back to article Vulnerabilities and censorship tools among hot new features in Beijing's Olympics app

Toronto-based Citizen Lab has warned that an app required by Beijing law to attend the 2022 Olympics contains vulnerabilities that can leak calls and data to malicious users, as well as the potential to subject the user to scanning for censored keywords. "To support the successful delivery of the Games and the safety of all …

  1. JassMan

    Definitely a requirement to buy a burner phone

    It looks like anyone planning on attending, needs to buy the cheapest phone possible and drop it in a bin on the way out of China after the games are over.

    1. Anonymous Coward
      Anonymous Coward

      Re: Definitely a requirement to buy a burner phone

      Don't be so outrageous. Courtesy is all. They don't like ferreting in bins any more than you do. Drop it off at the airport security desk on your way past.

    2. Anonymous Coward
      Anonymous Coward

      Re: Definitely a requirement to buy a burner phone

      Better idea. Don't bother going.

      1. DS999 Silver badge

        Re: Definitely a requirement to buy a burner phone

        You think athletes who have trained for years should skip it because "Jina"?

        They already announced quite a while ago they not allowing any foreign spectators due to covid, so you couldn't go even if you wanted to.

      2. Anonymous Coward
        Anonymous Coward

        Re: Definitely a requirement to buy a burner phone

        When they held the Commonwealth Games in my city, I went to Antarctica for the summer...

        [Unfortunately that didn't save me from having to piss a good chunk of my rates and taxes away on it]

      3. Anonymous Coward
        Anonymous Coward

        Re: Definitely a requirement to buy a burner phone

        yes, it's interesting that 99.9999999% of those champions ARE going. Presumably for the very same reason 99.9999999% of us buy Chinese-made 'goods'.

      4. Aristotles slow and dimwitted horse

        Re: Definitely a requirement to buy a burner phone

        Unfortunately that is not an option for a lot of the athletes that rely on national sports funding to support themselves.

    3. ShadowSystems

      Re: Definitely a requirement to buy a burner phone

      I've said it before, I'll say it again: "I use a FeaturePhone that can not run apps, so how would you like to handle the situation?"

      I agree with the AC that advised to just not go in the first place.

      But if you must, get a burner FeaturePhone to drop a spanner in their attempts to instal scumware on your device. Then, once ready to leave the country, eject the SIM, toss the phone, & microwave the SIM until it turns to slag.

      "Nuke it from orbit, just to be sure."

      1. Sorry that handle is already taken. Silver badge

        Re: Definitely a requirement to buy a burner phone

        I use a FeaturePhone that can not run apps, so how would you like to handle the situation?
        They just won't let you in, most likely.

        1. Anonymous Coward
          Anonymous Coward

          Re: Definitely a requirement to buy a burner phone

          yes, it's quite a poser. These days, to visit China, visitors HAVE TO let their authorities 'inspect' their phones' content (in fact, download it), otherwise, they're not let into the country. I do wonder though, whether you'd be refused entry if you turned up with no phone, or one that's pre-hackable...

          1. Sorry that handle is already taken. Silver badge
            Big Brother

            Re: Definitely a requirement to buy a burner phone

            The USA and, as it turns out, Australia, do that on entry too. To their own citizens even.

          2. Sub 20 Pilot

            Re: Definitely a requirement to buy a burner phone

            I wonder what other nation does this ? Is it not a problem when the USA demand all manner of privacy invasions if you want to visit ( I don't object to it - their country, their rules.) So why is it such a problem when China does it. Usual Sinophobic nonsense from the West, all bending over for the US.

  2. IGotOut Silver badge

    The scoundrels

    ... if it was a UK government app you wouldn't have to worry about this kind of behaviour.

    Mainly because it wouldn't be ready until 2024, it won't initially work on Apple devices and when finally fully rolled out, wouldn't actually be able to log the data required.

    1. F. Frederick Skitty Silver badge

      Re: The scoundrels

      Remarkably, the 2012 London Olympics went off without a hitch. I was quite surprised - even though I was involved in the IT side of delivering the Olympics and had confidence in my own organisation, it seemed too vast an endeavour on a relatively short timescale to not fall apart somewhere.

