The IOC issued a statement Tuesday saying the smartphone app was not compulsory and that cybersecurity testing organizations found no critical vulnerabilities with the app.

technology, us, android, chinese olympic app has serious security flaws, report finds

A smartphone app that’s expected to be widely used by athletes and others attending next month’s Winter Games in Beijing has glaring security problems that could expose sensitive data to interception, according to a report published Tuesday.

Citizen Lab, an internet watchdog group, said in its report the MY2022 app has seriously flawed encryption that would make users’ sensitive data — and any other data communicated through it — vulnerable to being hacked. Other important user data on the app wasn’t encrypted at all, the report found.

That means the data could be read by Chinese internet service providers or telecommunications companies through Wi-Fi hotspots at hotels, airports and Olympic venues.

The Citizen Lab report said the app was mandatory for attendees of the games, and the International Olympic Committee’s official guidance instructs attendees to download the app before they come to China. But the IOC issued a statement Tuesday saying the smartphone app was not compulsory.

The IOC also pushed back against Citizen Lab’s report, saying two independent cybersecurity testing organizations had found no critical vulnerabilities with the app.

China is requiring all international Olympic attendees — including coaches and journalists — to log into a health monitoring system at least 14 days before their departure. They can use the app to do so, or can log in through a web browser on a PC. The app allows users to submit required health information on a daily basis and is part of China’s aggressive effort to manage the coronavirus pandemic while hosting the games, which begin Feb. 4. The multipurpose app also includes chat features, file transfers, weather updates, tourism recommendations and GPS navigation.

Citizen Lab’s report comes amid heightened concerns over athletes’ data and privacy. Many countries are advising their athletes not to take their normal smartphones to China, but instead to bring temporary — or burner — phones that do not store any sensitive personal data, according to news reports.

The U.S. Olympic & Paralympic Committee issued an advisory to athletes telling them to “assume that every device and every communication, transaction, and online activity will be monitored.”

“There should be no expectation of data security or privacy while operating in China,” the advisory said.

China has a well-documented history of conducting muscular surveillance of its citizens and aggressive cyber-spying on others. But Citizen Lab said there was no evidence that the easily discoverable security flaws in the MY2022 app were placed intentionally by the Chinese government. For one, much of the sensitive health information held on the app is required to be submitted directly to authorities on health customs forms, the report said.

Citizen Lab said the security vulnerabilities found in MY2022 app are similar to those found in popular Chinese web browsers and noted that “insufficient protection of user data is endemic to the Chinese app ecosystem.”

“In light of previous work analyzing popular Chinese apps, our findings concerning MY2022 are, while concerning, not surprising,” the report said.

Citizen Lab said it reported the security issues to the Beijing Organizing Committee last month but did not receive a response. The report also said the app’s security flaws could run afoul of Apple’s and Google’s policies for software used on iPhones and Android devices. The two companies did not immediately return a request for comment.

The Android version of the MY2022 app included a list named “illegalwords.txt” that included 2,442 keywords, including some that could be politically sensitive and relate to China’s actions toward Tibet and the Uyghur ethnic group.

The report said despite having the list bundled with the app, it does not appear to function. The Chinese government has long required tech companies to censor content and keywords deemed politically sensitive or inappropriate.

NEWS RELATED

Apple Watch Series 8 leaks point to big redesign with flat edges

Apple has had trouble keeping products secret ahead of their reveal in recent years. There are occasional exceptions to that rule, though, such as the design of the Apple Watch Series 7. For months, typically reliable leakers claimed that Apple’s latest smartwatch would have a brand new design with ...

View more: Apple Watch Series 8 leaks point to big redesign with flat edges

Google's Russian business plans to file for bankruptcy

a woman walks past the logo for Google at the China International Import Expo in Shanghai, Nov. 5, 2018. Google says its Russian subsidiary is planning to file for bankruptcy because it can’t pay staff and suppliers. Russian state media reported Wednesday, May 18, 2022 that the U.S. tech ...

View more: Google's Russian business plans to file for bankruptcy

Discovery uncovers need for ammonia emission regulations

The European Organization for Nuclear Research’s (CERN) cloud chamber can recreate temperature conditions anywhere in the atmosphere, enabling researchers to monitor and analyze particle formation in different regions. Credit: European Council for Research Nuclear (CERN) A discovery by former Carnegie Mellon Ph.D. student, Mingyi Wang, leading a large collaborative ...

View more: Discovery uncovers need for ammonia emission regulations

Next-generation weather models cross the divide to real-world impact

The NOAA Hazardous Weather Testbed provides a conceptual framework and a physical space to foster collaboration between research and operations to test and evaluate emerging technologies and science for NWS operations. Here, a scene from the 2020 Spring Experiment. Credit: NOAA Each winter, spring, and summer, extreme weather forecasters ...

View more: Next-generation weather models cross the divide to real-world impact

Cet écran gaming LG 34″ (144 Hz, 1 ms) est plus accessible après 27 % de réduction

Envie de vous équiper d’un écran PC de compétition taillé pour le gaming ? Amazon propose l’écran LG UltraGear 34GL750-B 34″ en promotion. Au lieu de 479,99 euros, vous allez pouvoir en profiter à 349,99 euros. © Fournis par Frandroid LG UltraGear 34GL750-B // Source LG Réputés pour ses téléviseurs ...

View more: Cet écran gaming LG 34″ (144 Hz, 1 ms) est plus accessible après 27 % de réduction

Voiture électrique : 5 modèles neufs disponibles à moins de 300 €/mois

Même avec les aides gouvernementales, les voitures électriques restent assez onéreuses. Mais avec les solutions de financement qui existent aujourd’hui, il est possible de s’offrir un modèle électrique pour des mensualités acceptables. Nous vous avons sélectionné 5 modèles en dessous de 300 euros par mois. © Fournis par Frandroid hyundai-ioniq-5-46_resultat En début ...

View more: Voiture électrique : 5 modèles neufs disponibles à moins de 300 €/mois

How to restart an Android phone when the power button is broken

Not restarting your Android phone when the power button fails is one of the “accidents” that keep you from using your device. But don’t worry, you can still restart your Android phone and use it as usual without the power button by following the tips in this article. Tips to ...

View more: How to restart an Android phone when the power button is broken

Build new data science skills with this A-to-Z training bundle deal

Data science is becoming one of the core drivers of not just IT but a wide range of industries it serves. The A to Z Data Science & Machine Learning Bundle grants valuable insight into how data is recorded, sorted, managed, and analyzed to draw important insights from huge ...

View more: Build new data science skills with this A-to-Z training bundle deal

Two-step molecular process rewires nutrient transport in wild thale cress

Graphene-wrapped zeolite membranes for fast hydrogen separation

For wetland plants, sea-level rise stamps out benefits of higher carbon dioxide

Rescue Cut Rope Puzzle Game Answers

Android rebrands mobile security measures under one umbrella

How to Buy Bitcoin With the Strike Mobile App

Solar Orbiter: Striking new imagery of our Sun has been released

Fintech unicorn Slice wants to diversify beyond its credit card offering

5 Best Accessories For Your RGB Gaming PC

Best Cases for the 2018 and 2017 9.7-inch iPad 2022

People Counting Systems in 2022: how they work and why they’re important.

Product review: We test SMS Storetraffic’s 2022 people counting system.

OTHER NEWS