Egypt’s official COP27 summit app may be the ‘cartoon super-villain’ of spyware

Officials say more than 5,000 attendees have downloaded the app requiring unprecedented access to personal data.
Smartphone displaying COP27 app logo

Think twice about downloading it. Sean Gallup/Getty Images

The United Nations’ 27th Conference of Parties (COP27) climate summit is currently underway in the Egyptian resort city of Sharm el-Sheikh. But, the host country’s official event app appears to be nothing more than almost comically egregious spyware, according to multiple reports.

According to security experts and attendees at the annual gathering of world government leaders, scientists, and environmental activists, the app’s permissions requirements grant local authorities an alarming amount of access to users’ smartphone data. Emails, photos, and even the ability to pinpoint geographic locations are among the details available to Egypt’s ministry of communications and information technology, alongside gateways to phones’ cameras, microphones, and Bluetooth capabilities.

[Read: COP27 climate goals: 1.5 degrees Celsius and beyond.]

“You can now download the official #COP27 mobile app but you must give your full name, email address, mobile number, nationality and passport number. Also you must enable location tracking,” Hossam Bahgat, leader of the Egyptian Initiative for Personal Rights, tweeted ahead of the summit last month, along with a screenshot of the app’s welcome page featuring a photo of Egyptian president, Abdel Fattah El-Sisi. Per the app’s own wording, the Egyptian government also “reserves the right to access customer accounts for technical and administrative purposes and for security reasons.”

Speaking with The Guardian earlier this week, the Electronic Frontier Foundation’s advocacy director, Gennie Gebhart, described Egypt’s COP27 smartphone offering as “a cartoon super-villain of an app,” explaining that the required permissions are “unnecessary” for the app’s operation, thus heavily suggesting the government is attempting to surveil summit attendees.

[Related: The past 8 years have been the hottest on human record.]

Since the 2011 uprising, the Egyptian government has worked to expand and maintain a vast digital law enforcement apparatus, which it uses to surveil citizens, political activists, and dissidents. Strategies include utilizing deep packet inspection, which grants authorities the ability to monitor any internet traffic within a network, and the online censoring of over 500 websites including the country’s only independent news source. Ahead of the COP27 summit, Egyptian authorities oversaw a series of mass arrests in an attempt to identify political activists. The country currently has over 65,000 jailed political prisoners.

Although cybersecurity teams aiding the world’s heads of state likely identified the egregious privacy loopholes in Egypt’s COP27 app, The Guardian notes it has already been downloaded at least 5,000 times by various attendees. It’s easy to envision the Egyptian government counting on these lapses in judgment as a way to keep tabs on perceived domestic and foreign threats. It’s as good a reminder as any that you should probably take a moment to reinforce your own online defenses against malicious actors.