Serious security vulnerabilities in Qatar’s mandatory contact tracing app... must act as a wake-up call for governments rolling-out COVID-19 apps to ensure privacy safeguards are central to the technology. ..

Amnesty’s Security Lab discovered the critical weakness in the configuration of Qatar’s EHTERAZ contact tracing app. Now fixed, the vulnerability would have allowed cyber attackers to access highly sensitive personal information, including the name, national ID, health status and location data of more than one million users.

Amnesty alerted the Qatari authorities to the vulnerability... on Thursday 21 May. The authorities acted swiftly to fix the weakness by the end of Friday 22 May.