It seems reasonable to suggest that athletes only use burner phones.
Not long ago, we heard that some countries were advising their respective Olympic teams to keep all personal electronics at home and use “burn-in phones” while in Beijing. Of course, this is done out of fear of the Chinese government’s crackdown on the Internet and all electronic communications. Sometimes, Big Brother is really watching.
This advice has proven to be very solid, as researchers have taken apart the Android and iOS versions of the MY2022 app — which all Olympians must use — and found some real interesting stuff. Not that fun good stuff either.
After reverse engineering all #Beijing2022 #spyware application @Apple #ios and @Google #android
I can say with certainty that all Olympian audio is collected, analyzed and saved on Chinese servers using technology from a US blacklisted AI company @USTIFLYTEK 1999 https://t.co/9wX1sP8PZP pic.twitter.com/hdIfiKX37m
— Jonathan Scott (@jonathandata1) January 26, 2022
There’s a lot to deal with in this Twitter thread, but none of it is good. On the surface, the application code on both platforms shows:
- The app fully controls the microphone
- The app forces itself into the foreground, so the Android user doesn’t get a notification that it’s running
- the app were able Collect audio anytime
- The app sends audio files to a server located in mainland China
- The collected audio was processed by iFLYTEK, a Chinese artificial intelligence company that has been blacklisted in the US for security concerns
- Chinese brand phone users from Huawei, Xiaomi, vivo, Meizu and OPPO devices also send data back to the manufacturer through the app
Oops! If they hope to compete in the 2022 Winter Olympics, that doesn’t make anyone confident about using the apps China forces athletes to install on their phones. It’s also worth noting that both Apple and Google do a lot of work to make sure apps can’t do this. Still, no security protection of any kind is foolproof, and this is a good example. I’m trying to find someone in Beijing with an Android 12 phone to see if the mic light is active, but I don’t connect very well with the Olympic crowd. If you are, please take a moment to help.
It is very important to point out those things is 100% from what happened Can occur. We know the audio is being processed by a company in the US that claims to work for the Chinese Communist government. It is also a Chinese startup with offices in China.
We also know that the app is forcing itself into the foreground. In case you don’t know, it means the app behaves as if it’s being displayed on your screen, even if it’s not. It’s not a good practice, but this capability is available on both Android and iOS, because sometimes it’s a necessary evil.
We know that once the audio is captured, it is sent to a server in China. It makes perfect sense – a Chinese company is doing the processing, and Chinese companies all have servers in China. It’s not a good thing, but it’s something to look forward to.
As for the rest, well, the app can launch itself and record everything it hears without the user. Or anyone around the user, know. It can then send that data to a server where a good AI can process it and flag anything it thinks needs to be heard by real humans. Remember, China is a country without any First Amendment-style protections, and you can’t say anything while inside China. Especially any kind of criticism of the government, or talking about Winnie the Pooh.
Every good story has two sides.Enter Dan Goodin, another security researcher and Ars Technica reporter Who is not too happy with all these claims. However, he fully agrees that the app is suspicious AF, and says that based on Citizen Lab’s assessment, the app appears to be worrisome.
Maybe the app can do these things, but there is no evidence that it has or will do.
He also tempered the discussion with a lack of evidence. The app may do other things, but there is no evidence that it has or will do. He is also right. That’s partly because research into apps is new and the 2022 Winter Games are just getting started, but partly because of how mobile OS app permissions work. In the end, too many things get mixed up and apps gain permissions they don’t need.
At the end of the day, in this terrifying sea of unknowns, the only real solution is to use a burner phone, not one of the best Android phones. If all the claims about the app are true, you’ll still be sending the CCP all the noise you make, but once you’re done with the 2022 Winter Olympics, you can throw your phone in the airport wastebasket. Most of us don’t have to worry because we’re not in the 2022 race, but a similar situation can happen to anyone who travels internationally, especially getting used to traveling to a country that doesn’t respect your civil rights.