A security flaw in Qatar's controversial mandatory coronavirus contact tracing app exposed sensitive information of more than one million users, rights group Amnesty International warned Tuesday.
The glitch, which was fixed on Friday after being flagged by Amnesty a day earlier, made users' ID numbers, location and infection status vulnerable to hackers. Privacy concerns over the app, which became mandatory for residents and citizens on pain of prison from Friday, had already prompted a rare backlash and forced officials to offer reassurance and concessions.
Users and experts had criticised the array of permissions required to install the app including access to photo and video galleries on Android devices, as well as allowing the software to make phone calls.
Despite insisting the unprecedented access was necessary for the system to work, officials said they would address privacy concerns and issued reworked software over the weekend.
"Amnesty International's Security Lab was able to access sensitive information, including people's name, health status and the GPS coordinates of a user's designated confinement location, as the central server did not have security measures in place to protect this data," the group said in a statement.
"While Amnesty International recognises the efforts and actions taken by the government of Qatar to contain the spread of the COVID-19 pandemic and the measures introduced to date, such as access to free healthcare, all measures must be in line with human rights standards."