WeChat

Warning: *privacy not included with this product

WeChat

Tencent
Wi-Fi

Review date: Sept. 8, 2021

|
|

Mozilla says

|
People voted: Super creepy

WeChat is a hugely popular social media and messaging app owned by Chinese tech giant Tencent. And when we say popular, we mean it’s one of the most downloaded apps in the world, with over a billion active users. It’s also one of the least private messaging apps we've come across. It offers all the features -- text chat, video and voice chat, location sharing, stickers, games, WeChat Pay, and even ways to exercise with your friends. Which is great. Just don't expect anything you do on WeChat to be private.

What could happen if something goes wrong?

Ding! Ding! Ding! WeChat earns our *Privacy Not Included warning label for good reason. WeChat isn't just bad at privacy, it's scary. Where to start? The lack of end-to-end encryption? Not a deal breaker, but not great.The leak of hundreds of millions of private chat logs? Definitely bad! The reported recent banning of LGBTQ friendly and feminist accounts? Yikes! The alleged foreign surveillance and censorship. Terrible! Yes, WeChat has a huge billion+ user base. Yes, it’s very popular and feature rich. But none of that outweighs WeChat's bad track record on privacy and security. The bottom line: we feel the only way to protect your privacy when using WeChat, is to never use WeChat. *Privacy is absolutely not included.

mobile Privacy warning Security A.I.

Can it snoop on me? information

Camera

Device: N/A

App: Yes

Microphone

Device: N/A

App: Yes

Tracks location

Device: N/A

App: Yes

What can be used to sign up?

Optional Facebook sign up is available.

What data does the company collect?

How does the company use this data?

WeChat may hand over any data (including communication content) to the government, public, regulatory, judicial and law enforcement bodies or authorities when necessary. In addition, WeChat data can be shared with a number of group companies, including Tencent International Service Europe BV (located in the Netherlands), Tencent International Service Pte. Ltd (located in Singapore), WeChat International Pte Ltd (located in Singapore) and Oriental Power Holdings Limited (located in Hong Kong) and WeChat International (Canada) Limited (located in Canada). WeChat also says they may share user data with a number of third parties. All WeChat users should note, Tencent also operates Weixin, a service interoperable with WeChat, targeted at users in mainland China. In the WeChat privacy policy, they state, "When you interact with a Weixin user, or use or receive notifications from any feature operated by Weixin, please be mindful that your information may be collected, retained, shared and/or stored by Weixin in accordance with the Weixin Privacy Protection Guidelines and not this Privacy Policy." So if you as a WeChat user interact with a Weixin user (and you may not know who on the service is a Weixin users versus a WeChat user), your privacy rights will be only protected as far as the less protective Weixin privacy policy applies.

How can you control your data?

WeChat says that you can delete your account, or remove certain personal information, by logging into your WeChat account and following the account deletion instructions. The company provides clear retention periods for all data. According to a 2019 paper by MIT researchers, at the time, when a user deleted a voice or text message, rather than removing the data from the local database, WeChat simply removed the key storage for the data. However, because this data remained in the local storage, the data was not actually deleted. WeChat has indicated that currently, when a user deletes a message from a chat, the WeChat app will immediately delete both the message key and the content of that message from the user’s local storage.

What is the company’s known track record of protecting users’ data?

Bad

WeChat allegedly censors private conversations automatically in real life, for both Chinese and non-Chinese users. In March 2019, a database of 364 million records of users from China was discovered on the Internet. Each record, drawn from apps like WeChat and QQ, also contained personally identifying Chinese citizen ID numbers, photos, addresses, GPS location data, and info on the type of device being used. The database also sent data back to 17 remote servers in different provinces in China. There is a suspicion that the data gets distributed among police stations. WeChat also reportedly shut down hundreds of LGBTQ+ friendly accounts in July 2021.

Can this product be used offline?

N/A

User-friendly privacy information?

No

Huge and overly complex privacy policy.

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Uses encryption but no end-to-end encryption

Strong password

Yes

Password is needed to set up an account. Password must be 8-16 characters and contain both numbers and letters/special characters.

Security updates

Yes

Since its launch in 2011, over 100 updates.

Manages vulnerabilities

Yes

Tencent operates a security response center.

Privacy policy

Yes

Does the product use AI? information

Yes

WeChat runs a WeChat AI hub, which openly focuses on such applications as Speech and Audio recognition, Natural Language Processing, face recognition, content understanding, etc. A major concern is that this AI enables censorship, blocking links, images, topics or audio.

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

No

Does the user have control over the AI features?

Can’t Determine


News

Red Vs are after China’s queer community
Protocol
When mobile social platform WeChat shut down nearly 20 accounts run by campus LGBTQ+ clubs and nonprofit organizations on July 6, the Chinese queer community home and abroad were sad and enraged — but mostly perplexed. No one knew what might have triggered the bans. It was only in the following week, when nationalist influencers, or Red Vs, launched a campaign targeting China's LGBTQ+ community for ties with "anti-China forces" that queer students realized that they have been pulled into a nationalist frenzy.
TikTok, WeChat & Co: How does spyware get into smartphones?
DW
TikTok, WeChat and thousands of other apps from China look harmless but are, in fact, malware, experts say. The apps cleverly disguise their origin. How can we protect ourselves from them?
Tencent's WeChat suspends new user registration for security compliance
Reuters
WeChat has temporarily suspended registration of new users in mainland China as it undergoes a technical upgrade "to align with relevant laws and regulations"
How WeChat censors private conversations, automatically in real time
Technology Review
The app instantly blocks even the images for over 1 billion users and growing.
Out in the World: China's WeChat shuts down LGBTQ accounts
BayAreaReporter
Some of the LGBTQ and feminist accounts had a notice from WeChat stating it received "complaints about the pages," and informed people logging onto the profile that, "all content has been blocked and the use of the account has been stopped" for violations of unspecified social media regulations, reported Agence France-Presse.
LGBTQ activists give voice to China's censored WeChat groups
Nikkei Asia
Activists say the crackdown offers a window on the growing pressure China's LGBTQ communities face, and an increasingly unwelcoming online atmosphere in general.
Chinese censorship invades the U.S. via WeChat
Washington Post
A dozen WeChat users in the United States and Canada shared censorship stories with The Washington Post, ticking off cases of messages that they sent from their North American phones disappearing before reaching friends — at times when those friends were also located in the United States and Canada. Some users also spoke about being unable to log into their accounts after sharing information critical of China.
Security in the Face of Censorship
MIT
This paper follows our explorations of how censorship is executed through the application WeChat on Chinese citizens, and then our forays into strategies to combat censorship.
Outrage over shutdown of LGBTQ WeChat accounts in China
The Guardian
Dozens of WeChat accounts run by LGBTQ university students were blocked and then deleted on Tuesday without warning. Some of the accounts – a mix of registered student clubs and unofficial grassroots groups – had operated for years as safe spaces for China’s LGBTQ youth, with tens of thousands of followers.
Hundreds of millions of Chinese chat logs leak online
Financial Times
Hundreds of millions of private chat logs from Chinese users have been left exposed on the internet, a researcher has found, in another worrying case of weak data protection in China.

Comments

Got a comment? Let us hear it.