Publications
This report performs the first public analysis of MMTLS, the main network protocol used by WeChat, an app with over one billion users. The report finds that MMTLS is a modified version of TLS, however some of the modifications have introduced cryptographic weaknesses.
We conducted the first analysis of WeChat’s tracking ecosystem. Using reverse engineering methods to intercept WeChat’s network requests, we identified exactly what types of data the WeChat app is sending to its servers, and when. This report is part one of a two-part series on a privacy and security analysis of the WeChat ecosystem.
This FAQ accompanies the full report on privacy in the WeChat ecosystem. We analyzed privacy issues with popular app WeChat by reviewing the data collected by the app and sent to WeChat servers during the regular operation of its various features. We find that they collect more usage data than is disclosed in the WeChat privacy policy.
The IATA Travel Pass (ITP), a global, opt-in app to receive, store, and share digital COVID-19 test certificates for flights, has a critical flaw in its registration process which allows an attacker to impersonate another user, needing only to know the user’s passport details but not possess the passport itself.
On April 13, the Citizen Lab published an analysis of the IATA Travel Pass. In this post, we discuss the significance of the report’s findings.