Jonathan Scott, a PhD candidate that researches mobile malware/spyware/forensics in Boerne, TX, recently decrypted and decompiled the 2022 official Beijing Olympics Apps that athletes are required to install on their iPhone or Android phones. They are supposed to be used for data collection for COVID-19 and for Olympic medal notification. Instead, what he found, was that the apps not only record and send audio from the phone microphone and capture clipboard contents, but they contain AI technology that was trade blacklisted in the United States back in 2019.
While the spying in particular is not a huge surprise, what IS a surprise is that the app either 1) Got past both Apple and Google’s safety-assurance processes ensuring apps are safe to use (in fact, Apple specifically states there is no data collection from this app). , or 2) These apps were given special treatment by Apple and Google to work around the usual process for app approval.
Do I believe that Apple and Google, the top 2 of 3 technology companies in the world, had their top security experts fooled into thinking the app was safe? Well, certainly both have had instances of being caught not doing their due diligence, but both companies, about the same app? Interesting.
No comment from most U.S. press and government so far. The very first news agencies are just picking up on this story.
Decompiled App source code from Jonathan’s GitHub: https://github.com/jonathandata1/2022_beijing
Relevant tweet from Jonathan: https://twitter.com/jonathandata1/status/1486458526767661060
AppleInsider story: https://forums.appleinsider.com/discussion/226014