Cybersecurity group Citizen Lab has released a report warning users of the Beijing Winter Olympics app to the potential threat of a data breach.
The My2022 app is required of all Beijing 2022 Games attendees, including athletes, and will used for daily COVID-19 monitoring, as well as file transfers and Olympic news.
Citizen Lab’s report says the app fails to provide encryption on many files, and they also found a list of over 2,400 censorship keywords built into the app.
The Netherlands is one of several countries encouraging their athletes to leave their personal cell phones and laptops at home due to cybersecurity concerns, and to use burner phones and create an email account specifically for their stay in China.
All visitors to Beijing for the Games are required to download the My2022 app 14 days before departing for China, and they must use to daily to record their COVID-19 status. They would also need to upload personal details like their passport number and medical history.
The report said such features “are not particularly surprising for apps operating in China, but they are glaring and easily discoverable security issues.”
They also noted the app fails to validate digital security, or SSL, certificates of forwarding sites and some data had no SSL protection or encryption at all.