According to a Citizen Lab report, researchers have discovered significant privacy risks with the app. They found a critical weakness in the app’s encryption system, which allows middlemen to view documents, audio, and files in cleartext form.
The software is prone to censoring based on a list of keywords and has an uncertain privacy policy about who gets and processes the data received from users.
Is My2022 Olympic App necessary during the Games?
All athletes, members of the press, and audience members are required to have the My 2022 App. When the app is installed, it will gather names, national ID numbers, phone numbers, email addresses, profile pictures, and job information.
It also gathers full passport information, Covid-19 vaccination status, demographic data, and the organization Foreigners work for.
Why is My2022 app at Risk?Â
According to Citizen Lab’s research, an attacker might fake the servers, intercept data transferred from the app, and subsequently gather data from the users. In addition to the server spoofing issue, the researchers discovered that sent data is not always encrypted, meaning critical metadata communications might be intercepted and read in plaintext through basic network packet eavesdropping.
On December 3, 2021, the flaws were reported to the Beijing Organizing Committee for the 2022 Olympic and Paralympic Winter Games, but there has been no response as of now.
Continue reading at Citizen Labs
