Happy Nice Mall

In preparation for the 2021 Tokyo Olympics, Japan tried to develop a contacts-tracking app that would track foreign visitors, but concerns quickly settled on bugs in the software and whether all visitors would have smartphones to install the app on.

The Citizen Lab report said that MY2022 was unable to verify a unique cryptographic signature with the server it was transferring data to. Essentially, this meant that hackers could get hold of the data unknowingly from the Chinese authorities. Other parts of the app, such as the built-in messaging service, failed to encrypt metadata, making it easier for wireless network or telecom owners to detect which phone was texting to another phone and when.

“Any information you transmit can be intercepted, especially if you’re on an untrusted network like a cafe or hotel Wi-Fi service,” said Jeffrey Knockel, a Citizen Lab research fellow and one of the report’s authors. Dr. Knockel added that sensitive information removed in this way could be used for identity theft.

It’s unclear whether the vulnerabilities were intentional, but the report noted that proper encryption could interfere with some of China’s ubiquitous online surveillance tools, particularly systems that allow local authorities to spy on phones using public wireless networks or internet cafes. Still, the researchers added that the flaws are likely intentional, because the government will already be getting data from the app, so there’s no need to cut data while it’s being transferred.

Dr. “When using the app, you are already sending data directly to the Chinese government,” Knockel said.

According to Citizen Lab, the app also included a list of 2,422 political keywords that were identified in the code as “illegalwords.txt” and worked as a keyword censorship list. The researchers said the listing appears to be a hidden function that the app’s chat and file transfer functionality isn’t actively using.

Censored word lists are common in Chinese social media apps and work as the first line of defense in a multi-layered censorship system designed to prevent the spread of undesirable political topics.