Iran’s coronavirus ‘detection’ app could have spied on users: Researcher

An app installed by over four million Iranian citizens has been taken down from the Google Play store, following accusations that it was spying on them and that it was misleading by design.

Over four million Iranians had installed the ‘AC19’ app after the Iranian government sent a mass SMS to all its citizens encouraging them to do so. Promising to detect coronavirus symptoms, the app was intended to help relieve the burden on the country’s hospitals from citizens rushing in to check whether their symptoms matched those of the deadly new virus.

However, since the app collected phone numbers and geographic location details, the government was soon accused of wanting to use it to spy on people. The country saw several large anti-government protests just prior to the coronavirus outbreak, in the aftermath of the revelation that the government had accidentally shot down a Ukrainian plane carrying several of Iranian citizens as well as foreign nationals.

While Google gave no reason for pulling it from the app store, ZDNet reported that it could have been due to the misleading claim that the app could detect symptoms. The website also spoke to Android malware researcher Lukas Stefanko who said that it was not “a malicious Trojan or spyware.”

Iran’s Information and Communication Technology minister even shared a tweet showing a ‘risk map’ of the coronavirus based on the “data mining of 4 million participants in AC19 app”.

The French cybersecurity researcher who goes by the name ‘Elliot Anderson’ has explored the app to find out what data it collects and who it sends this data to. In a Twitter thread, Anderson connects the app to an Iranian app developer who has made products for the Iranian government in the past.

Anderson shows how the website offering direct downloads of the app was registered by a Mostafa Anoosheh, who was linked to an app developer that had earlier created clones of the popular messaging app Telegram, which were accused of spying on their users. In December 2018, Telegram started sending a message to users of these apps warning them that the app could be unsafe. The apps were removed from the Google Play store, and some reports claim their makers were linked to Iranian intelligence agencies.

Anderson also pointed out that since the app did not have ‘rate-limiting’, there was scope for it to abuse the OTP code validation process and possibly take over the users’ other accounts.  

Anderson had earlier revealed how an estimated 67 lakh Aadhaar numbers could have been leaked by state-owned gas company Indane.

Iran currently battles the worst coronavirus outbreak in the Middle East. With over 7,000 cases and 237 deaths, Iran also faces mounting public panic after several officials have tested positive for the virus and some citizens indulged in activities like the ‘lick the shrine’ challenge.