From Friday it will be compulsory for all citizens and residents to download, install and run the Ehteraz app (if they leave their homes). Failure to do so can result in hefty fines and jail time. The initiative is a positive one and should be supported. However there are some questions about the implementation and how exactly the app works. Why does the app require access to Photos/Media/Files? It doesn't make sense. What could be the reason that the app requires access to read the contents of your USB storage? Does it mean that the app can access my personal photos and videos on my phone? If it can access these files, can they be upload to centralized servers? Why does the app need permission to directly call phone numbers? That seems odd. If the purpose of the app is to trace who I've been in contact with and potentially alert me if I or others may have come into contact with someone who is positive with COVID-19, then why would it need to be able to directly make phone calls? This is what the description on the Google Play Store says: EHTERAZ is your trusted smart application to follow up on the latest updates of COVID-19 Coronavirus in Qatar. EHTERAZ has been designed and developed in the Ministry of Interior to support all categories of the Qatari community to spread the health awareness tips and techniques as well as the protection methods that are necessary to halt the outbreak of Coronavirus. This smart tool is also meant to give a hand to those people that are responsible for their families in their endeavors to protect their love ones, and to support healthcare and related entities in order to protect the safety of individuals and that of the Qatari community from this pandemic virus at large. Why is the app developed by the MOI and not the MOPH if it's for health awareness tips and techniques and to halt the spread of Coronavirus? Why does the app need permissions to?:
- disable your screen lock
- run at startup
- draw over other apps
- prevent device from sleeping
In recent years there have been hacks of QNB and some governmental organizations. Indeed the unjust blockade against Qatar was initiated after the QNA website was hacked and false information was posted on the website. Just last year Facebook had multiple data breaches with more than 700 million records being exposed. LinkedIn has had a hack with 165 million user accounts affected. Microsoft in 2019 had 250 million records exposed by misconfiguration. If our data is on centralized servers how can we be sure that it is secure? Does it need to be centralized, can we have a decentralized approach to the app? Some of the responses to questions on the Google Play Store do not build confidence: "Storage permission required to check the rooted or jailbreaken device for your security ." Because of these unanswered questions I plan to install the app on an old phone which has had a factory reset. I plan to carry it with me along with my main phone. It will have access to wifi and I can mobile-hotspot if needed while out and about. But the phone will not have any personal data on it. At present this seems like the best approach for me. I look forward to updates of the app and clarification on some of these questions so the people in Qatar can feel safe and the community can work with the authorities to help stop the spread of COVID-19.