The app for EU citizens applying to remain in the UK after Brexit has major security flaws which mean it can be easily hacked

• The UK government's official smartphone app for EU citizens registering to remain in the country after Brexit has serious vulnerabilities which could be easily hacked to steal users' phone numbers, addresses, and passport details.
• Over one million EU citizens have downloaded the app, which allows them to submit photographs of their passports.
• A spokesperson for the3million, which campaigns for EU citizens' rights, said: 'For many EU citizens, trust in the Home Office is already very low and we fear that many concerned will not apply now.'
• Visit Insider's home page for more stories.

Over one million EU citizens who have downloaded a smartphone app designed by the UK government to help them register to remain in the UK after Brexit, risk having their private information stolen due to major flaws in the app's security.

The 'EU Exit: ID Document Check' app is designed to allow users applying for the UK government's "settled status" scheme, allowing them to submit photographs of their passports, and to check whether their documents are valid.

However, researchers at Promon, a Norweigan cybersecurity company, found major loopholes that allowed them to easily hijack the app and access any information that was being entered into it, the Financial Times reported.

The researchers were able to see information being typed into the app in real-time, including usernames and passwords, as well as being able to alter information being entered.

Tom Lysemose Hansen, chief technology officer at Promon, told the Financial Times that the tools they used to hack the app were "very easily accessible and require very little technical skill to use."

The app is available on iPhones and Android phones, but researchers did not test Apple's version.

The Home Office tested the app for several months before launching it in March. The app's page on the store where Android users can download it state that it is "safe and secure," adding: "None of your personal identity information will be stored in the app or on the phone when you finish using it."

Maike Bohn, a spokesperson for the3million, which campaigns for EU citizens' rights, said: "The new settlement scheme is forcing 3.6 million people through a digital keyhole so they can stay in their homes, access healthcare, keep their jobs.

"We now hear that this keyhole can be tampered with, that loopholes allow hackers access to personal data and even to alter data submitted.

"We are expecting the Government to do more than issuing a statement that it takes security very seriously.

"For many EU citizens trust in the Home Office is already very low and we fear that many concerned will not apply now."

A Home Office spokesperson said: "We take the security and protection of personal information extremely seriously. The EU Exit: ID Document Check app is regularly tested by independent security firms against all known and emerging threats and adheres to industry best practice on security, performance and accessibility.

"Over a million people have used the app safely and we continually review our systems to ensure that it is kept safe."

Our Brexit Insider Facebook group is the best place for up-to-date news and analysis about Britain's departure from the EU, direct from Business Insider's political reporters. Join here.