden, who is presumed “dumped at sea”.

Winter November 17, 2022 4:57 AM

@Peter Galbavy

This is now being picked up by governments in public:

One of the comments in the linked article points to the traumatic experiences of women visiting Qatar. That goes well beyond having an intrusive app on your phone. In general, I would advice women not to visit Qatar, under no condition.

‘https://www.businessinsider.com/qatar-airport-searches-woman-describes-trauma-forced-internal-exam-2021-11

‘https://www.hrw.org/news/2020/10/27/women-reportedly-subjected-forced-gynecological-exams-qatar

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.