Connect with us

Hi, what are you looking for?


My2022: Beijing Olympics app vulnerable to data breaches, analysts warn

Image source, Reuters

The Beijing Winter Olympics app that all Games attendees must use contains security weaknesses that leave users exposed to data breaches, analysts warn.

The My2022 app will be used by athletes, audience members and media for daily Covid monitoring.

The app will also offer voice chats, file transfers and Olympic news.


But cybersecurity group Citizen Lab says the app fails to provide encryption on many of its files.

The release of its report coincides with a rise in warnings about visitors’ tech security ahead of the Games, which begin on 4 February.

People attending the Beijing Olympics should bring burner phones and create email accounts for their time in China, various experts have advised.

Several countries have also reportedly told athletes to leave their main devices at home before arriving in China.

Censorship concerns

The authors of the Citizen Lab report said they had also found a “censorship keywords” list built into the app, and a reporting feature that can be used to flag other “politically sensitive” expressions.

The analysts noted that these features and security flaws weren’t atypical for apps operating in China, but they posed a risk nonetheless to users.

Analysts said the “illegal words” file appeared currently to be inactive, but it was unclear.

A list of the 2,442 keywords showed them to be mainly politics related, or referenced swear words and illegal goods. Most were in simplified Chinese, but some were also in Tibetan, Uyghur and English.

The list includes the names of Chinese leaders and government agencies, as well as references to the 1989 killing of pro-democracy protesters in Tiananmen Square and the religious group Falun Gong, which is banned in China.

Both the list and the reporting button are features typical of many popular apps used or developed in China, the analysts said. But it could lead to “non-transparent content removal and malicious reporting [of others]”.

All visitors to the Games are required to download the app 14 days prior to their departure for China, and use it to record daily their Covid status.

For foreign visitors they also need to upload sensitive information already submitted to the Chinese government – like passport details and travel and medical histories.

The splash screen of the My2022 Winter Olympics app

Image source, CITIZENLAB

Citizen Lab said transmission weaknesses in the app’s software could lead to easy exploitation of data by a hacker, if targeted.

The analysts noted that the app fails to validate digital security, or SSL, certificates of forwarding sites, and some data was transmitted without any SSL protection or encryption at all.

Analysts warned that exposed weaknesses could trigger China’s own consumer privacy laws, as well as the policies on Google and Apple app stores.

The authors also wrote that while the flaws discovered were concerning, they “are not particularly surprising for apps operating in China”.

“While we found glaring and easily discoverable security issues with the way that My2022 performs encryption, we have also observed similar issues in Chinese-developed Zoom, as well as the most popular Chinese Web browsers,” the authors wrote.

You May Also Like

European Union

After a Russian-occupied Zaporizhzhia nuclear plant in Ukraine was detained, U.N. nuclear watchdog chief Rafael Grossi announced that the man responsible has been released....

United States

The goal is “energy security,” lobbyists said, although clean-energy advocates counter that wind and solar provide more protection from boom-and-bust oil markets. Russian troops...


For many years we have seen how the Soft Power used by the Kremlin works exclusively through culture, exhibitions, musical groups presentations, etc. It...

United States

The body of the stone dealer had been decaying for several weeks by the time it was found in an Upper West Side apartment....