Great work, Citizen Lab team. While these findings aren't entirely new, your strong assertion is particularly noteworthy:
These findings contribute to a larger body of work that suggests that apps in the Chinese ecosystem fail to adopt cryptographic best practices, opting instead to invent their own, often problematic systems.
It wouldn't be surprising to see MMTLS undergo major overhauls in the future, but the question is whether such corrections will come proactively or only after a serious incident.
It's not new that apps in the Chinese circumvention ecosystem also fail to adopt cryptographic best practices, opting instead to invent their own, often problematic systems.
https://citizenlab.ca/2024/10/should-we-chat-too-security-analysis-of-wechats-mmtls-encryption-protocol/
Great work, Citizen Lab team. While these findings aren't entirely new, your strong assertion is particularly noteworthy:
It wouldn't be surprising to see MMTLS undergo major overhauls in the future, but the question is whether such corrections will come proactively or only after a serious incident.