Security researchers from Citizen Lab have conducted a security review of the official app for the Beijing 2022 Winter Olympics and found it to be insecure when it comes to protecting the sensitive data of its users.
In their detailed report, the researchers analyzed the ‘My 2022’ app for privacy and security issues and found that the app collects the following sensitive information:
- Device identifiers and model
- Cellular service provider information
- Installed apps on the device
- WLAN status
- Real-time location
- Audio information
- Device storage access
- Location access
In addition to the above massive privacy leaks, the app’s encryption system has a significant flaw that enables ‘middle-men’ to access documents, audio, and files in cleartext form.
One of the scariest things is that the use of the ‘My 2022’ app isn’t optional if you are going to compete in or attend these games in person. All competing athletes, members of the press, and the audience have to install the app and add their personal information to it. If you are watching from home, you do not need to install it, and I strongly advise you against this until its makers have fixed these massive security holes.
We have reached out to the app developers to see what they are doing to fix these issues, and I will let you know if we hear anything back.
Thanks and have a great day.
Incognito Privacy Care Team.