{"id":1223209,"date":"2022-01-18T19:52:46","date_gmt":"2022-01-19T00:52:46","guid":{"rendered":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/?p=1223209"},"modified":"2022-01-18T19:53:09","modified_gmt":"2022-01-19T00:53:09","slug":"mandatory-olympic-athlete-app-gives-china-data-goldmine","status":"publish","type":"post","link":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/mandatory-olympic-athlete-app-gives-china-data-goldmine\/","title":{"rendered":"Mandatory Olympic Athlete App Gives China Data Goldmine"},"content":{"rendered":"<aside class=\"mashsb-container mashsb-main mashsb-stretched\"><div class=\"mashsb-box\"><div class=\"mashsb-count mash-medium\" style=\"float:left\"><div class=\"counts mashsbcount\">16<\/div><span class=\"mashsb-sharetext\">SHARES<\/span><\/div><div class=\"mashsb-buttons\"><a class=\"mashicon-facebook mash-medium mash-nomargin mashsb-noshadow\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Fwww.conservativenewsdaily.net%2Fbreaking-news%2Fmandatory-olympic-athlete-app-gives-china-data-goldmine%2F\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Facebook<\/span><\/a><a class=\"mashicon-twitter mash-medium mash-nomargin mashsb-noshadow\" href=\"https:\/\/twitter.com\/intent\/tweet?text=&amp;url=https:\/\/www.conservativenewsdaily.net\/breaking-news\/?p=1223209&amp;via=ConservNewsDly\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Twitter<\/span><\/a><a class=\"mashicon-subscribe mash-medium mash-nomargin mashsb-noshadow\" href=\"#\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Subscribe<\/span><\/a><div class=\"onoffswitch2 mash-medium mashsb-noshadow\" style=\"display:none\"><\/div><\/div>\n            <\/div>\n                <div style=\"clear:both\"><\/div><\/aside>\n            <!-- Share buttons by mashshare.net - Version: 4.0.47--><div><img decoding=\"async\" src=\"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-content\/uploads\/2022\/01\/attending-olympics-beijing-download-my2022-an-app-china-is-monitor-covid-anay-640x335-1.png\" class=\"ff-og-image-inserted\" alt=\"image\" \/><\/div>\n<p class=\"subheading\"><span>Less than a week after Team USA <\/span><a href=\"https:\/\/www.breitbart.com\/sports\/2022\/01\/14\/team-usa-urges-athletes-to-use-burner-phones-thwart-chinese-spying-genocide-games\/\"><span>advised<\/span><\/a><span> Olympic athletes to purchase disposable \u201cburner\u201d phones to thwart Chinese surveillance of the Beijing Winter Olympics, researchers at the University of Toronto are warning of serious security issues in the \u201cMY2022\u201d smartphone app China is requiring all athletes, journalists, and spectators to download on their smartphones.<\/span><\/p>\n<p><a href=\"https:\/\/citizenlab.ca\/\"><span>Citizen Lab<\/span><\/a><span>, the University of Toronto\u2019s cybersecurity watchdog group, <\/span><a href=\"https:\/\/citizenlab.ca\/2022\/01\/cross-country-exposure-analysis-my2022-olympics-app\/\"><span>said<\/span><\/a><span> on Tuesday the MY2022 app \u201chas a simple but devastating flaw where encryption protecting users\u2019 voice audio and file transfers can be trivially sidestepped.\u201d<\/span><\/p>\n<figure id=\"D-ROS-B1\" class=\"a8d\"><\/figure>\n<figure id=\"M-ROS-B1\" class=\"a8d\"><\/figure>\n<figure id=\"gmxrevmore\" class=\"H\"><\/figure>\n<p><span>\u201cHealth customs forms which transmit passport details, demographic information, and medical and travel history are also vulnerable. Server responses can also be spoofed, allowing an attacker to display fake instructions to users,\u201d Citizen Lab found.<\/span><\/p>\n<p><span>Furthermore, while MY2022 greets users with friendly cartoons and \u201cfairly straightforward\u201d requests for information relevant to attending the Olympics, Citizen Lab discovered it also \u201ccollects a range of highly sensitive medical information\u201d and forwards it to parties unknown.<\/span><\/p>\n<p><span>\u201cOne of the functions MY2022 includes is to collect a list of medical information for health monitoring, which includes users\u2019 daily self-report health status, COVID-19 vaccination status, and COVID-19 lab test results,\u201d the researchers noted.&nbsp;<\/span><\/p>\n<figure id=\"M-ROS-B2\" class=\"a8d\"><\/figure>\n<p><span>The app also includes a tool for reporting \u201cpolitically sensitive\u201d content to Chinese authorities, and it has a secret \u201ccensorship keyword list\u201d with 2,442 entries targeting topics such as Tibetan Buddhism, the Uyghurs of Xinjiang province, the Tiananmen Square massacre, infighting between Communist Party elites, and criticism of the Chinese state.&nbsp;<\/span><\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Vague objections from the IOC (yes, that IOC) <br \/>*versus*<br \/>tech evidence methodically collected by <a href=\"https:\/\/twitter.com\/citizenlab?ref_src=twsrc%5Etfw\">@citizenlab<\/a>, which has published numerous evidence-based reports on China-based apps for over a decade, &amp; whose findings can be independently confirmed. <a href=\"https:\/\/t.co\/63C18b85ty\">https:\/\/t.co\/63C18b85ty<\/a><br \/>hmm<\/p>\n<p>\u2014 profdeibert (@RonDeibert) <a href=\"https:\/\/twitter.com\/RonDeibert\/status\/1483569265605230596?ref_src=twsrc%5Etfw\">January 18, 2022<\/a><\/p>\n<\/blockquote>\n<p><span>Citizen Lab said the censorship keyword list is \u201cpresently inactive,\u201d but that could change by the time the Games begin. MY2022 has built-in text and voice chat tools that could be subjected to censorship.