Beijing Olympics organisers say app security flaws 'fixed'
-
'I'll be back' vows Haaland after injury blow
-
Trump to unveil 'Liberation Day' tariffs as world braces
-
New coach Edwards adamant England can win women's cricket World Cup
-
Military confrontation 'almost inevitable' if Iran nuclear talks fail: French FM
-
US stocks advance ahead of looming Trump tariffs
-
Scramble for food aid in Myanmar city near quake epicentre
-
American Neilson Powless fools Visma to win Across Flanders
-
NATO chief says alliance with US 'there to stay'
-
Myanmar junta declares quake ceasefire as survivors plead for aid
-
American Neilson Powless fools Visma to win Around Flanders
-
Tesla first quarter sales sink amid anger over Musk politics
-
World's tiniest pacemaker is smaller than grain of rice
-
Judge dismisses corruption case against NY mayor
-
Nintendo to launch Switch 2 console on June 5
-
France Le Pen eyes 2027 vote, says swift appeal 'good news'
-
Postecoglou hopes Pochettino gets Spurs return wish
-
US, European stocks fall as looming Trump tariffs raise fears
-
Nintendo says Switch 2 console to be launched on June 5
-
France's Zemmour fined 10,000 euros over claim WWII leader 'saved' Jews
-
Le Pen ally denies planned rally a 'power play' against conviction
-
Letsile Tebogo says athletics saved him from life of crime
-
Man Utd 'on right track' despite 13th Premier League defeat: Dalot
-
Israel says expanding Gaza offensive to seize 'large areas'
-
Certain foreign firms must 'self-certify' with Trump diversity rules: US embassies
-
Deutsche Bank asset manager DWS fined 25 mn euros for 'greenwashing'
-
UK drawing up new action plan to tackle rising TB
-
Nigerian president sacks board of state oil company
-
Barca never had financial room to register Olmo: La Liga
-
Spain prosecutors to appeal ruling overturning Alves' rape conviction
-
Heathrow 'warned about power supply' days before shutdown
-
Epstein accuser Virginia Giuffre 'stable' after car crash
-
Myanmar quake survivors plead for more help
-
Greece to spend 25 bn euros in 'drastic' defence overhaul: PM
-
Maresca non-committal over Sancho's future at Chelsea
-
WHO facing $2.5-bn gap even after slashing budget: report
-
Real Madrid coach Ancelotti tells tax trial did not seek to defraud
-
Chinese tourists pine for Taiwan's return as Beijing jets surround island
-
Singapore detains teenage boy allegedly planning to kill Muslims
-
What is the 'Qatargate' scandal roiling Israel?
-
AI coming for anime but Ghibli's Miyazaki irreplaceable, son says
-
Swedish insurer drops $160 mn Tesla stake over labour rights
-
Hunger returns to Gaza as Israeli blockade forces bakeries shut
-
Rubio heads to Europe as transatlantic tensions soar
-
Like 'living in hell': Quake-hit Mandalay monastery clears away rubble
-
'Give me a break': Trump tariffs threaten Japan auto sector
-
US approves $5.58 bn fighter jet sale to Philippines
-
Tsunoda embracing pressure of Red Bull debut at home Japanese GP
-
'Outstanding' Hay shines as New Zealand seal Pakistan ODI series
-
El Salvador's Bukele flaunts 'iron fist' alliance with Trump
-
Stock markets mixed as uncertainty rules ahead of Trump tariffs
NYSE - LSE
Beijing Olympics organisers say app security flaws 'fixed'
An app that Winter Olympics attendees must use has been patched, a Chinese official told AFP Thursday, after cyber security researchers said they had found a "simple but devastating" flaw that could allow data leaks.
Next month's Games are being held in a bubble that separates participants from the rest of the population as part of China's strict zero-Covid policy.
Those taking part -- from foreign athletes, delegates and media to the army of local volunteers and officials -- have to download a health-tracking app called MY2022.
Users report their health status daily through the app which collects data including vaccination status and coronavirus test results, as well as travel and passport details.
Earlier this week researchers at the University of Toronto's Citizen Lab said they discovered the app's security flaws could allow data including health information and voice messages to leak, which could then be read by "eavesdroppers" such as Wi-Fi hotspot operators.
But a senior Chinese Olympic official said any bugs had now been fixed.
"There is definitely no data leakage," Beijing Olympics Organising Committee (BOCOG) tech chief Yu Hong told AFP, adding that the app's user and privacy guidelines were reviewed by the International Olympic Committee.
"The security loopholes have already been fixed. If they existed in earlier versions, they have been fixed in the latest version."
The app's developers have been in email contact with Citizen Lab since Wednesday, Yu added, promising that there will be "relevant discussions" on follow-up work.
Yu did not deny there may have been security flaws in previous versions of the app and she suggested that BOCOG had not been aware of them.
"During development we have continued to test and use it. When new usage conditions appear some new technological imperfections may be discovered, these can be called loopholes," she said.
- Data laws -
Citizen Lab earlier said it had notified organisers about the issues in early December but received no reply.
However, Yu said organisers never saw the request because it was sent to an old email address.
China's data security laws require that health and medical data be encrypted during transmission and storage.
The Citizen Lab report claimed that the app's inadequate encryption could violate Chinese law, as well as Google and Apple mobile software policies.
"China has a history of undermining encryption technology to perform political censorship and surveillance," researcher Jeffrey Knockel wrote in the report.
Researchers also discovered the app's Android code contained an apparently inactive blacklist of over 2,400 "politically sensitive" phrases, and that it had a separate function to report other users' speech for "politically sensitive content".
But organisers denied ever requesting these functions, and said they have asked the developer to look into it.
They added that app health data would primarily be shared with virus control authorities, after the report claimed this was unclear.
"Use of data by individuals and departments is only permitted after the IOC confirms it," Yu said.
China maintains the world's most sophisticated digital tools to monitor and censor the internet for its citizens, blocking major Western platforms such as Twitter, Facebook and YouTube.
In recent days, Olympic associations in multiple Western countries have warned athletes to leave personal devices at home and bring "burner" phones to China.
Analysts have also warned of cybersecurity risks such as data theft and surveillance targeting attendees using public Wi-Fi networks and official SIM cards provided by organisers.
However, organisers and the Chinese government have dismissed such concerns as unfounded.
"The government will not monitor individuals' phones in any form," Yu said.
The app also provides a range of daily living services for users, such as translation, weather, transport schedules and accommodation booking.
P.M.Smith--AMWN