The Beijing winter Olympics have been controversial from the start. The United States, United Kingdom, Canada and other nations declared a diplomatic boycott over the PRC’s “human rights abuses and atrocities in Xinjiang.” Athletes are in tears over everything from quarantine rules, nasty food, and poor living conditions to freezing weather. And to top it off, Americans seem less interested than ever before in watching them.
But those aren’t the only problems with the Olympics. There are also serious concerns about the extent to which the Chinese government may be spying on attendees. Those attending are encouraged to download the app, My2022, purportedly meant to help limit the spread of Covid-19. In reality, however, experts are warning the app has the potential to record users.
“I can definitively say all Olympian audio is being collected, analyzed and saved on Chinese servers,” warned cybersecurity expert Jonathan Scott last month.
After reverse engineering all of the #Beijing2022 #spyware app for @Apple #ios and @Google #Android
— Jonathan Scott (@jonathandata1) January 26, 2022
I can definitively say all Olympian audio is being collected, analyzed and saved on Chinese servers using tech from USA blacklisted AI firm @iflytek1999 https://t.co/9wX1sP8PZP pic.twitter.com/hdIfiKX37m
Sen. Ben Sasse warned athletes earlier this month they should delete the app.
“The Olympics are about celebrating human achievement, not building a massive spy ring for the Chinese Community Party,” he said.
The My2022 app’s origins are sketchy at best. It was developed by a state-run company and initially relied on technology developed by iFlyTek. iFlyTek isn’t just another Silicon Valley–style tech company — it is an active participant in genocide and in the CCP’s surveillance state. The U.S. government has actually blacklisted iFlyTek due to human-rights and security concerns. Americans would be foolish to trust firms such as iFlyTek.
The CCP blurs the line between the private and public sectors in China’s tech economy so much that it is largely imaginary. My2022’s developers have told American companies that they’ve removed iFlyTek technology from the app. But that’s a distinction without a difference. China-based companies are required by law to give the CCP unrestricted access to the user data collected by app.
CCP spies can use flaws in My2022’s security to steal data. The app is supposed to encrypt data so third parties can’t see it, but there are massive holes in encryption that hackers can exploit. CCP authorities may have insisted on building these weaknesses into the app — but even if they didn’t, we can be sure they will try to exploit them. (NR)
Other cybersecurity analysts dispute claims the app is spying on users, however, and the International Olympic Committee has defended its use, arguing "The user is in control over what the 'My 2022' app can access on their device."
"They can change the settings already while installing the app or at any point afterwards," the committee added.
Sasse, meanwhile, has called on Google and Apple to answer a number of questions about how they're justifying hosting the app on their platforms and whether it meets their privacy and security standards.
