微信是一款具有多种功能的应用程序。之前，我们研究了小程序的隐私问题及其监视以及审查文本和图像消息。本研究重点研究微信的网络加密协议及其安全性。

微信有超過十億每月活躍使用者，我們分析了微信使用的主要網路協定 MMTLS 的安全和隱私特性，並發佈了首篇公開的研究報告。

微信是一個具有許多功能的應用程式。之前我們研究過圍繞小程式的隱私問題，以及微信對文字和圖片訊息的監視及審查。在這項研究中，我們主要關注微信的網路加密協定及其安全性。

Research FAQ for the full report “Should We Chat, Too? Security Analysis of WeChat’s MMTLS Encryption Protocol”

This report performs the first public analysis of MMTLS, the main network protocol used by WeChat, an app with over one billion users. The report finds that MMTLS is a modified version of TLS, however some of the modifications have introduced cryptographic weaknesses.

该报告通过审查 WeChat 应用程序在其各种功能正常运行期间收集并发送到 WeChat 服务器的数据，对流行应用程序 WeChat 的隐私问题进行了分析。我们发现，他们收集的使用数据多于 WeChat 隐私政策中披露的程度。

這份報告檢視熱門應用程式 WeChat 在其各種功能的正常運作過程中所蒐集並傳送至 WeChat 伺服器的資料，以此分析該應用程式存在的隱私問題。我們發現，WeChat 蒐集的使用資料比在隱私權政策中公布的還要多。

We conducted the first analysis of WeChat’s tracking ecosystem. Using reverse engineering methods to intercept WeChat’s network requests, we identified exactly what types of data the WeChat app is sending to its servers, and when. This report is part one of a two-part series on a privacy and security analysis of the WeChat ecosystem.

This FAQ accompanies the full report on privacy in the WeChat ecosystem. We analyzes privacy issues with popular app WeChat by reviewing the data collected by the app and sent to WeChat servers during the regular operation of its various features. We find that they collect more usage data than is disclosed in the WeChat privacy policy.

The IATA Travel Pass (ITP), a global, opt-in app to receive, store, and share digital COVID-19 test certificates for flights, has a critical flaw in its registration process which allows an attacker to impersonate another user, needing only to know the user’s passport details but not possess the passport itself.