The International Olympic Committee has defended China’s MY2022 Olympics app following a report from Citizen Lab that found serious privacy issues with the platform.
All attendees of the 2022 Olympic Games in Beijing need to download and use the app, but Citizen Lab released a report on Monday that said a “simple but devastating flaw” allows the encryption protecting users’ voice audio and file transfers to be “trivially sidestepped.”
According to Citizen Lab, passport details, demographic information, and medical/travel history in health customs forms are also vulnerable. Server responses can be spoofed, allowing an attacker to display fake instructions to users, according to the report.
The MY2022 app also allows users to report “politically sensitive” content and includes a censorship keyword list involving topics like Xinjiang and Tibet.
Citizen Lab noted that the app may violate Google’s Unwanted Software Policy, Apple’s App Store guidelines, and China’s own laws and national standards pertaining to privacy protection. Google and Apple did not respond to requests for comment.
The report caused widespread outrage, since the thousands of people at the games will have no choice but to download the app if they want to represent their country.
In comments to ZDNet, the International Olympic Committee