British athletes have been offered temporary phones and their Team USA rivals have reportedly been told to use burner devices ahead of the Beijing Olympics, acting after investigations suggested the mandated Games app is not safe.
All attendees of the Games, which take place from February 4-20 2022, are required to submit their health status to the app, which internet experts say is at serious risk of data breaches and may have a list of censored terms including references to Chinese people, Muslims, Jews and the host nation's president, Xi Jinping.
Encryption of users' voice audio and file transfers can be "trivially sidestepped" by hackers because of a "devastating flaw" in the app, according to the damning findings of a report by cybersecurity group Citizenlab.
The group said that there are scenarios in which the app will disclose personal information without user consent, including national security matters, public health incidents and criminal investigations – and its privacy policy is said not to specify whether such incidents would require a court order and who the information might be given to.
The Dutch Olympic Committee*Dutch Sports Federation has gone a step further than its British and American counterparts by reportedly telling athletes not to take personal phones or laptops to the Games because of the risk of surveillance of electronic equipment by China.
Dutch athletes and staff will be handed phones and laptops which will be destroyed when they return home, said De Volkskrant via the Guardian.
The app, MY2022, has a wide range of uses include Covid vaccination status and coronavirus lab test result logging, with foreigners required to input details such as their passport information and medical history.
The Chinese government has said it was built by the Organizing Committee for the Games, and Citizenlab claimed it could violate Apple and Google terms because it is "wholly insufficient to prevent sensitive data from being disclosed to unauthorized third parties."
Investigators said the app could even constitute a "direct violation of China’s privacy laws."
In the Android version of the app, the report found a list of 2,442 politically-sensitive words in China in a file called 'illegalwords.txt'.
No functionality was found to allow censorship to be performed by the keywords and terms, which are said to have included 'Jews are pigs', 'Chinese are all dogs', Xi's name and the Tibetan for 'His Holiness Dalai Lama'
Several terms associated with the Uyghurs – the Muslim group that China is accused of persecuting – were identified, including 'The Holy Quran'.
Numerous countries are performing a diplomatic boycott of the Games, largely due to the alleged human rights crimes being carried out against Uyghurs.
US president Joe Biden's administration, Boris Johnson's British government and Canada and Australia are among the nations to have joined the protest.
Citizenlab said the widespread lack of security in the app was more likely to be a result of "differing priorities" for Chinese software developers than a "vast government conspiracy".
"The knee-jerk reactions against Chinese apps and suspicions of their censorship and surveillance capacities are to a large extent warranted," they said.
"There exists extensive documentation of security flaws, privacy violations and information controls on apps operated in China and internationally-facing apps developed by Chinese companies.
"It is worth noting, however, that the Chinese government has taken significant steps to rein in companies’ invasive collections and poor handling of personal information, largely following global approaches to personal data protection."
The report added that they had told the Organizing Comittee of the security issues on December 3 2021 and given them 45 days to fix the issues before the findings were made public.
Leaders are said not to have responded by January 18, with the app vendors also said to have been informed before a new version of the app, released on January 17, reportedly failed to address the flaws.
American athletes have been told to take disposable phones – known as burner devices – to prevent potential surveillance, according to the Wall Street Journal via Cnet.
Team USA and the International Olympic Committee (IOC) are said not to have immediately responded to a request for comment from the outlet.
A British Olympic Association spokesperson told the Guardian: “We’ve given athletes and staff practical advice so that they can make their own choice as to whether they take their personal devices to the Games or not.
"Where they do not want to take their own equipment, we have provisioned temporary devices for them to use.”
The IOC said that the app would support the 'closed loop' environment at the Games designed to keep participants and Chinese residents safe.
"The user is in control over what the 'My2022' app can access on their device," it told Zdnet, adding that the settings can be changed and personnel can log health information on a web page if they do not want to use the app.
"The IOC has conducted independent third-party assessments on the application from two cyber-security testing organizations. These reports confirmed that there are no critical vulnerabilities."
The outlet said that Beijing's Games Committee had assured USA Today that personal information would not be disclosed unless it is "necessary."
"Information of accredited media representatives will only be used for purposes related to the Olympic and Paralympic Winter Games," it reportedly stated.
China has reportedly agreed to drop its censorship of western sites such as Instagram and Facebook for athletes at the Olympics because of "contractual obligations", allowing stars to post on the sites.
Google ended some of its services in China more than a decade ago. The reasons behind the termination were censored.
More than 180 human rights groups have called on governments to carry out boycotts of the Games over the past year, with many describing the alleged treatment of the Uyghurs, who are widely thought to be suffering detainment and abuse in mass camps, as "genocide".
The US House of Representatives accused the IOC of ignoring its human rights commitments by co-operating with China.
Concerns have been raised by the case of Peng Shuai, the Chinese tennis ace who appeared to vanish after a post she made alleging sexual abuse by a former prominent member of the ruling Chinese Communist Party was swiftly removed from a social media site.
Peng has since reappeared via clips released by state-affiliated media, but the Women's Tennis Association has been outspoken in its fears that she is being coerced and is not free and well, suspending all tournaments in China until bosses are convinced the situation has been satisfactorily resolved.
The politician named in the allegations, Zhang Gaoli, has been pictured meeting IOC president Thomas Bach before Peng's claims came to light, and is also said to have led the steering committee responsible for securing and arranging the Games.