A smartphone app that’s expected to be widely used by athletes and others attending next month’s Winter Games in Beijing has glaring security problems that could expose sensitive data to interception, according to a report published Tuesday.
Citizen Lab, an internet watchdog group, said in its report the MY2022 app has seriously flawed encryption that would make users’ sensitive data and any other data communicated through it vulnerable to being hacked. Other important user data on the app wasn’t encrypted at all, the report found.
That means the data could be read by Chinese internet service providers or telecommunications companies through Wi-Fi hotspots at hotels, airports and Olympic venues.
MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped.
— Citizen Lab (@citizenlab) January 18, 2022
The Citizen Lab report said the app was mandatory for attendees of the games, and the International Olympic Committee’s official guidance instructs attendees to download the app before they come to China. But the IOC issued a statement Tuesday saying the smartphone app was not compulsory.
The IOC also pushed back against Citizen Lab report, saying two independent cybersecurity testing organizations had found no critical vulnerabilities with the app.
MY2022 is fairly straightforward about the types of data it collects from users in its public-facing documents. However, as the app collects a range of highly sensitive medical information, it is unclear with whom or which organization(s) it shares this information.
— Citizen Lab (@citizenlab) January 18, 2022
China is requiring all international Olympic attendees including coaches and journalists to log into a health monitoring system at least 14 days before their departure. They can use the app to do so, or can log in through a web browser on a PC. The app allows users to submit required health information on a daily basis and is part of China’s aggressive effort to manage the coronavirus pandemic while hosting the games, which begin Feb. 4.
The multipurpose app also includes chat features, file transfers, weather updates, tourism recommendations and GPS navigation.