silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,143
The official app for Beijing 2022 Winter Olympics, 'My 2022,' was found to be insecure when it comes to protecting the sensitive data of its users.
Most importantly, the app's encryption system carries a significant flaw that enables middle-men to access documents, audio, and files in cleartext form.
'My 2022' is also subject to censorship based on a list of keywords and has an unclear privacy policy that doesn't determine who exactly receives and processes all the sensitive data users have to upload to it.
As such, it is violating Google's software policy and Apple's App Store guidelines, yet it is available in both stores. Finally, the app violates China's own laws regarding privacy protection.
In a detailed report by Citizen Lab, researchers analyzed the 'My 2022' app for potential privacy and security issues and found that the app collects the following sensitive information:
- Device identifiers and model
- Cellular service provider information
- Installed apps on the device
- WLAN status
- Real-time location
- Audio information
- Device storage access
- Location access