China’s Olympics App Is Horribly Insecure

2022-01-21 12:06

China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month.

Citizen Lab examined the app and found it riddled with security holes.

MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users' voice audio and file transfers can be trivially sidestepped.

As the app collects a range of highly sensitive medical information, it is unclear with whom or which organization(s) it shares this information.

While the vendor did not respond to our security disclosure, we find that the app's security deficits may not only violate Google's Unwanted Software Policy and Apple's App Store guidelines but also China's own laws and national standards pertaining to privacy protection, providing potential avenues for future redress.

The app also included a list of 2,422 political keywords, described within the code as "Illegalwords.txt," that worked as a keyword censorship list, according to Citizen Lab.

News URL

https://www.schneier.com/blog/archives/2022/01/chinas-olympics-app-is-horribly-insecure.html

#china #olympics