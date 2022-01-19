The Chinese Olympics app was found exploiting the data of users. The app, which is called the MY2022, was made mandatory for everyone attending this year's Olympic Games to be held in Beijing. However, it was discovered that the app has too many loopholes. The app has a security flaw that can steal the personal data of users, including the passport details, health records, and travel histories of users who have installed the app. The security researchers also unearthed that app code has two security holes that could expose the information of users.

"MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users' voice audio and file transfers can be trivially sidestepped. Health customs forms which transmit passport details, demographic information, and medical and travel history are also vulnerable. Server responses can also be spoofed, allowing an attacker to display fake instructions to users," the key findings of Citizen Lab revealed.

The report noted that the app collects a range of highly sensitive medical information despite being straightforward about the types of data it collects from users. The app does not reveal with whom or which organization it shares the information collected by users. The mandatory Olympics app also comes with features that allow users to report "politically sensitive" content. The app has a censorship keyword list, targets a variety of political topics including domestic issues such as Xinjiang and Tibet as well as references to Chinese government agencies, the findings reveal.

The 2022 Winter Olympic Games are expected to be held from February 4 to 20 in Beijing. Keeping the Covid-19 situation in mind, China has made it compulsory for all international and domestic attendees of the Games to download MY2022 14 days prior to their departure for China and to start monitoring and submitting their health status to the app on a daily basis. The MY2022 app was built by the Beijing Organizing Committee for the 2022 Olympics.

The report by Citizen lab reveals that for domestic users, the app collects personal information including name, national identification number, phone number, email address, profile picture, and employment information and shares it with the Beijing Organizing Committee for the 2022 Olympics. For international users, the app collects a different set of personally identifiable information, including users' demographic information and passport information, as well as the organization to which they belong.