Egypt is hosting the COP27 climate summit —but that’s not all they’re doing…
According to a report from Politico, the Egyptian government may have access to personal and private data of attendees at the summit who download the official smartphone app. Western security advisers are cautioning against installing the app as it may compromise data.
The vulnerabilities were confirmed by cybersecurity experts —but the app has already been downloaded thousands of times.
How bad is it? Really bad.
While the app is being promoted as a convenient way to navigate the event, it can also access texts, emails, and even phone calls according to the Politico report.
Even messages that are supposedly “encrypted” are at risk.
“The app also provides Egypt’s Ministry of Communications and Information Technology, which created it, with other so-called backdoor privileges, or the ability to scan people’s devices,” Politico reports.
“On smartphones running Google’s Android software, it has permission to potentially listen into users’ conversations via the app, even when the device is in sleep mode, according to the three experts and POLITICO’s separate analysis. It can also track people’s locations via smartphone’s built-in GPS and Wi-Fi technologies, according to two of the analysts,” the report added.
Some are calling the app “weaponized” and a “cyber weapon.”
The app is nothing short of “a surveillance tool that could be weaponized by the Egyptian authorities to track activists, government delegates and anyone attending COP27,” said Marwa Fatafta, digital rights lead for the Middle East and North Africa for Access Now, a nonprofit digital rights organization.
“The application is a cyber weapon,” said one security expert after reviewing it, who spoke on the condition of anonymity to protect colleagues attending COP.
Egypt is, of course, denying all allegations.
“There has been a cybersecurity assessment done. And it refuted that completely,” Wael Aboulmagd, Egypt’s Special Representative to the COP27 President, told reporters on Thursday, in reference to the app’s security threat.
But what does the app’s privacy statement say?
“Our application reserves the right to access customer accounts for technical and administrative purposes and for security reasons.”
“Security reasons” is very open-ended, no?