Knockel, Jeffrey2022-07-282022-07-282022-01-18Jeffrey Knockel. “Cross-country Exposure: Analysis of the MY2022 Olympics App,” Citizen Lab Research Report No. 149, University of Toronto, January 2022.http://hdl.handle.net/1807/123968MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Health customs forms which transmit passport details, demographic information, and medical and travel history are also vulnerable. Server responses can also be spoofed, allowing an attacker to display fake instructions to users.en-caAttribution-ShareAlike 4.0 Internationalhttp://creativecommons.org/licenses/by-sa/4.0/MY2022OlympicsBeijingChinaencryptionsecurity vulnerabilitypublic healthtravelTechnical Report