Analysts worry that the Beijing Olympics app, My2022, is vulnerable to data breaches

Image credit: DW

Analysts warn that the Beijing Winter Olympics app, which all guests must use, has security flaws that expose users to data breaches.

Athletes, audience members, and journalists will use the My2022 app to track COVID on a daily basis. Voice chats, file transfers, and Olympic news will all be available through the app. However, Citizen Lab, a cybersecurity firm, claims that many of the app’s files are not encrypted.

The publication of the study comes with an increase in security advisories for visitors ahead of the Games, which begin on February 4th.

Various experts have advised that people attending the Beijing Olympics bring burner phones and create email accounts for their time in China.

Athletes have also been advised to leave their main devices at home before travelling in China, according to reports.

Analysts said the illegal words file looked to be dormant at the moment, but they couldn’t say for sure. The 2,442 terms were mostly tied to politics, or they referenced harsh words and illegal commodities, according to a list of them. The majority of them were in simplified Chinese, but there were a few in Tibetan, Uyghur, and English as well.

There are references to the 1989 killing of pro-democracy demonstrators in Tiananmen Square and the religious group Falun Gong, which is banned in China, on the list, as well as names of Chinese officials and government institutions.

All visitors to the Games must download the app 14 days before their departure for China and use it to track their COVID status daily.

Foreign visitors must also upload sensitive information that has previously been provided to the Chinese government, such as passport information and travel and medical histories.

The software fails to authenticate digital security, or SSL, certificates of forwarding sites, according to the analysts, and some data were sent without any SSL protection or encryption at all.

Analysts have warned that uncovered flaws might trigger China’s consumer privacy laws, as well as Google and Apple’s app store policies.

While the problems revealed were troubling, the authors added that they “are not particularly unusual for apps functioning in China.”