Beijing Winter Olympics App Has Massive Security Issues

In a recent development, it was revealed that Beijing’s Winter Olympics app, My 2022, which is mandatory for all athletes and visitors alike has severe encryption flaws, making it susceptible to hackers from all around.

The flaw was first detected by a Canadian Research Group, Citizen Lab. The flaw violates the SSL protocols (which creates an encrypted link between a web server and a browser) and places thousands at risk of getting their personal data exposed over the internet.

Built by Beijing’s organizing committee, the app is used as an all-in-one guide for live monitoring of COVID-19 cases, travel information, and other personal data of everyone involved.

The research group also found a list called “illegalwords.txt” of “politically sensitive” phrases, in the app, many of which relate to China’s current political situation including the issues of Tibetan and Uighur Muslim minorities. The list is marked for censorship in its code, though it does not appear to actively use the list to filter out any communications.

Citizen Lab further said that it had notified the Chinese organizing committee for the Olympic games in early December and had given them 15 days to respond and 45 days to fix the problem, but had received no reply. Following this, a January update did not fix the reported problems, which most likely puts the app in violation of China’s newly enacted personal data protection laws, as well as the privacy policies required to list an app on Google’s and Apple’s stores.

The new concerns about the app underscore broader worries about censorship and surveillance during the Olympic games in China.

Since the start of the Covid-19 pandemic, the Chinese government has relied on app-based tracking to control outbreaks and monitor lockdown in cities reporting a surge in COVID cases. However, at times, such systems have been less than secure or transparent. In a similar event, back in 2020, Alibaba-based tracking software had disclosed personal data of over a billion users to the local police without warning them.