Report: Mandatory Olympic app has serious security flaws

RICHMOND, Va. (AP) — A smartphone app that athletes and others attending next month’s Winter Games in Beijing must install has glaring security problems that could expose sensitive data to interception, according to a report published Tuesday.

Citizen Lab, an internet watchdog group, said in its report the MY2022 app has seriously flawed encryption that would make users’ sensitive data — and any other data communicated through it — vulnerable to being hacked. Other important user data on the app wasn’t encrypted at all, the report found.

That means the data could be read by Chinese internet service providers or telecommunications companies through Wi-Fi hotspots at hotels, airports and Olympic venues.

China is requiring all international Olympic attendees — including coaches and journalists — to download and start using the app 14 days before their departure. The app allows users to submit required health information on a daily basis and is part of China’s aggressive effort to manage the coronavirus pandemic while hosting the games, which begin Feb. 4. The multipurpose app also includes chat features, file transfers, weather updates, tourism recommendations and GPS navigation.

Citizen Lab’s report comes amid heightened concerns over athletes’ data and privacy. Many countries are advising their athletes not to take their normal smartphones to China, but instead to bring temporary — or burner — phones that do not store any sensitive personal data, according to news reports.

The U.S. Olympic & Paralympic Committee issued an advisory to athletes telling them to “assume that every device and every communication, transaction, and online activity will be monitored.”

“There should be no expectation of data security or privacy while operating in China,” the advisory...