Investigation by privacy advocates: China’s Olympics app has security holes

All athletes and media people flying to Beijing for the Olympic Games should download the “My2022” app. But privacy advocates warn: The app has security gaps.

The Olympic app called “My 2022” should be downloaded two weeks before departure and used during the entire stay in China. Users should enter their body temperature every day and how they are doing. In addition, the results of PCR tests and vaccinations are stored in the app.

espionage and data theft

But the privacy advocates from CitizenLab warn against espionage and data theft. The researchers from the University of Toronto in Canada say, for example, that the transmitted data is not encrypted well enough. Voice messages, passport data, travel details or location data are not safe.

Attackers could also manipulate the app in such a way that they could give users incorrect instructions. In addition, it is not clear who has access to the personal data collected.

Function: Report Politically Sensitive Content

The researchers from the University of Toronto also point to a function that can be used to report politically sensitive content. The app also contains a list of words that could potentially alarm the censorship authorities in China – for example terms such as Xinjiang, Tibet and the name of state and party leader Xi Jinping.

According to the Canadian researchers, the smartphone application could not only violate the rules of the Google and Apple app stores, but also the Chinese data protection guidelines.

Athletes should leave their smartphones at home

In a first reaction to the investigation, the Chinese authorities said that everything was safe, that the “My 2022” app was used to protect against infection during the corona pandemic.

There have long been concerns about data security at the Olympic Games. China’s government heavily monitors and censors the Internet. Almost all non-Chinese encrypted messenger apps are blocked. Some delegations have therefore asked Olympic participants to leave their private smartphones at home. The German Olympic Sports Confederation also offers athletes replacement phones.