      Perhaps it should be a case study on how to successfully deliver a big IT project. God knows, the successful examples are few and far between...

  3. nematoad Silver badge

    Just two words.

    "Shove it."

  4. Anonymous Coward
    Anonymous Coward

    China is asshole.

  5. Michael Hoffmann Silver badge
    Meh

    Burner phones

    As someone has already mentioned, burner phones is a good idea.

    According to an article in the Frankfurter Allgemeine Zeitung a few days ago, the Dutch team is issuing burners for their entire team. The German team is advised that if they don't want to use burner phones, to do an immediate factory reset the moment they out of China again. With some demanding that they should follow the Dutch team's example.

    1. Anonymous Coward
      Anonymous Coward

      Re: Burner phones

      Still, it has 14 days to track you in your own country. For your own sake, of course.

      I wonder what happens if you install it and then keep the phone off until you arrive in China...

      1. R J

        Re: Burner phones

        Install it. Turn on the phone. Put it in a charger at home. Leave it there for 14 days. Bring it to China.

        At work everyone who has to go to China (and a few other places) is issued a temporary laptop and phone. When they get back home, those are bricked.

  6. Blazde Silver badge

    Oh gtfo CCP

    Apart from the shear ridiculousness of 14 days of pre-visit tracking this feels like a pretext to ban various foreign athletes who represent a threat to Chinese medal hopefuls for not 100% complying with the probably quite vague requirements. Aka cheating. (If that turns out to be the case the Australian government's tennis interference will have a lot to answer for too)

    Leave the curling alone that's all I ask!

  7. Anonymous Coward
    Windows

    Olympics

    I am so over the Olympics.

    From the corruption, to the cost to the cities, to the disruption of the cities, to the interminable coverage.

    Plus, from less than 10 events in Ancient Greece, which we would all recognize, we now have over 109 events in Beijing and the summer Olympics in Tokyo adds 339 events for a total of 448 events. Most would not be recognized in Ancient Greece and few are followed by the general public.

    Wake me when it's over.

    1. sabroni Silver badge
      Facepalm

      Re: Most would not be recognized in Ancient Greece

      IKR! Why do they have to keep changing things???!?!?!?!?

    2. Anonymous Coward
      Anonymous Coward

      Re: Olympics

      I must say I've felt the same about just any large sports events, for exactly the same reasons, it's a multi-billion business farce peddling a myth of 'fair-play'.

  8. sanmigueelbeer
    Coat

    ... an app required by Beijing law to attend the 2022 Olympics contains vulnerabilities that can leak calls and data to malicious users ...

    FFS. For the nth time, it is not a vulnerability: The app was designed as per requirement.

    1. Cuddles

      I don't think that's quite correct. The app is very transparently designed to log everything you do and send it to the Chinese authorities. It also contains vulnerabilities that could allow other people to get access to the data as well. Being malicious is not the same thing as being competent.

  9. Sorry that handle is already taken. Silver badge
    Devil

    illegalwords.txt

    I want to see the full list!

    1. Anonymous Coward
      Anonymous Coward

      Re: illegalwords.txt

      Diid Winnie The Pooh made the list?

  10. Irony Deficient

    As for the potential for censorship, …

    … it was found within a file bundled on the Android version called “illegalwords.txt.”

    Are there also analogous files for other languages, say, motsillégals.txt, illegaleWörter.txt, ulovligeord.txt, &c.? Or does illegalwords.txt include words from all languages that are of concern to the Chinese authorities?

  11. T. F. M. Reader

    "Failure from the app to validate SSL certificates"

    To me it is obvious that it is by design: China wants to play MITM at will.

  12. Steve Kerr

    A lot of the list is for illegal items

    China is bad for a lot of things and certainly not condoning their actions, so ignoring the holes in the app, the probable monitoring and tracking etc....

