A researcher has found that the mandatory Beijing 2022 Olympics app for iOS and Android is collecting and sending audio to Chinese servers.
On Thursday, researcher Jonathan Scott had posted his findings after reverse-engineering the mandatory MY2022 Olympics app. As it turns out, the app is capable of spying on Olympians and attendees and sending the audio to Chinese servers to be analyzed.
it doesn't get rid of the dot, the application forces itself to the foreground to make sure it has the capability to listen. so for example on android
-- Jonathan Scott (@jonathandata1) January 27, 2022
for iOS a monitor is triggered & brings the app up front pic.twitter.com/5zbdT9WTfi
MY2022 is a non-optional app that must be used by both athletes and attendees of the 2022 Winter Olympics. The app is designed to help reduce the spread of COVID-19 and act as a central hub for information on events, weather, travel, and points of interest.
The App Store listing claims that the app does not collect data, though Scott has shown it does. The app doesn't employ exploits or security holes.
Instead, it actively listens to all audio and sends it off to servers based in China. If the app is moved to the background, it will force itself to the foreground to ensure it has permission to listen in, claims Scott. It's not clear by Scott's documentation specifically how the app does this, however.
it doesn't get rid of the dot, the application forces itself to the foreground to make sure it has the capability to listen. so for example on android
-- Jonathan Scott (@jonathandata1) January 27, 2022
for iOS a monitor is triggered & brings the app up front pic.twitter.com/5zbdT9WTfi
The app utilizes AI technology from a company known as iFlytek. The China-based startup was added to the U.S. trade blacklist in 2019 when the company was found to have ties to the mistreatment of Muslim minorities, according to Reuters.