Report: WeChat collects more usage data than they disclose


A CitizenLab report on privacy-related issues at WeChat, China’s largest social media app, found that it collects far more usage data than what the company’s policies claim.

Specifically, the researchers found that WeChat collects activity and usage logs when users run Mini Programs – despite policies that say the data is only available to third parties.

“For the average user, it means your identity and activities on Mini Programs are disclosed to WeChat without an informed way to opt-out of this data collection. This will not only pose a privacy risk but it’s also unknown how WeChat might use that information,” the CitizenLab said.

ADVERTISEMENT

Mini Programs are lightweight apps that can be downloaded and launched within the WeChat app. They can also sync and link with users’ WeChat accounts. The breadth and variety of Mini Programs is essentially the same as any other app ecosystem, like the Google Play Store or the Apple App Store, researchers say.

But because Mini Programs cover e-commerce, health, public services, gaming, and any other service an app may possibly be used for, it means that many popular apps manage sensitive data. Certain apps manage health data and government services, or perform financial transactions on behalf of the user.

The app generally also collects device and network metadata on top of whatever other data it needs to implement the app’s functionality. If your location permission is granted to WeChat, for example, WeChat enables the “People Nearby” feature, which collects your location when you’re using the application.

WeChat is the most popular messaging and social media platform in China and third in the world, with over 1.2 billion monthly active users. According to market research, network traffic from WeChat made up 34% of Chinese mobile traffic in 2018.

Its users are mostly Chinese – but not only in China itself. Millions of Chinese nationals and emigres who don’t necessarily support the government in Beijing live overseas. This is also why the fact that WeChat collects more data than they claim is important.

The CitizenLab researchers, to be fair, admit that their methodology doesn’t allow them to “definitively” say what happens to data after WeChat collects it – they are studying client behaviors.

But the report cites previous CitizenLab research, saying that even communications entirely among North American accounts were still used to secretly train WeChat’s Chinese political censorship system.

And in 2022, Radio Free Asia said it learned that WeChat was warning users outside China that their data would be stored on servers inside the country.

WeChat’s parent company Tencent, like all other Chinese platforms and other internet service providers, is required under China’s Cybersecurity Law to assist the ruling Communist Party with any data it says it needs.

ADVERTISEMENT