The Citizen Lab RSSWhat WeChat Knows: Pervasive First-Party Tracking in a Billion-User Super-App Ecosystem
WireWatch: Measuring the Security of Proprietary Network Encryption in the Global Android Ecosystem
Network Security Issues in RedNote
https://citizenlab.ca/2025/02/network-security-issues-in-rednote/
#AppPrivacyandControls #networksecurity #socialmediaapp #RedNote
Network Security Issues in RedNote - The Citizen Lab
Our first network security analysis of the popular Chinese social media platform, RedNote, revealed numerous issues with the Android and iOS versions of the app. Most notably, we found that both the Android and iOS versions of RedNote fetch viewed images and videos without any encryption, which enables network eavesdroppers to learn exactly what content users are browsing. We also found a vulnerability in the Android version that enables network attackers to learn the contents of files on users’ devices. We disclosed the vulnerability issues to RedNote, and its vendors NEXTDATA, and MobTech, but did not receive a response from any party. This report underscores the importance of using well-supported encryption implementations, such as transport layer security (TLS). We recommend that users who are highly concerned about network surveillance from any party refrain from using RedNote until these security issues are resolved.
【我們繼續聊天?】繁體中文摘要
【我们继续聊天?】常问问题
Should We Chat, Too? FAQ
【我們繼續聊天?】常見問題
#AppPrivacyandControls #Encryption #Security #Privacy #WeChat #FAQ
Should We Chat, Too? Security Analysis of WeChat’s MMTLS Encryption Protocol
Should We Chat, Too? Security Analysis of WeChat’s MMTLS Encryption Protocol - The Citizen Lab
This report performs the first public analysis of MMTLS, the main network protocol used by WeChat, an app with over one billion users. The report finds that MMTLS is a modified version of TLS, however some of the modifications have introduced cryptographic weaknesses.
敲敲打打:一系列雲端輸入法漏洞允許網路攻擊者監看輸入內容(摘要)
Chinese Keyboard App Vulnerabilities Explained
https://citizenlab.ca/2024/04/chinese-keyboard-app-vulnerabilities-explained/
Chinese Keyboard App Vulnerabilities Explained - The Citizen Lab
We analyzed third-party keyboard apps Tencent QQ, Baidu, and iFlytek, on the Android, iOS, and Windows platforms. Along with Tencent Sogou, they comprise over 95% of the market share for third-party keyboard apps in China. This is an FAQ for the full report titled "The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers."