China's mandatory Olympics app raises privacy and censorship concerns, watchdog group warns

The group found a 'simple but devastating flaw' in the tracking app

An app that China is using to track attendees at the Beijing Olympics next month has raised concerns from a cybersecurity watchdog about "a simple but devastating flaw" that it says poses privacy concerns.

The Citizen Lab, based at the University of Toronto, said in an extensive report by research associate Jeffrey Knockel that the mandatory MY2022 app fails to validate some SSL certificates, which could leave open information to being intercepted by a malicious host, as reported by The Canadian Press.

Those who attend the Olympics, including athletes and journalists, are required to download the app and upload their health and vaccination information to track potential outbreaks of COVID-19. The report warns that sensitive data even unrelated to medical information could leak given the flaws in the app, which was built by the Beijing Organizing Committee.

A man wearing a face mask with the image of China's President Xi Jinping joins other human rights activists holding Olympic Rings as they protest in Taipei against the 2022 Beijing Olympic Games to mark Human Rights Day on Dec. 10, 2021. (Photo by SAM YEH/AFP via Getty Images)

"The worst case scenario is that someone is intercepting all the traffic and recording all the passport details, all the medical details," Knockel warned.

Citizen Lab said it had notified the Chinese organizing committee for the Games in December about the potential issues but had never received a response.

INGRAHAM ENCOURAGES AMERICANS TO BOYCOTT WATCHING BEIJING OLYMPICS OVER CHINA'S HUMAN RIGHTS VIOLATIONS

The report also pointed out how it discovered a list of words and phrases in the app that are generally considered to be "politically sensitive" in China. Many of the phrases on the list were related to issues regarding the Chinese Communist Party (CCP), Tibetan or Uighur Muslim minorities, as well as Chinese President Xi Jinping.

The Chinese and Olympic flags flutter at the headquarters of the Beijing Organizing Committee for the 2022 Olympic and Paralympic Winter Games in Beijing, China Nov. 12, 2021. (REUTERS/Thomas Suen/File Photo)

Pointing out how it remained uncertain if the list was being actively used to censor such topics, Knockel said, "We don't know whether they intended for it to be inactive or whether they intended for it to be active, but either way, it's something that....can be enabled at the flick of a switch."

CLICK TO GET THE FOX NEWS APP

"China has a history of undermining encryption technology to perform political censorship and surveillance," Knockel wrote.

"As such, it is reasonable to ask whether the encryption in this app was intentionally sabotaged for surveillance purposes or whether the defect was born of developer negligence," Knockel continued.

"However, the case for the Chinese government sabotaging MY2022’s encryption is problematic," he added.

Load more..