As you and other millions of sports fans flock to Paris to follow the Olympic Games from the ground, forget the tickets: you might have to pay a hefty price with your privacy.
Most of the 2024 Paris Olympics apps track users, extract private data, and share it with advertisers and big tech. This is the worrying finding from a study on 12 Android applications designed to help users as they attend the Olympics and stay in Paris.
While the best VPN services can help protect your privacy when connecting to unsecured Wi-Fi networks, they cannot prevent data-hungry applications from abusing your data. Keep reading, and I'll explain what's at stake and what you can do.
Beware of dangerous permissions
As mentioned earlier, researchers analyzed 12 Android apps relevant to the Paris Olympic Games to determine how they access and collect user data.
Commenting on the findings, Cybernews security researcher Mantas Kasiliauskis said: "We discovered that the apps designed to help you during the Olympics are underreporting their data collection scope on Google Play Store, require excessive dangerous permissions, and share sensitive user data with advertisers."
Unsurprisingly, a travel app (Bonjour RATP) came out as the most data-hungry with 18 data points collected. The collection of precise location data is especially significant. While the app needs this information to fulfill its functionality, Bonjour RATP also shares the user's location "for the declared purposes of advertising, fraud prevention, security, and compliance," noted researchers.
Two dedicated applications for the Olympic Games (The Paris 2024 Olympics and The Paris 2024 Public Transport apps) are also among the most privacy-unfriendly apps.
That's quite significant considering that the Paris 2024 Olympics app alone has already been downloaded more than 10 million times. Besides collecting and sharing sensitive data like web browsing history, email addresses, devices, and other IDs, the app also asks for multiple dangerous permissions. These, according to researchers, "allow it to tap into the deepest secrets you may hiden on your Android phone."
Cybernews contacted the International Olympic Committee (IOC) on these points, and they admitted to tracking users' personal data for building user profiles and sharing data with advertisers, including Facebook, Google, Apple, or X.
"When required, prompts are presented to users to allow them to consent to specific features to enhance their app experience," IOC said to Cybernews, adding that users can change the permissions they granted via the device and app settings at any time.
Alongside data location, researchers found that the most popular, and dangerous, permission is storage access. This means that 7 out of 12 tested apps want to read and write files on your device. This may expose your privacy as the apps are allowed to check and modify all your files.
Half of the analyzed apps also wanted to access your camera. That's dangerous as there's the risk that the applications could take photos and record videos without user consent.
As Cybernews researchers noted, camera access has many legitimate uses – think about scanning ticket QR codes or credit cards, verification, taking selfies, and so on. Yet, it is crucial to ensure that cameras are only used for the stated purposes to fulfill their functionality.
"The app should help you enjoy the Olympics, but it shouldn't need to know your whole life story or what websites you visit to do that," Kasiliauskis said. "It’s concerning, given the stated intentions to build detailed user profiles and share data with tech giants. Unfortunately, invasive data collection is a longstanding industry trend, and lots of apps try to grab more data than they need."
How to stay safe when using 2024 Paris Olympics apps
While you might not be able to avoid using certain handy apps while attending the Olympics, there's still something you can do to boost your privacy while using them.
For starters, you should avoid downloading the Paris Olympics apps – or any other applications – from third-party websites. Official App Stores are your best bet to ensure the applications you're installing on your device are secure and malware-free.
A virtual private network (VPN) is a security software that encrypts internet connections and spoofs your IP address. Besides boosting your privacy when browsing on public networks, it can come in handy when traveling. Here are four reasons to use a VPN if you're attending the Olympic Games.
I also recommend taking some time to go through the app's privacy policy before downloading it. I know how boring this sounds, but it's important to be aware of what you're signing up for.
Once you have all the Paris Olympic Games apps you need, it's time to review the permissions you grant for each application. To do this, Kasiliauskis suggests employing the "principle of least privilege."
He said: "If there’s no obvious need, do not grant the permission. If the permission is no longer needed, revoke it. The apps should only require essential permissions for their functionality. However, multiple researchers reveal that they often ask for excessive permissions."
Lastly, you should avoid using your social network profile to sign in to prevent the app from collecting information from the account and vice versa. Also, remember to delete all the Paris Olympic Games apps once you get home. No need to risk your privacy for an application you probably won't use ever again.
