Navigation
  •  

Security researchers spot flaws, surveillance in official Beijing Olympics app

Chinese President Xi Jinping waves to deputies at the 13th National People's Congress in Beijing on Tuesday, March 20, 2018. (Lan Hongguang/Xinhua/Sipa USA/TNS)
January 24, 2022

This article was originally published by Radio Free Asia and is reprinted with permission.

As the ruling Chinese Communist Party (CCP) gears up to host the 2022 Winter Olympics from Feb. 4, security researchers in Canada have highlighted “serious security flaws” in a compulsory app for all participants.

The app, “MY2022”, is mandated for use by all attendees of the 2022 Olympic Games in Beijing, and contains a “simple but devastating flaw” where encryption protecting users’ voice audio and file transfers can be trivially sidestepped, the Toronto-based Citizen Lab reported.

While the app is transparent about the types of data it collects from users in its public-facing documents, it doesn’t specify which organizations it will share sensitive medical data with.

Researchers found serious flaws in the app that could easily make audio files, customs data, medical records and travel histories vulnerable to hacking.

It also includes a feature that allows users to report “politically sensitive” content, including any mention of rights abuses in Xinjiang and Tibet.

More than 180 human rights groups have called on governments to boycott the Games during the past year, arguing that taking part will legitimize a regime engaging in what the United States has termed a genocide against the Uyghur people in Xinjiang.

The uncertain fate of tennis star Peng Shuai, who disappeared from the public eye after posting allegations of sexual abuse against former vice premier Zhang Gaoli, only to re-emerge in carefully controlled photos, videos and pro-CCP media interviews, has also cast a shadow over the event, with the Women’s Tennis Association suspending all tournaments on Chinese soil over the incident.

Citizen Lab warned that any online platform operating in China are legally required to control content communicated over their platforms or face penalties, and the My2022 app will be no exception.
As well as functioning as a social media platform, the My2022 app can also be used to submit required health customs information for those visiting China from abroad, which includes submitting passport details, demographic information, as well as travel and medical histories, it said.

According to report author Jeffrey Knockel, the app transmits data in a “very insecure” way, and personal information can easily be intercepted or misdirected to untrusted hosts, with users powerless to prevent it.

Kyle Matthews, executive director of the Montreal Institute for Genocide and Human Rights, said the findings show that anyone participating in the Beijing Olympics will be subject to surveillance by the Chinese authorities.

Olympic Blue’Meanwhile, the CCP is mobilizing huge sections of industry to shut down ahead of the Games, in a bid to achieve dazzlingly clear skies over Beijing, known satirically online as “Olympic Blue.”

In the northern industrial city of Tangshan, cement, steel and other heavy industrial plants have been ordered to close, with similar notices issued to polluters in Beijing, Tianjin and Hebei.

Chen Gang, assistant director of the East Asian Institute at the University of Singapore, said similar orders have preceded most major events in China in recent years, including the Asia-Pacific Economic Cooperation (APEC) forum.

“But because this is done as a political campaign, the institutional and roots causes of the pollution aren’t addressed,” Chen said. “Air quality after the event usually goes back to the way it was before the event, or even increases.”

He said some of the pollution is being relocated to other parts of China.

“To ensure good air quality in Beijing, they relocate some factories to other provinces, but the pollution source still exists elsewhere in China,” Chen said. “It’s just a geographical shift: it doesn’t remove the pollution.”