Data hunger: Apps for the Olympic Games in Paris spy on users

The official app of the International Olympic Committee (IOC) for the Summer Games in Paris, which opened on Friday, is recommended as a personal companion to the tournaments with timetables, news, medal results and information on events and qualifying matches. It has already been downloaded more than ten million times. But the software is curious and data-hungry. It collects user data such as browser history, email addresses, devices used and other IDs and forwards this data to advertisers.

This is the result of an analysis by the Lithuanian IT security company Cybernews. It also warns that the app requires "several dangerous permissions" that allow the operator to access "the deepest" secrets stored on the smartphone. The requested permissions include precise location tracking, camera and audio recordings, reading photos and videos, changing audio settings and even accessing high sampling rate sensors that could be used to record user activities and movements in detail. Together with the personal data that the app collects, a very comprehensive user profile could therefore be created.

If the provider were to use all of these permissions, the app would theoretically start automatically after the phone is restarted and run in the background to track the exact location. Other features include monitoring nearby Bluetooth devices and accessing personal information, including network and Wi-Fi connection details. The app is theoretically able to prevent the phone from going into sleep mode, which would drain the battery faster. The app can also use the internet connection for its own purposes, such as sending notifications and connecting to Wi-Fi hotspots on its own.

Warning lights come on

The conditional data access does not yet mean that it is being misused or used at all. Mobile operating systems also have protective functions, such as notifying users when the camera or microphone is being used. However, the sheer number of authorizations does raise "some warning signals" for the researchers. In its privacy policy, the IOC only confirms that personal information is shared with Facebook, Google and X.

The official Olympic app for the Summer Games has been designed with the aim of "providing the best possible experience for fans", the IOC told Cybernews. "If necessary, users will be shown prompts so that they can agree to certain functions." The application also has an audio commentary function that allows users to listen in. The IOC assured: "This is a library import code that does not collect data or place cookies."

Public transport use is closely tracked

The IOC's cell phone program is just one of twelve Android apps with high relevance to the Games in the French capital that a team from Cybernews examined closely. According to the results, many of them also pay little attention to protecting users' privacy. According to the researchers, the Bonjour RATP app for using public transport in Paris and the surrounding area turned out to be the most data-hungry. It uses 18 out of 38 possible data points and passes most of them on to third parties. Bonjour RATP not only collects precise location data for its functionality, but also shares it with other parties for advertising, fraud prevention and security purposes. The app also has over ten million downloads on Android.

According to the report, TheFork app, Europe's leading restaurant booking platform, collects 15 data points and shares almost all of them with third parties. The Citymapper app, which is designed for navigating through urban traffic, collects 14 data points. Around ten data points are required for the "Paris 2024 public transport" apps. Even PinQuest, a game for testing Olympic knowledge, asks for permission to access the camera and saved files, although it supposedly does not collect any user data. The most frequently used dangerous permission requested by seven apps was memory access. This makes it possible to check and change files, including those on external media such as SD cards. The "My2022" app, which is mandatory for athletes, already caused unrest at the Winter Games in Beijing 2022. The German participants were only supposed to install this software on specially provided cell phones.

(ds)