There Are Serious Vulnerabilities In The App Built To Let EU Citizens Stay In The UK After Brexit

There Are Serious Vulnerabilities In The App Built To Let EU Citizens Stay In The UK After Brexit
Image: Getty Images
To sign up for our daily newsletter covering the latest news, features and reviews, head HERE. For a running feed of all our stories, follow us on Twitter HERE. Or you can bookmark the Gizmodo Australia homepage to visit whenever you need a news fix.

The government has shown time and time again that it is pretty fucking clueless when it comes to technology. So when it comes to being high-tech, it’s never a surprise to hear that things have gone catastrophically wrong ” as has just happened with the EU citizen settled status application app.

For those of you that don’t know, this app was built to allow EU citizens to apply for ‘settled status’ that would let them remain in the UK post-Brexit if they met certain criteria. It has been a shitshow from the beginning, since the app was only initially available on Android and didn’t work most of the time. It eventually did make it to iPhones about a month ago, and less than two weeks before we were supposed to leave the EU. Great going so far, Home Office!

Now, though, it turns out that the app has a bunch of whopping great big security flaws. Vulnerabilities that researchers say could let hackers obtain phone numbers, addresses, facial scans, and passport information. So you know, all that really important stuff you’d rather nobody ever see in case they try and steal your identity.

The flaws were found in the Android version of the EU Exit app by Norwegian cyber security firm Promon, letting researchers take control of the app and let them see any information entered into it. That includes information being typed in at the time, which also let them alter whatever information was being entered by the user. To make matters worse the tools they used are apparently easily available and don’t require a lot of technical knowledge to use.

The Home Office has said:

“We take the security and protection of personal information extremely seriously. The EU Exit: ID Document Check app is regularly tested by independent security firms against all known and emerging threats and adheres to industry best practice on security, performance and accessibility.

Over a million people have used the app safely and we continually review our systems to ensure that it is kept safe.”

Well apparently that isn’t the case, and with Brexit still happening EU citizens who don’t want to leave have no other choice. Maybe Sajid Javid can kick his department into gear and make them fix it. It’s about time the government did something Brexit-related without being utterly incompetent in the process.


Very Important Brexit App Still Only Works On Android As Shitshow Continues

There are just 60 days until the United Kingdom is set to leave the European Union, and for EU citizens looking to stay living in the UK, the process currently has an exasperatingly dumb roadblock.

Read more

This post originally appeared on Gizmodo UK, which is gobbling up the news in a different timezone.