- Australian tennis star Purcell provisionally suspended for doping
- Asian markets track Wall St rally as US inflation eases rate fears
- Luxury Western goods line Russian stores, three years into sanctions
- Wallace and Gromit return with comic warning about AI dystopia
- Philippine military says will acquire US Typhon missile system
- Afghan bread, the humble centrepiece of every meal
- Honda and Nissan expected to begin merger talks
- 'Draconian' Vietnam internet law heightens free speech fears
- Israeli women mobilise against ultra-Orthodox military exemptions
- Asian markets track Wall St rally as US inflation eases rate worries
- Tens of thousands protest in Serbian capital over fatal train station accident
- Trump vows to 'stop transgender lunacy' as a top priority
- Daniels throws five TDs as Commanders down Eagles, Lions and Vikings win
- 'Who's next?': Misinformation and online threats after US CEO slaying
- Only 12 trucks delivered food, water in North Gaza Governorate since October: Oxfam
- InterContinental Hotels Group PLC Announces Transaction in Own Shares - December 23
- Melrose Group Publicly Files Complaint to the Ontario Securities Commission
- Langers edge Tiger and son Charlie in PNC Championship playoff
- Explosive batsman Jacobs gets New Zealand call-up for Sri Lanka series
- Holders PSG edge through on penalties in French Cup
- Slovak PM Fico on surprise visit to Kremlin to talk gas deliveries
- Daniels throw five TDs as Commanders down Eagles
- Atalanta fight back to take top spot in Serie A, Roma hit five
- Mancini admits regrets over leaving Italy for Saudi Arabia
- Run machine Ayub shines as Pakistan sweep South Africa
- Slovak PM Fico on surprise visit to Kremlin
- Gaza rescuers say Israeli strikes kill 35
- 'Incredible' Liverpool must stay focused: Slot
- Maresca 'absolutely happy' as title-chasing Chelsea drop points in Everton draw
- Salah happy wherever career ends after inspiring Liverpool rout
- Three and easy as Dortmund move into Bundesliga top six
- Liverpool hit Spurs for six, Man Utd embarrassed by Bournemouth
- Netanyahu vows to act with 'force, determination' against Yemen's Huthis
- Mbappe back from 'bottom' as Real Madrid down Sevilla
- Ali hat-trick helps champions Ahly crush Belouizdad
- France kept on tenterhooks over new government
- Salah stars as rampant Liverpool hit Spurs for six
- Syria's new leader says all weapons to come under 'state control'
- 'Sonic 3' zips to top of N.America box office
- Rome's Trevi Fountain reopens to limited crowds
- Mbappe strikes as Real Madrid down Sevilla
- 'Nervous' Man Utd humiliated by Bournemouth
- Pope again condemns 'cruelty' of Israeli strikes on Gaza
- Lonely this Christmas: Vendee skippers in low-key celebrations on high seas
- Troubled Man Utd humiliated by Bournemouth
- 2 US pilots shot down over Red Sea in 'friendly fire' incident: military
- Man Utd embarrassed by Bournemouth, Chelsea held at Everton
- France awaits fourth government of the year
- Germany pledges security inquest into Christmas market attack
- Death toll in Brazil bus crash rises to 41
Beijing Olympics organisers say app security flaws 'fixed'
An app that Winter Olympics attendees must use has been patched, a Chinese official told AFP Thursday, after cyber security researchers said they had found a "simple but devastating" flaw that could allow data leaks.
Next month's Games are being held in a bubble that separates participants from the rest of the population as part of China's strict zero-Covid policy.
Those taking part -- from foreign athletes, delegates and media to the army of local volunteers and officials -- have to download a health-tracking app called MY2022.
Users report their health status daily through the app which collects data including vaccination status and coronavirus test results, as well as travel and passport details.
Earlier this week researchers at the University of Toronto's Citizen Lab said they discovered the app's security flaws could allow data including health information and voice messages to leak, which could then be read by "eavesdroppers" such as Wi-Fi hotspot operators.
But a senior Chinese Olympic official said any bugs had now been fixed.
"There is definitely no data leakage," Beijing Olympics Organising Committee (BOCOG) tech chief Yu Hong told AFP, adding that the app's user and privacy guidelines were reviewed by the International Olympic Committee.
"The security loopholes have already been fixed. If they existed in earlier versions, they have been fixed in the latest version."
The app's developers have been in email contact with Citizen Lab since Wednesday, Yu added, promising that there will be "relevant discussions" on follow-up work.
Yu did not deny there may have been security flaws in previous versions of the app and she suggested that BOCOG had not been aware of them.
"During development we have continued to test and use it. When new usage conditions appear some new technological imperfections may be discovered, these can be called loopholes," she said.
- Data laws -
Citizen Lab earlier said it had notified organisers about the issues in early December but received no reply.
However, Yu said organisers never saw the request because it was sent to an old email address.
China's data security laws require that health and medical data be encrypted during transmission and storage.
The Citizen Lab report claimed that the app's inadequate encryption could violate Chinese law, as well as Google and Apple mobile software policies.
"China has a history of undermining encryption technology to perform political censorship and surveillance," researcher Jeffrey Knockel wrote in the report.
Researchers also discovered the app's Android code contained an apparently inactive blacklist of over 2,400 "politically sensitive" phrases, and that it had a separate function to report other users' speech for "politically sensitive content".
But organisers denied ever requesting these functions, and said they have asked the developer to look into it.
They added that app health data would primarily be shared with virus control authorities, after the report claimed this was unclear.
"Use of data by individuals and departments is only permitted after the IOC confirms it," Yu said.
China maintains the world's most sophisticated digital tools to monitor and censor the internet for its citizens, blocking major Western platforms such as Twitter, Facebook and YouTube.
In recent days, Olympic associations in multiple Western countries have warned athletes to leave personal devices at home and bring "burner" phones to China.
Analysts have also warned of cybersecurity risks such as data theft and surveillance targeting attendees using public Wi-Fi networks and official SIM cards provided by organisers.
However, organisers and the Chinese government have dismissed such concerns as unfounded.
"The government will not monitor individuals' phones in any form," Yu said.
The app also provides a range of daily living services for users, such as translation, weather, transport schedules and accommodation booking.
P.M.Smith--AMWN