Security News > 2022 > January > Vulnerabilities and censorship tools among hot new features in Beijing's Olympics app
Toronto-based Citizen Lab has warned that an app required by Beijing law to attend the 2022 Olympics contains vulnerabilities that can leak calls and data to malicious users, as well as the potential to subject the user to scanning for censored keywords.
The playbooks [PDF], which are documents that serve as info guides for Olympics-goers, instruct international visitors to download the app and use it to monitor health for 14 days prior to their departure for China.
While the app may be useful for many reasons, it is required of all attendees ostensibly as a method of keeping coronavirus out of the Olympics in support of China's goal of zero COVID. These types of apps are used commonly by governments to stop the spread of COVID, but they are also commonly breached and exploited.
While the playbook states that "My 2022 app is in accordance with international standards and Chinese law," Citizen Lab has pointed out that internet platforms in China must control content communicated via their technology or face penalties.
As for the potential for censorship, it was found within a file bundled on the Android version called "Illegalwords.txt." The file contained 2,442 keywords considered politically sensitive or just plain offensive in China, for example "Tiananmen" or "Chinese are all dogs." Citizen Lab did not find functionality for censorship within the app so could not determine whether the keyword list was entirely inactive or intentionally inactive.
"The censorship may have been intentionally disabled, in a bid to hide the extent of China's censorship regime from outsiders or out of pressure from the IOC, who has previously attempted negotiations with the Chinese government over what content it can and cannot censor at the games," said Citizen Lab.