Security flaws in China’s My2022 Olympics app could allow surveillance

Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:

Does the Beijing 2022 Olympics app have security flaws?

Well, the researchers at the Citizen Lab of the University of Toronto do believe so. And if their revelations, this time, will set off a similar storm as they did with the forensics on NSO Group's spyware company, then there will be trouble ahead for China. The researchers found that the official My2022 app for the sports event, which attendees are actually required to download and to use for documenting their health status, has flaws in the security settings. Loopholes they found could be used for intrusion and surveillance.

Now, of course, China is not exactly known as a bastion of privacy protections. But beyond the flaws, the app also has a censorship keyword list, which has relation to terms like Tiananmen protests, the Dalai Lama, or the Uyghur Muslim minority. And in response, Dutch supporters will be provided with a burner phone. And sure, that might be a short-term solution, but I'm not sure whether other officials visiting China, now for the Olympics, or for business or politics, are always as careful. I remember attending a World Economic Forum events in China, as a member of European Parliament, and being one of the only ones to proactively take precautions.

Now, unfortunately, one of the researchers of the Citizen Lab confirmed that, "Our findings expose how My2022 security measures are wholly insufficient to prevent sensitive data from being disclosed to unauthorized third parties." But the Beijing organizing committee has stood by its app, and said it passed the examination of international mobile app markets, such as Google, Apple, and Samsung. So unfortunately, no clear solution in sight to make sure that systematically, human rights and privacy are better protected in China.