COP27 Could be a matter of concern as it has ‘highly intrusive’ access to locations, conversations and images.
Cybersecurity concerns have been raised at the United Nations’ COP27 climate talks over an official smartphone app that reportedly has carte blanche to monitor locations, private conversations and photographs.
About 35,000 people are expected to attend the two-week climate conference in Egypt, and the app i.e, COP27 has been downloaded more than 10,000 times on Google Play, including by officials from France, Germany and Canada.
Egypt’s Ministry of Communications and Information Technology developed the app for the summit’s delegates.It is meant to assist attendees in smoothly navigating the conference, but “the government of Egypt may have weaponised the app and now has the ability to surveil all of the summit attendees”, David Bader, an expert in data science and cybersecurity, told Al Jazeera.
Analysts warn the COP27 app can extensively monitor the user’s movement and communications, and is able to read users’ email and encrypted messages, record phone conversations, and even scan the entire device for sensitive information.
Bader noted while the developer states the app does not collect data: “Surprisingly the app does have the strange ability to access the user’s name, phone number and email address, all of the user’s email – with the ridiculous explanation for ‘app functionality’ and one’s photos for ‘account management’
Bader warned that there could be more clandestinely going on with the app. He questioned the public if they would want a stranger accessing their private photos even if it’s the government.
The majority of apps ask permission to access various aspects of a smartphone, including location for GPS functions or cameras for social media, but users need to be cautious, said Kevin Curran, professor of cybersecurity at Ulster University.
“One has to ask whether each of these permissions are necessary,” Curran said, describing the COP27 app as “highly intrusive”.
“In this case, it is difficult to identify a smoking gun. What we cannot ascertain is whether the Egyptian government is using this for data collection,” Curran told Al Jazeera.
He noted, however, the app could continue to provide information on users even after the climate conference ends on November 18.
According to an analysis of the app by American media group Politico, it can monitor communications even when the device is in sleep mode.
Egypt’s COP27 ambassador Wael Aboulmagd denounced the speculation, telling reporters a cybersecurity assessment was completed and, “I was told how unlikely, or physically or technically impossible” it would be to use the app so intrusively.
Since it is available on Google Play and the Apple Store, those companies “would never allow that” because of security protocols, he added.
“There has been a cybersecurity assessment done and it refuted that completely,” said Aboulmagd.
But Bader warned delegates with the app on their phones remain vulnerable. “Intelligence may be gathered not just about their positions on climate change, but also on trade negotiations, political activities and military operations,” he said.