MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Health customs forms which transmit passport details, demographic information, and medical and travel history are also vulnerable. Server responses can also be spoofed, allowing an attacker to display fake instructions to users.

“冬奥通”是2022年北京奥运会官方规定与会者必须安装的一个手机软件。本研究指出“冬奥通”有一个简单但后果严重的安全漏洞，即其用于加密用户语音音频和文件传输的加密技术可以轻易被绕过。健康申报表等传输详细护照等个人资料，个人健康信息以及旅游史等也存在安全漏洞。服务器响应也可以被欺骗，允许攻击者向用户显示虚假指令。

本报告研究苹果公司对其激光镌刻服务的内容仲裁和审核。苹果为AirTag和iPad等产品提供镌刻服务，让用户可以在产品上留下自定义信息

本報告研究蘋果公司對其雷射鐫刻服務的內容審查。蘋果為 AirTag 和 iPad 等產品提供鐫刻服務，讓用戶可以在產品上留下自訂訊息。

Within mainland China, we found that Apple censors political content including broad references to Chinese leadership and China’s political system, names of dissidents and independent news organizations, and general terms relating to religions, democracy, and human rights. And across all six regions, we found that Apple’s content moderation practices pertaining to derogatory, racist, or sexual content are inconsistently applied and that Apple’s public-facing documents failed to explain how it derives their keyword lists.

As part of the Citizen Lab’s research into the security and privacy of applications, we report on issues we discovered with three COVID-related applications in Indonesia and the Philippines – PeduliLindungi, StaySafe PH, and COVID-KAYA.

COVID-KAYA, a platform used by frontline healthcare workers in the Philippines to collect and share COVID-19 cases with the Philippines Department of Health, contained vulnerabilities in both the web and Android apps that allows for unauthorized users to access private data about the app’s users, and potentially patient data.

As a follow-up to our March 2020 report, we conducted daily tests on WeChat and collected 2,174 censored keywords between January to May 2020. This data provides a view into how narratives and messaging on the pandemic are controlled and molded on social media in China.

WeChat communications conducted entirely among non-China-registered accounts are subject to pervasive content surveillance that was previously thought to be exclusively reserved for China-registered accounts.

The analysis of YY and WeChat indicates broad censorship—blocking sensitive terms as well as general information and neutral references—potentially limiting the public’s ability to access information that may be essential to their health and safety.