    Someone has posted the list at https://raw.githubusercontent.com/citizenlab/chat-censorship/master/olympics/illegalwords.txt

    Digging thru it, the far majority is for things that are illegal and are pretty much terms for "guns for sale, drugs for sale, prostitutes for sale" though some really odd ones like "national tourism board".

    Have only had a 5 minute dig as currently in the midst of my work day.

    1. Anonymous Coward
      Anonymous Coward

      Re: A lot of the list is for illegal items

      out of interest, why is this list in Chinese? I presume intention was to block all those foreign sportsmen, women and undecideds to share their ourage at how they came to compete for the glory, laurels, precious metal, fame, more fame and, most of all, sponsorship contracts, in such a reprehensible, democracy-free country - but they'd vent their ourage and disgust it in their own tongues, presumably? And google translate is 'not always' very... accurate.

    2. Is it turned on?

      Re: A lot of the list is for illegal items

      Having put a reasonable sized chunk of the list through google translate, and the fact that most of the list is in Chinese and some in Uyghur I suspect that a lazy programmer (!) when they were building this App copy and pasted some boiler plate code and files from another App meant for the locals.

      The majority of the terms I could see are the sort of thing a Chinese citizen might search for, rather than a western journalist or Skier at the games as they could simply google the phrase when they got home.

      They have a real downer on the "The Epoch Times" as that appears many times in the list and is freely available outside of China.

    3. Solviva

      Re: A lot of the list is for illegal items

      "But first, let me take a ...." oh no, that word's illegal!

      Hope no academics are travelling either since "Graduation certificate" looks to be a no-no too.

      In fact education is so frowned upon, "Graduation certificate" is there 3 times hmm.

      List must also be sponsored by that company who likes to promote baby formula since the natural act of breastfeeding would land you in hot water it seems.

  13. Anonymous Coward
    Anonymous Coward

    illegalwords.txt

    a nice little red herring ;)

  14. jgard
    Big Brother

    Shameful

    This turns my stomach, it’s outrageous that such a disgusting, cruel regime is hosting the games. Although it certainly shows what the IOC really is: a money-driven, power-hungry, morally vacant and unaccountable organisation. It’s contemptuous of ‘olympic ideals’ and uninterested in doing any good whatsoever, unless that good also happens to line delegates’ pockets with gold or first class flights.

    It’s bad enough that China is hosting this thing, but the forced install of an app almost beggars belief! By allowing it, the IOC is providing implicit support for many of the egregious things the Chinese govt is involved in: mass surveillance, censorship, oppression, control of individuals through social-credit systems.

    Just by holding the games there, they are turning a blind eye to the executions, human rights abuses, concentration camps and whatever else the Chinese are up to. That's bad enough, yet this app compounds the harmful message by helping the regime do their bad shit. It is obviously there to bolster the state control of Chinese AND foreign nationals, by surveilling, geo-tracking, listening etc. Of coure, the IOC knows this but stays quiet.

    It’s pure moral cowardice from the IOC, and by turning a blind eye they help this sort of thing become the norm. So many countries are now invading our privacy by inspecting phones at border controls, if organisations and people don’t stand up, we are heading straight for dystopia.

    I can't understand why there has not been more fuss made about this - it's a disgraceful intrusion of privacy for athletes and visitors. It's clear confirmation that the IOC has completely abandoned what it stood for, it’s lost all integrity. The people who run it should be ashamed.

  15. myhandler

    Tibet

    Pooh bear

    Free Hong Kong

    Dalai Lama

    Uighurs

    etc.

    etc.

    GTFO & GFY Xi JinPing

  16. a_yank_lurker

    Real Options

    For non athletes and media, the best option is not to go. Empty stadiums are a horrible optic on TV. For those who have to go, get a burner phone and ditch it after leaving as many have suggested. If you are an athlete, how about a convenient sprained ankle or similar injury conveniently just before leaving. If enough athletes are 'injured' the games will be disaster.

    Another for those who were not going anyway, don't watch the broadcasts at all. Tank the TV ratings and anger the advertisers. I won't be watching but I haven't really paid much attention to the Olympics for about 20 years.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like