The Winter Olympic Games opening this Friday, February 4 in Beijing have made it imperative, through its organizing committee, that all athletes participating in the various competitions install an official application. The problem is that spyware has been found in its code that could be used to monitor athletes’ activities.
The Beijing 2022 Olympic Games app allows athletes to manage and share their COVID test results with the organization
The spyware has been discovered by independent researcher Jonathan Scott, a spyware specialist, who has detected malicious code in “MY2022”, the official app for Olympic athletes, which stores audio coming from their devices, storing it on servers located in China.
This app, whose installation is mandatory for participants in the Beijing 2022 Olympic Games – which will be held behind closed doors although the competitions can be viewed online – offers relevant information about the organization, but also allows to share and organize information regarding the results of the COVID tests that participants are required to take periodically.
The “MY2022” app uses technology sourced from iFlytek, a Chinese company that the United States blacklisted as a data privacy offender by developing software such as an intelligent voice assistant, similar to Siri or Alexa, that collected user information and forwarded it to the Chinese government.
This is not the first time that China has spied on those who trespass on its territory. Already in 2019, it was detected that spyware was installed on the cell phones of some tourists in certain areas of the country to carry out surveillance on members of certain groups, especially the Muslim minority residing in the areas surrounding the Xinjiang region.
From the delegations, the athletes are advised to not to use their personal mobile devices for the duration of their participation in the Olympics, due to the risk that their private communications could be monitored (and even blocked). Scott discovered that the app contained spyware capable of modifying the permissions granted to access the activation of phone calls and the activation and deactivation of the WiFi connection.