Chinese Olympic App Has Serious Security Flaws: Report

Users’ data could be read by Chinese Internet service providers or telecommunications companies through Wi-Fi hotspots at hotels.

Chinese Olympic App Has Serious Security Flaws: Report

The Citizen Lab report said the app was mandatory for attendees of the Olympics games

Highlights
  • The IOC also pushed back against Citizen Lab's report
  • Citizen Lab's report comes amid heightened concern over athletes' privacy
  • The US Olympic & Paralympic Committee issued an advisory to athletes
Advertisement

A smartphone app that's expected to be widely used by athletes and others attending next month's Winter Games in Beijing has glaring security problems that could expose sensitive data to interception, according to a report published Tuesday.

Citizen Lab, an Internet watchdog group, said in its report the MY2022 app has seriously flawed encryption that would make users' sensitive data — and any other data communicated through it — vulnerable to being hacked. Other important user data on the app wasn't encrypted at all, the report found.

That means the data could be read by Chinese Internet service providers or telecommunications companies through Wi-Fi hotspots at hotels, airports and Olympic venues.

The Citizen Lab report said the app was mandatory for attendees of the games, and the International Olympic Committee's official guidance instructs attendees to download the app before they come to China. But the IOC issued a statement Tuesday saying the smartphone app was not compulsory.

The IOC also pushed back against Citizen Lab's report, saying two independent cybersecurity testing organisations had found no critical vulnerabilities with the app.

China is requiring all international Olympic attendees — including coaches and journalists — to log into a health monitoring system at least 14 days before their departure. They can use the app to do so, or can log in through a Web browser on a PC. The app allows users to submit required health information on a daily basis and is part of China's aggressive effort to manage the coronavirus pandemic while hosting the games, which begin February 4. The multipurpose app also includes chat features, file transfers, weather updates, tourism recommendations and GPS navigation.

Citizen Lab's report comes amid heightened concerns over athletes' data and privacy. Many countries are advising their athletes not to take their normal smartphones to China, but instead to bring temporary — or burner — phones that do not store any sensitive personal data, according to news reports.

The US Olympic & Paralympic Committee issued an advisory to athletes telling them to “assume that every device and every communication, transaction, and online activity will be monitored.”

“There should be no expectation of data security or privacy while operating in China,” the advisory said.

China has a well-documented history of conducting muscular surveillance of its citizens and aggressive cyber-spying on others. But Citizen Lab said there was no evidence that the easily discoverable security flaws in the MY2022 app were placed intentionally by the Chinese government. For one, much of the sensitive health information held on the app is required to be submitted directly to authorities on health customs forms, the report said.

Citizen Lab said the security vulnerabilities found in MY2022 app are similar to those found in popular Chinese Web browsers and noted that “insufficient protection of user data is endemic to the Chinese app ecosystem.”

“In light of previous work analysing popular Chinese apps, our findings concerning MY2022 are, while concerning, not surprising,” the report said.

Citizen Lab said it reported the security issues to the Beijing Organizing Committee last month but did not receive a response. The report also said the app's security flaws could run afoul of Apple's and Google's policies for software used on iPhone handsets and Android devices. The two companies did not immediately return a request for comment.

The Android version of the MY2022 app included a list named “illegalwords.txt” that included 2,442 keywords, including some that could be politically sensitive and relate to China's actions toward Tibet and the Uyghur ethnic group.

The report said despite having the list bundled with the app, it does not appear to function. The Chinese government has long required tech companies to censor content and keywords deemed politically sensitive or inappropriate.


Why are Galaxy S21 FE and OnePlus 9RT launching now? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Winter Games, Olympics, Citizen Lab, App
Xiaomi 11T Pro 5G With 120Hz AMOLED Display, 120W Fast Charging Launched in India: Price, Specifications
Redmi K50 Series Teased to Feature CyberEngine Vibration Motor, Could Rival Haptics on Apple’s iPhone Models
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »