Network Security Issues in RedNote

This report documents critical network-security weaknesses in RedNote (XiaoHongShu): multimedia content is fetched over HTTP exposing user browsing to network eavesdroppers; an upstream NEXTDATA SDK enables a remote, MITM-assisted proof‑of‑concept that can exfiltrate file contents from affected Android builds; and a MobTech analytics SDK transmits extensive device metadata using weak or unauthenticated TLS and insecure custom crypto. The issues affect multiple app builds and were disclosed to vendors without response; mitigations center on proper use of TLS and standard cryptographic libraries.