Next week, the Winter Olympic Games will begin, an event that will be held in the Chinese cities of Beijing and Zhangjiakou. This is important, not only on a sporting, media and cultural level, but also as one of the very few exceptions where a crack will be opened in China’s ‘Great Firewall’. However, despite the fact that the country has opened the flow of information at international level on the occasion of this great event, behind closed doors everything seems to indicate that the reality is quite different.
The fear of cyber-surveillance is present, and proof of this are the recommendations that each country is transmitting to their athletes regarding the use of mobile devices and equipment, with special emphasis on not using their own, as the Chinese government could monitor, compromise, and even block all types of communications. This fact is reinforced by the work of Jonathan Scott, an independent researcher and expert in mobile spyware. And it seems that the Chinese Olympic Games application for athletes contains code that allows the collection of audio and that goes to the Chinese servers, an app that must be downloaded in a mandatory way.
After reverse engineering all of the #Beijing2022 #spyware app for @Apple #ios and @Google #Android
I can definitively say all Olympian audio is being collected, analyzed and saved on Chinese servers using tech from USA blacklisted AI firm @iflytek1999 https://t.co/9wX1sP8PZP pic.twitter.com/hdIfiKX37m
— Jonathan Scott (@jonathandata1) January 26, 2022
The technology used in the ‘MY2022’ app includes technology from ‘iFLYTEK’, a company that was blacklisted by the United States for ‘disregarding human rights and data privacy’. This Chinese company is known for using spyware techniques in its technologies. In fact, among its developments is an intelligent voice assistant similar to Alexa, Siri and so on, which has been shown that the information collected by users goes directly to the Chinese government.
On the Github page dedicated to providing decompiled versions of this app for iOS and Android, you can see a good handful of evidence and references to code expressly designed to collect information from participants. In the PDF that the Olympic Games board has issued, you can see how they recommend downloading and using this app ‘at least 14 days before departure to China’.
The app is intended to provide particularly relevant information about the Olympic Games to participating athletes, as well as being a way to monitor athletes’ health through a tool to upload their COVID test results. However, through reverse engineering, it has been found to contain spyware, having the ability to collect information that is stored on servers in China.
Previously, when we downloaded this app from the App Store, the store confirmed that ‘the developer does not collect any information through the app’. However, this has recently changed, as you can see in the image above. Regarding Android, if we go to the Play Store, we see all the permissions we must grant to install the app, a fairly extensive list that involves access to location, network, content on our device, etc.
Scott was able to investigate the code in depth and discovered some functions that can be modified and activated remotely, including ‘makePhoneCall’, ‘startWifi’, ‘connectWifi’, etc. In addition, he also exposes how iFLYTEK’s technology interacts with the user in this application, also collecting information about the vaccination and health status of all the participants of the Olympic Games.
The researcher assures that he will soon release a more detailed report of all the data he has been collecting through reverse engineering. However, these are just some indications that China will not open its ‘Great Firewall’ to the world without taking action.