Privacy in the WeChat Ecosystem

Information Controls Fellowship Program Fellow Mona Wang finds that the popular messaging and social media platform WeChat collects more usage data than is disclosed in its privacy policy.
Thu, 2023-11-30 23:04

With more than 1.2 billion monthly active users, WeChat is the most popular messaging and social media platform in China and the third in the world. In many ways, it monopolizes messaging in China and has evolved into a platform for conducting financial transactions, as well as downloading and using other programs (often referred to as “Mini Programs”). Many inside and outside the country use WeChat out of necessity.

WeChat operates a massive content censorship ecosystem for the features on its platform, and complies with Chinese government and local police requests for data and information. Given this, understanding what data the WeChat application and ecosystem transmits, and to whom, is critical for vulnerable populations that must use the platform (such as domestic journalists and foreign correspondents, and grassroots and diaspora activists). 

Despite the global popularity of WeChat and the amount of attention to the Mini Programs third-party ecosystem, what types of data WeChat transmits as well as what information flows from these third-party apps back to WeChat is understudied compared to other social media ecosystems like Facebook. Previous work attempted to use automated methods to analyze the Windows desktop version of WeChat.

To fill this gap, Information Controls Fellowship Program Fellow Mona Wang, in collaboration with their host organization The Citizen Lab, used reverse-engineering methods to analyze privacy issues with the popular app (the Android version 8.0.23)—identifying exactly what type of data the app sends to its servers and when.

Key Findings

  • Granting permissions such as the precise geolocation affects the type and amount of data transmitted.
  • Most fine-grained activity tracking data is sent during Mini-Program execution (Mini Programs are apps accessed within WeChat).
  • A large amount of users’ Mini Program app activity is sent to WeChat and not just the developers of these apps.
  • WeChat’s privacy policy implies that only third-parties collect usage data related to Mini Programs. In reality, WeChat also collects this data.
  • Users signing up with Chinese phone numbers might be subjected to worse protection than they think, given that some important features within the app (such as Advanced Search) are not governed by WeChat’s own privacy policy.

Read the Full Report:

This report is part one of a two-part series on a privacy and security analysis of the WeChat ecosystem.

FAQs on WeChat Privacy: Privacy in the WeChat Ecosystem Explained