118

To attend the championship this year, fans must use a digital ticket provided through UEFA’s Ticket application. According to Heise, this app requires access to personal data, including name, email, phone number, and GPS permissions. While app store descriptions note the collection of personal information and activity data for analysis purposes, they omit any mention of location sharing.

top 9 comments
sorted by: hot top controversial new old
[-] FlyingSquid@lemmy.world 21 points 5 months ago

That can't possibly be legal in Europe. The article suggests it doesn't technically violate GDPR, but that still can't be legal, can it?

[-] euAppleHater@lemm.ee 8 points 5 months ago

You seem to be operating on a mistaken understanding of the EU. While the EU works to protect citizens within the EU from being monitored, tracked, and monetized by foreign entities and private EU companies, they have no concept of personal privacy of citizens within the EU from the EU governments themselves. If the data is being sent to the police, it is legal. See the EU Councils position on encryption and what level of access law enforcement within EU nations should have.

[-] vxx@lemmy.world -3 points 5 months ago

The UEFA ticket app doesn't even have location functions. They're talking about the Euro 2024 app, which I also checked and it doesn't take location data, and it doesn't share data at all.

I don't know if they changed it or if users were talking about another app.

Oddly enough when I searched for the apps in the store, another unrelated football app showed at the top and it did exactly what the article is claiming.

[-] euAppleHater@lemm.ee 3 points 5 months ago

When and how did you check this? The following quotes are taken from the posted article, emphasis mine.

UEFA told us that all location data is anonymized and only tracked on match days, starting six hours before kick-off and ending six hours after the match. The data aids in managing fan flow and ensuring timely updates via push notifications. UEFA’s spokesperson said this location data is “an invaluable tool” in maintaining safety.

For starters, we are reluctant to believe that both Bayerischer Rundfunk (who made the video in collaboration with the actual people involved in the monitoring process) and Heise would have mislabeled the UEFA Ticket app instead of saying it is the EURO 2024 app.

As it stands, Stack Diary cannot independently verify what the insides of the Ticket app look like because the tickets have been sold out since early June, and you are required a QR code to see what the app looks like. If you have more information to give, please get in touch with us.

According to Heise, the app requires explicit GPS permissions, which are not disclosed on the Android or iOS privacy pages for the UEFA Mobile Tickets application. When checking with Exodus, both the Tickets and the EURO app require “ACCESS_FINE_LOCATION” and “ACCESS_COARSE_LOCATION” permissions, which allow an app to access precise location data using GPS, Wi-Fi, and mobile networks.

The entire point of this story is that the UEFA ticket app requires access to location functions without telling the user. Have you either used a tool like exodus or extracted the source code of the ticket app from the apk and manually reviewed it?

Also, you sound like you’re under the assumption that users reported this. You realize that this was originally reported by the German IT news outlet heise.de and not by complaints from random users right?

[-] vxx@lemmy.world 3 points 5 months ago* (last edited 5 months ago)

Right after I read the article and before I left the comment.

From Germany through the Google Play store

I'm alaware Heise reported it, but they said themselves that a user reported it to them and they didn't add that they checked it. The article above even had to correct them that it wasn't the app Heise called out.

[-] euAppleHater@lemm.ee -1 points 5 months ago* (last edited 5 months ago)

What? The Heise article talks about how both apps access location APIs, but UEFA only publicly acknowledges that the second app tracks. The issue here is that the ticket app tracks, but UEFA says it doesn’t. The issue here is that UEFA is lying.

Looking at the permissions on the German Google Play store will obviously show that location is not used by the ticket app, because the entire issue being reported is that location is accessed without the knowledge of the users and without being reported in the app stores. This is why I asked how you checked, you need to check the app with something like Exodus or rev eng it and look at the actual api calls made in the source code.

I feel like I’m taking crazy pills. Do you just not believe that developers could lie, either directly or by omission, about what data their app collects?

[-] Cosmonauticus@lemmy.world 17 points 5 months ago

If there's one thing I've learned about Europeans is they'll put up with ANY level of corruption if it involves their glorious football

[-] cbarrick@lemmy.world 7 points 5 months ago

Or surveillance.

It's all "privacy, privacy, privacy" when it comes to private companies. But the EU themselves wants all of that data to create a surveillance state.

Not that the US government doesn't pull the same shit, but it does feel less hypocritical when they do it, because they're not even pretending to be concerned with privacy.

[-] Geometrinen_Gepardi@sopuli.xyz 11 points 5 months ago

What's messed up is that the only way to get into a match is via mobile ticket. If you don't have a phone, or your battery is empty or you don't want to install an app on your device, get fucked I guess?

this post was submitted on 05 Jul 2024
118 points (96.8% liked)

News

23684 readers
3353 users here now

Welcome to the News community!

Rules:

1. Be civil


Attack the argument, not the person. No racism/sexism/bigotry. Good faith argumentation only. This includes accusing another user of being a bot or paid actor. Trolling is uncivil and is grounds for removal and/or a community ban. Do not respond to rule-breaking content; report it and move on.


2. All posts should contain a source (url) that is as reliable and unbiased as possible and must only contain one link.


Obvious right or left wing sources will be removed at the mods discretion. We have an actively updated blocklist, which you can see here: https://lemmy.world/post/2246130 if you feel like any website is missing, contact the mods. Supporting links can be added in comments or posted seperately but not to the post body.


3. No bots, spam or self-promotion.


Only approved bots, which follow the guidelines for bots set by the instance, are allowed.


4. Post titles should be the same as the article used as source.


Posts which titles don’t match the source won’t be removed, but the autoMod will notify you, and if your title misrepresents the original article, the post will be deleted. If the site changed their headline, the bot might still contact you, just ignore it, we won’t delete your post.


5. Only recent news is allowed.


Posts must be news from the most recent 30 days.


6. All posts must be news articles.


No opinion pieces, Listicles, editorials or celebrity gossip is allowed. All posts will be judged on a case-by-case basis.


7. No duplicate posts.


If a source you used was already posted by someone else, the autoMod will leave a message. Please remove your post if the autoMod is correct. If the post that matches your post is very old, we refer you to rule 5.


8. Misinformation is prohibited.


Misinformation / propaganda is strictly prohibited. Any comment or post containing or linking to misinformation will be removed. If you feel that your post has been removed in error, credible sources must be provided.


9. No link shorteners.


The auto mod will contact you if a link shortener is detected, please delete your post if they are right.


10. Don't copy entire article in your post body


For copyright reasons, you are not allowed to copy an entire article into your post body. This is an instance wide rule, that is strictly enforced in this community.

founded 2 years ago
MODERATORS