Connect with us

Hi, what are you looking for?


Privacy alert: Official Beijing Winter Olympics app is not secure

The app also grants permission to hear audio, allowing bad actors the possibility of engaging with the audio or listening to an athlete.

China is hoping a successful Games will burnish its international reputation. — © AFP
China is hoping a successful Games will burnish its international reputation. — © AFP

The official Beijing Winter Olympics app was recently found to have security vulnerabilities when it comes to protecting sensitive user data. In particular, the app’s encryption system carries a significant flaw that enables middlemen to access documents, audio and files in clear text form.

The ‘My 2022’ app is required for all athletes, members of the press, and the audience.

Looking into the matter for Digital Journal is James Carder, Chief Security Officer at LogRhythm.

Carder outlines why certain apps, despite their popularity, continue to present a risk to users: “Apps such as ‘My 2022’ continue to be a massive target for cybercriminals due to the vast amounts of personal data that is stored within their virtual walls that can be manipulated at the criminal’s discretion.”

There is a political element to the app as well, in terms of open use and democracy. The My2022 app is subject to censorship based on a built-in list of keywords, which include the names of Chinese leaders and government agencies.

“The Beijing Winter Olympics app stores details about the daily activity of each of the athletes that can be used to identify where they are, where they will be and when, and what sensitive personal information they have to share to ensure eligibility to compete in the Olympics,” Carder says.

Carder says the app also grants permission to hear audio, which could be used by hackers to listen in on an athlete making a phone call.

The information stored in the app can allow for attacks, both logical and physical, and other ways to influence and impact the personal lives of athletes.

“These apps should have a base level of security applied, where they are tested and it is assured that they cannot be compromised by bad actors,” says Carder. “This is why there is such a thing as AppSec programs and secure application architectures, which encryption is foundational to.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:


Silos and ports across Ukraine are now brimming with millions of tonnes of grain with nowhere to go - Copyright AFP Yasuyoshi CHIBADavid STOUTStaring...


Times change; conservatives don’t. The expiry date is clear enough, surely.

Tech & Science

Consumers are getting increasingly frustrated with how Google handles their data and its invasive ads targeting.


Some 20 countries offered new security assistance packages for Ukraine to battle invading Russian forces.