- Alcaraz breezes into third round of Shanghai Masters
- Gaza cultural heritage brought to light in Geneva
- 'Bullet for democracy': Trump returns to site of rally shooting
- Italy targets climate activists in 'anti-Gandhi' demo clampdown
- South Korean cult-horror series 'Hellbound' returns at BIFF
- Nepalis fear more floods as climate change melts glaciers
- Honduras arrests environmentalist's alleged murderer
- Padres pitcher Musgrove needs elbow surgery
- Supreme Court lets stand rules to curb mercury, methane emissions
- Boston beat Denver in NBA exhibition season opener, but Jokic says omens are good
- Chagos diaspora angry at lack of input on islands' fate
- Biden says 'not confident' of peaceful US election
- US trade chief defends tariff hikes when paired with investment
- Lukaku stars as Napoli beat Como to hold Serie A top spot
- Ohtani set for MLB playoff debut as Dodgers face Padres
- Pogba's drug ban cut to 18 months from four years
- Devine leads New Zealand to big win over India in Women's T20 World Cup
- Bosnia floods kill 16 people
- EU court blocks French ban on vegetable 'steak' labelling
- Prosecutors seek dismissal of rape charges against French rugby players
- Meta AI turns pictures into videos with sound
- Bolivia's Morales says claims he raped a minor are a 'lie'
- MLB Reds hire two-time champion Francona as manager
- Daniel Maldini receives first Italy call-up for Nations League
- US dockworkers return to ports after three-day strike
- Ancelotti points finger at Madrid's 'lack of intensity'
- Haiti reeling after 70 killed in gang attack
- Five Czech kids in hospital over TikTok 'piercing challenge'
- What happens next in Iran-Israel conflict?
- Country star Garth Brooks denies rape accusations
- Stubbs hits maiden century as South Africa make 343-4 against Ireland
- DR Congo to begin mpox vaccination campaign Saturday in east
- Odegaard injury has forced Arsenal to be 'different', says Arteta
- Ratcliffe refuses to guarantee Ten Hag's Man Utd future
- Meta must limit data use for targeted ads: EU court
- Mauritius to hold legislative election on November 10
- Britain qualify for America's Cup final after 60-year wait
- IMF asks Sri Lanka to protect hard-won gains
- Morata returns to Spain Nations League squad after injury
- Irish regulator to probe Ryanair use of facial recognition
- Public allowed to see video evidence in France mass rape trial
- US hiring soars past expectations in sign of resilient market
- Under-fire Ten Hag 'together' with Man Utd hierarchy
- Guardiola talks of Man City love affair as financial hearing rumbles on
- De Bruyne out of Belgium Nations League squad
- Japanese trainer Yahagi hopes Shin Emperor achieves 50-year-old Arc dream
- UK's Starmer hails 'landmark' carbon capture funding
- As EU targets Chinese cars, European rivals sputter
- Bosnia floods kill 14 people
- Tennis world number one Swiatek splits with coach Wiktorowski
Beijing Olympics organisers say app security flaws 'fixed'
An app that Winter Olympics attendees must use has been patched, a Chinese official told AFP Thursday, after cyber security researchers said they had found a "simple but devastating" flaw that could allow data leaks.
Next month's Games are being held in a bubble that separates participants from the rest of the population as part of China's strict zero-Covid policy.
Those taking part -- from foreign athletes, delegates and media to the army of local volunteers and officials -- have to download a health-tracking app called MY2022.
Users report their health status daily through the app which collects data including vaccination status and coronavirus test results, as well as travel and passport details.
Earlier this week researchers at the University of Toronto's Citizen Lab said they discovered the app's security flaws could allow data including health information and voice messages to leak, which could then be read by "eavesdroppers" such as Wi-Fi hotspot operators.
But a senior Chinese Olympic official said any bugs had now been fixed.
"There is definitely no data leakage," Beijing Olympics Organising Committee (BOCOG) tech chief Yu Hong told AFP, adding that the app's user and privacy guidelines were reviewed by the International Olympic Committee.
"The security loopholes have already been fixed. If they existed in earlier versions, they have been fixed in the latest version."
The app's developers have been in email contact with Citizen Lab since Wednesday, Yu added, promising that there will be "relevant discussions" on follow-up work.
Yu did not deny there may have been security flaws in previous versions of the app and she suggested that BOCOG had not been aware of them.
"During development we have continued to test and use it. When new usage conditions appear some new technological imperfections may be discovered, these can be called loopholes," she said.
- Data laws -
Citizen Lab earlier said it had notified organisers about the issues in early December but received no reply.
However, Yu said organisers never saw the request because it was sent to an old email address.
China's data security laws require that health and medical data be encrypted during transmission and storage.
The Citizen Lab report claimed that the app's inadequate encryption could violate Chinese law, as well as Google and Apple mobile software policies.
"China has a history of undermining encryption technology to perform political censorship and surveillance," researcher Jeffrey Knockel wrote in the report.
Researchers also discovered the app's Android code contained an apparently inactive blacklist of over 2,400 "politically sensitive" phrases, and that it had a separate function to report other users' speech for "politically sensitive content".
But organisers denied ever requesting these functions, and said they have asked the developer to look into it.
They added that app health data would primarily be shared with virus control authorities, after the report claimed this was unclear.
"Use of data by individuals and departments is only permitted after the IOC confirms it," Yu said.
China maintains the world's most sophisticated digital tools to monitor and censor the internet for its citizens, blocking major Western platforms such as Twitter, Facebook and YouTube.
In recent days, Olympic associations in multiple Western countries have warned athletes to leave personal devices at home and bring "burner" phones to China.
Analysts have also warned of cybersecurity risks such as data theft and surveillance targeting attendees using public Wi-Fi networks and official SIM cards provided by organisers.
However, organisers and the Chinese government have dismissed such concerns as unfounded.
"The government will not monitor individuals' phones in any form," Yu said.
The app also provides a range of daily living services for users, such as translation, weather, transport schedules and accommodation booking.
G.Teles--PC