A smartphone app that’s expected to be widely used by athletes and others attending next month’s Winter Games in Beijing has glaring security problems that could expose sensitive data to interception, according to a report published Tuesday.
Citizen Lab, an internet watchdog group, said in its report the MY2022 app has seriously flawed encryption that would make users’ sensitive data and any other data communicated through it vulnerable to being hacked. Other important user data on the app wasn’t encrypted at all, the report found.
That means the data could be read by Chinese internet service providers or telecommunications companies through Wi-Fi hotspots at hotels, airports and Olympic venues.
The Citizen Lab report said the app was mandatory for attendees of the games, and the International Olympic Committee’s official guidance instructs attendees to download the app before they come to China. But the IOC issued a statement Tuesday saying the smartphone app was not compulsory.
The IOC also pushed back against Citizen Lab’s report, saying two independent cybersecurity testing organizations had found no critical vulnerabilities with the app.
China is requiring all international Olympic attendees including coaches and journalists to log into a health monitoring system at least 14 days before their departure. They can use the app to do so, or can log in through a web browser on a PC. The app allows users to submit required health information on a daily basis and is part of China’s aggressive effort to manage the coronavirus pandemic while hosting the games, which begin Feb. 4. The multipurpose app also includes chat features, file transfers, weather updates, tourism recommendations and GPS navigation.
Citizen Lab’s report comes amid heightened concerns over athletes’ data and privacy. Many countries are advising their athletes not to take their normal smartphones to China, but instead to bring temporary or burner phones that do not store any sensitive personal data, according to news reports.
The U.S. Olympic & Paralympic Committee issued an advisory to athletes telling them to assume that every device and every communication, transaction, and online activity will be monitored.
There should be no expectation of data security or privacy while operating in China, the advisory said.
China has a well-documented history of conducting muscular surveillance of its citizens and aggressive cyber-spying on others. But Citizen Lab said there was no evidence that the easily discoverable security flaws in the MY2022 app were placed intentionally by the Chinese government. For one, much of the sensitive health information held on the app is required to be submitted directly to authorities on health customs forms, the report said.
Citizen Lab said the security vulnerabilities found in MY2022 app are similar to those found in popular Chinese web browsers and noted that insufficient protection of user data is endemic to the Chinese app ecosystem.
In light of previous work analyzing popular Chinese apps, our findings concerning MY2022 are, while concerning, not surprising, the report said.
Citizen Lab said it reported the security issues to the Beijing Organizing Committee last month but did not receive a response. The report also said the app’s security flaws could run afoul of Apple’s and Google’s policies for software used on iPhones and Android devices. The two companies did not immediately return a request for comment.
The Android version of the MY2022 app included a list named illegalwords.txt that included 2,442 keywords, including some that could be politically sensitive and relate to China’s actions toward Tibet and the Uyghur ethnic group.
The report said despite having the list bundled with the app, it does not appear to function. The Chinese government has long required tech companies to censor content and keywords deemed politically sensitive or inappropriate.
(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)
Dear Reader,
Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.
As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.
Support quality journalism and subscribe to Business Standard.
Digital Editor
For all the latest Sports News Click Here