<\/span><\/p>\n<p><span>The report authors speculated the censorship keyword list \u2013 contained in a plain text file called \u201cillegalwords.txt\u201d they discovered without much effort \u2013 might have been included with MY2022 installations as a clumsy mistake. The list of banned words could also be intended for use by an updated version of the app that will be distributed closer to the beginning of the Games.<\/span><\/p>\n<p><span>The authors also entertained the possibility that MY2022 was designed with censorship features that were \u201cintentionally disabled in a bid to hide the extent of China\u2019s censorship regime from outsiders,\u201d or under pressure from the International Olympic Committee (IOC).<\/span><\/p>\n<figure id=\"M-ROS-B3\" class=\"a8d adSo\"><\/figure>\n<p><span>The University of Toronto team dug into MY2022\u2019s privacy policies and found that, like many other Chinese apps, there are \u201cseveral scenarios\u201d in which app is programmed to disclose private information without the user\u2019s consent \u2013 including, but not limited to, \u201cnational security matters, public health incidents, and criminal investigations.\u201d<\/span><\/p>\n<p><span>The Chinese Communist Party has a habit of declaring <\/span><span>everything <\/span><span>a \u201cnational security matter,\u201d so this amounts to a blanket license for Chinese intelligence operatives to grab any user data they deem important. Citizen Lab found the privacy policy was rather vague about whether any sort of court order would be required for seizing personal information.<\/span><\/p>\n<p><span>Perhaps most disturbingly, the report found numerous critical security flaws in the app, including obvious flaws like the failure to validate electronic security certificates for secure connections or encrypt sensitive data. A good deal of sensitive data from users\u2019 phones would therefore be vulnerable to \u201cpassive eavesdroppers\u201d connected to the same wifi network.<\/span><\/p>\n<p><span>The report noted Chinese apps are generally lax about data security and privacy protection, in part because the Communist government discourages companies from creating layers of app security that could interfere with regime intelligence-gathering and censorship activities.<\/span><\/p>\n<p><span>Citizen Lab said it notified the Beijing Olympic organizing committee of these security flaws on December 3, but has received no response. A new version of MY2022 was uploaded to the Apple App Store on Monday, but it contained no fixes to the problems reported by Citizen Lab.<\/span><\/p>\n<p><span>On the contrary, the latest version introduced a <\/span><span>new <\/span><span>security flaw \u2013 a health code system that asks users to provide travel documents and medical history, and then transmits them to Chinese servers without validating security certificates.<\/span><\/p>\n<p><span>\u201cWe find that the app\u2019s security deficits may not only violate Google\u2019s Unwanted Software Policy and Apple\u2019s App Store guidelines but also China\u2019s own laws and national standards pertaining to privacy protection,\u201d the report concluded.<\/span><\/p>\n<p><span>The <\/span><i><span>New York Times<\/span><\/i> <span><a href=\"https:\/\/www.nytimes.com\/2022\/01\/18\/technology\/china-olympics-app-security.html\">reported<\/a>&nbsp;Tuesday that Apple and Google did not respond when asked to comment on the Citizen Labs report.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Less than a week after Team USA advised Olympic athletes to purchase disposable \u201cburner\u201d phones to thwart Chinese surveillance of the Beijing Winter Olympics, researchers at the University of Toronto &#8230;<\/p>\n","protected":false},"author":1,"featured_media":2315279,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mo_disable_npp":"","fifu_image_url":"","fifu_image_alt":"","footnotes":""},"categories":[],"tags":[],"class_list":["post-1223209","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"_links":{"self":[{"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/posts\/1223209","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/comments?post=1223209"}],"version-history":[{"count":0,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/posts\/1223209\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/media\/2315279"}],"wp:attachment":[{"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/media?parent=1223209"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/categories?post=1223209"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/tags?post=1223209"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}