Like other countries, COVID-19 rocked both Russia and its neighbors, with recent numbers pointing to a collective 4,375 residents across the post-Soviet states being infected by the virus. And while some of these territories are seemingly less than worried about the pandemic, Russia’s spent the bulk of this week rolling out a series of initiatives to surveil its citizens that are putting experts on edge.
This browser does not support the video element.
Earlier today, the head of Moscow’s Department of Information Technologies, Eduard Lysenko, told the Ekho Moskvy radio station that local authorities had developed a smartphone app meant to be downloaded by Moscow residents that had contracted the disease, which would allow federal officials to keep watch on their movements. It’s a similar play to what we’ve seen in more than a dozen other countries, from Brazil to Israel to Pakistan, currently using citizens’ collective locations to keep tabs on the infected and their surrounding proximity in order to quash any possibility for the contagion to spread.
The app—which, per Lysenko, will be available to Moscow’s 12.5 million residents as of this Thursday—is the latest surveillance tool these citizens will be subjected to as the Russian capital morphs into what some critics are calling a “digital concentration camp” created in tandem with the aggressive, city-wide lockdown enacted this week. Aside from the forthcoming app, the Russian outlet Kommersant recently revealed a series of leaked plans for a QR-code-based system that assigns each resident a unique QR-based identifier for each and every trip to the pharmacy, grocer, or even just to walk their dog. Without the QR code, per the initial documents, these citizens won’t be allowed to leave their house—and risk serious fines or jail time if they try to bend those rules. Aside from police patrolling the capital, Moscow authorities have also made it clear that they’ll use anything from street cameras to purchase histories—and now, geolocation data—to ensure residents are abiding by the mandated quarantine.
Though the planned location-tracking app won’t be ready for mass downloading before Thursday, Moscow federal authorities uploaded and quickly pulled an early version of the app from the Google Play store yesterday, after getting roasted by commenters calling the program “unlawful,” “absolutely illegal,” and saying that the idea of mandatory, app-based surveillance “violates human rights—even during an epidemic.”
While it’s not clear how “illegal” this app might be, an investigation into the originally uploaded app by an anonymous Moscow-based researcher found that it’s certainly not secure. As he broke down for the 60,000 plus Russians in a lengthy Telegram thread, some of the app’s biggest whoopsies include:
- the app’s ability to access far more than a person’s geolocation, with the initial version of the app asking for permission to access a user’s camera, core settings, address book and more.
- transmitting the collected information to the city hall servers—and multiple foreign jurisdictions, including Estonia and Germany—all sans encryption.
- costing Moscow a collective $180 million rubles thus far, aka roughly $228,000 American dollars.
- and much, much more!
In response to these critiques during his radio interview earlier today, Lysenko pointed out that this was a beta test of the app, only being uploaded to the play store to “collect feedback from the professional community.” Optimists in the room might want to believe that these officials are telling the truth, and can magically whip up a new version of the app in the next twenty-four hours. Then again, Russia’s illustrious history of less-than secure apps snooping on citizens might suggest otherwise.
I cover the business of data for Gizmodo. Send your worst tips to firstname.lastname@example.org.