Egypt reportedly spied on cell phones of COP27 delegates

About 35,000 people will attend COP27 for two weeks in Egypt.

REPUBLIKA.CO.ID, CAIRO — Cybersecurity concerns have been raised during talks at the United Nations (UN) COP27 climate conference. The event’s official smartphone app would have full authority to monitor venues, private conversations and photos.


Around 35,000 people are expected to attend the two-week climate conference in Egypt. The app has been downloaded more than 10,000 times on Google Play, including by French, German and Canadian officials.


Ministry of Communication and Information Technology Egypt develop applications for conference delegates. It is intended to help participants navigate the conference smoothly.


“The Egyptian government may have weaponized the app and now has the ability to monitor all conference attendees,” David Bader, a data science and cybersecurity expert, told //Aljazirah//.


Analysts warn that COP27 apps can extensively monitor user movements and communications. The app is also capable of reading users’ emails and encrypted messages, recording phone conversations, and even scanning the entire device for sensitive information.


Bader notes that even though the developer says the app doesn’t collect data, it’s odd that the app has the ability to access usernames, phone numbers, and emails. This feature is claimed for app functionality and adding user photos for account management.


“Do you want strangers accessing your private photos, let alone foreign governments?” Bader warns there could be more hiding with the app.


Most apps ask for permission to access various aspects of the smartphone, including location for GPS function or camera for social media. But Kevin Curran, professor of cybersecurity at the University of Ulster, said users should be careful.


“We have to ask ourselves if each of these permissions is necessary,” Curran said, describing the COP27 application as particularly intrusive.


“In this case, it’s hard to identify strong evidence. What we can’t confirm is whether the Egyptian government used this for data collection,” Curran said.


Curran noted that the app can continue to provide user insights even after the climate conference ends on Nov. 18. According to an analysis of the app by US media group Politico, it can monitor communications even when the device is in sleep mode.


For those concerned about COP27 apps, cybersecurity experts recommend using a secondary device, while being aware that their conversations and other communications may be monitored. In the meantime, those who have already downloaded the app should delete it as a first preventive step.


Egyptian Ambassador to COP27 Wael Aboulmagd condemned the data theft speculation. He said the cybersecurity assessment was complete and the espionage charge was impossible.


“I was told how impossible, or physically or technically, it was to use the app to cause interference,” Aboulmagd said.


Aboulmagd pointed out that the app is also on Google Play and the Apple Store, so it is impossible for the data collection feature to be done as the two companies have never authorized it due to security protocol considerations. “A cybersecurity assessment has been done and that completely refutes it,” he said.


But Bader warned delegates with apps on their phones that still left them vulnerable. “Intelligence can be collected not only on their position on climate change, but also on trade negotiations, political activities and military operations,” he said.


Some human rights activists have criticized Egypt’s decision to host COP27. The rejection cites a long record of suppressing political dissent with tens of thousands estimated to have been jailed. A number of participants shared that Wi-Fi at the climate conference blocks access to websites such as Human Rights Watch and independent Egyptian media outlet Mada Masr, as well as Algeria.

Matilda Baker

"Evil pop culture fanatic. Extreme bacon geek. Food junkie. Thinker. Hipster-friendly travel nerd. Coffee buff."

Leave a Reply

Your email address will not be published. Required fields are marked *