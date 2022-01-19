“There should be no expectations of security or data privacy while operating in China” (REUTERS / Thomas Peter)

A smartphone app that athletes and others attending next month’s Winter Olympics in Beijing are required to install has glaring security issues that could expose sensitive data to interception., according to a report released Tuesday.

Citizen Lab, an Internet watchdog group, said in its report that the MY2022 app has seriously flawed encryption that would make users’ sensitive data, and any other data communicated through it, vulnerable to hacking. Other important user data in the app was not encrypted at allfound the report.

That means Chinese internet service providers or telecommunications companies could read the data through Wi-Fi hotspots in hotels, airports and Olympic venues.

China requires all international Olympic attendees, including coaches and journalists, to download and start using the app 14 days before their departure. The app allows users to submit required health information on a daily basis and is part of China’s aggressive effort to manage the coronavirus pandemic while hosting the games, which start on February 4. The multipurpose app also includes chat features, file transfers, weather updates, tourist recommendations, and GPS navigation.

The Citizen Lab report comes amid a great concern for the data and privacy of athletes. Many countries are advising their athletes not to bring their normal smartphones to China, but to bring temporary, or disposable, phones that do not store any sensitive personal data, according to news reports.

The US Olympic and Paralympic Committee issued a notice to athletes telling them to Take it for granted “that all devices and all online communications, transactions and activities will be monitored.”

“There should be no expectations of data security or privacy while operating in China”said the notice.

China has a well-documented history of strict surveillance of its citizens and aggressive cyber espionage of others. But Citizen Lab said there was no evidence that the easily detectable security flaws in the MY2022 app were intentionally placed by the Chinese government. For one thing, much of the sensitive health information contained in the app must be sent directly to authorities on health customs forms, according to the report.

Citizen Lab said that the security vulnerabilities found in the MY2022 app are similar to those found in popular Chinese web browsers and noted that “insufficient protection of user data is endemic to the Chinese app ecosystem.”

“In light of previous work looking at popular Chinese apps, our findings on MY2022 are not surprising, although they are concerning,” the report says.

Citizen Lab said that reported the security problems to the Beijing Organizing Committee last month, but did not receive a response.. The report also said the app’s security flaws could conflict with Apple and Google policies for software used on iPhone and Android devices.

The Android version of the MY2022 app included a list called “illegal words.txt” which included 2,442 keywords, including some that could be politically sensitive and related to China’s actions towards Tibet and the Uyghur ethnic group.

The report says that despite having the list included with the app, it doesn’t seem to work. The Chinese government has long required tech companies to censor content and keywords deemed politically sensitive or inappropriate.

