China’s Olympics app is mandatory for heath data, has privacy flaws, and a censorship blacklist

Fight Censorship, Share This Post!

The Beijing Winter Olympic Games, set to start on February 4, have an official and obligatory-to-use app – MY2022 – but security researchers found that it may not be safe due to poor encryption.

That means that users’ voice audio and file transfer data can be easily compromised, Citizen Lab said in a report presenting the findings of cross-country exposure analysis of MY2022.

Additionally, the group claims that the vulnerability also affects passport details, demographic and medical, and travel history, as well as server responses, that could allow a malicious actor “to display fake instructions to users.”

And the users of the app whose primary purpose is Covid tracing are everyone participating in the Olympics – athletes, fans, and media crews.

Citizen Lab said it was unclear with whom the app shares sensitive medical information that it collects.

According to media reports, a number of countries are now instructing their athletes to use new, burner phones and email accounts during their stay in China to avoid security breaches that can result in serious damage.

China’s state-run media outlets, however, are publishing articles saying that the app is comparable to the one used at the Olympic Games in Tokyo, and that all personal information “will be encrypted to ensure privacy.”

For Chinese users, this information includes name, national ID number, phone number, email, employment information and profile picture, while users coming from abroad will have their demographic and passport information and that identifying the organization they belong to collected and shared with the Beijing Games’ Organizing Committee.

Besides reportedly leaving files unencrypted and therefore easily exposed, more concerns emerging from the Citizen Lab report have to do with censorship features baked into the app, such as the inclusion of a (currently inactive) list of censorship keywords and the ability to report content that’s considered politically sensitive in China.

Citizen Lab believes that the state of the app’s security means it potentially violates Google’s and Apple’s app store rules, but also even China’s own privacy protection standards.

And all this, the organization said, provides “potential avenues for future redress.”

The post China’s Olympics app is mandatory for heath data, has privacy flaws, and a censorship blacklist appeared first on Reclaim The Net.

This post has been republished with implied permission from a publicly-available RSS feed found on Reclaim The Net. The views expressed by the original author(s) do not necessarily reflect the opinions or views of The Libertarian Hub, its owners or administrators. Any images included in the original article belong to and are the sole responsibility of the original author/website. The Libertarian Hub makes no claims of ownership of any imported photos/images and shall not be held liable for any unintended copyright infringement. Submit a DCMA takedown request.

Fight Censorship, Share This Post!

-> Click Here to Read the Original Article <-

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.