Beijing 2022 app puts users at risk
Published on January 20th, 2022
An app that those participating in next month’s Beijing 2022 Olympics must install on their phones poses serious security risks for personal information and raises censorship concerns due to more than 2,400 flagged words, an analysis by a Toronto research lab has found.
The Citizen Lab at the University of Toronto’s Munk School of Global Affairs and Public Policy released a report detailing major concerns about the app, MY2022, such as the possibility of files and audio recordings being easily intercepted by third parties.
Due to the COVID-19 pandemic, all international and domestic attendees of the Games are mandated to download MY2022 14 days prior to their departure for China and to start monitoring and submitting their health status to the app on a daily basis.
Among the key findings is how the app has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Health customs forms which transmit passport details, demographic information, and medical and travel history are also vulnerable. Server responses can also be spoofed, allowing an attacker to display fake instructions to users. – Full report