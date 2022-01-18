The U.S. Olympic & Paralympic Committee issued an advisory to athletes telling them to “assume that every device and every communication, transaction, and online activity will be monitored.”

“There should be no expectation of data security or privacy while operating in China,” the advisory said.

China has a well-documented history of conducting muscular surveillance of its citizens and aggressive cyber-spying on others. But Citizen Lab said there was no evidence that the easily discoverable security flaws in the MY2022 app were placed intentionally by the Chinese government. For one, much of the sensitive health information held on the app is required to be submitted directly to authorities on health customs forms, the report said.

Citizen Lab said the security vulnerabilities found in MY2022 app are similar to those found in popular Chinese web browsers and noted that “insufficient protection of user data is endemic to the Chinese app ecosystem.”

“In light of previous work analyzing popular Chinese apps, our findings concerning MY2022 are, while concerning, not surprising,” the report said.

Citizen Lab said it reported the security issues to the Beijing Organizing Committee last month but did not receive a response. The report also said the app’s security flaws could run afoul of Apple's and Google’s policies for software used on iPhones and Android devices. The two companies did not immediately return a request for comment.

The Android version of the MY2022 app included a list named “illegalwords.txt” that included 2,442 keywords, including some that could be politically sensitive and relate to China’s actions toward Tibet and the Uyghur ethnic group.

The report said despite having the list bundled with the app, it does not appear to function. The Chinese government has long required tech companies to censor content and keywords deemed politically sensitive or inappropriate.

____

Frank Bajak in Boston contributed to this report.