“Investigating WeChat” is a four-part series exploring the complexities and threats posed by Chinese social apps WeChat and its domestic version Weixin. In this article, Reporters Without Borders (RSF) scrutinises the intricate ways in which international WeChat remains tied to domestic Weixin.
Although the international version of the social app WeChat is managed by two foreign-registered subsidiaries, which implies a degree of autonomy from Chinese regulations, its operational ties to its domestic counterpart Weixin significantly undermine this independence, affecting user data privacy across the globe.
Tencent robustly denies all allegations regarding data misuse, insists on the independence of its operations outside China and emphasises on segregation and user data protection. However, a number of Chinese immigrants have claimed that their activities on the app had been censored.
Here are the main safety issues associated with using WeChat journalists should be aware of:
- Integration of Weixin features. Journalists interacting with Weixin-specific features on WeChat, such as payment services or social features, automatically adhere to Weixin’s privacy guidelines, which may involve surveillance and data collection practised in China. Communications between WeChat and Weixin users are managed under the stringent privacy regulations of Weixin, thus exposing WeChat users to the same surveillance and censorship mechanisms prevalent in Weixin.
- Unalterable Chinese phone number registration. Registering a WeChat account with a Chinese +86 phone number categorises the user under Weixin, aligning them with Chinese regulatory oversight regardless of their location. This affiliation to Weixin policies is believed to be permanent, even if the person later switches to an international SIM, a point WeChat disputes. This permanent categorisation can lead to increased surveillance and legal obligations tied to Chinese laws.
- No secure encryption. Like Weixin, WeChat uses encryption in transit (EiT) rather than the more secure end-to-end encryption (E2EE). This means that messages are decrypted on Tencent’s servers for inspection before being re-encrypted and sent to recipients. This commonality exposes users of both platforms to significant security risks, evidenced by numerous data breaches. These breaches have revealed personal data such as phone numbers, GPS locations, IP addresses, and other sensitive information, emphasising the ongoing security challenges.
- Data stored in China. Despite its claims of operational independence, WeChat shares significant infrastructural elements with Weixin, including servers in mainland China, a point specifically stated in the software’s 2022 policy update. Using Chinese third-party services within WeChat can also lead to data transfer to servers located in China, exposing its users to potential surveillance and abuse.
← Read: An introduction to social apps WeChat and Weixin
← Read Part 1: Weixin and WeChat, the terrible twins
← Read Part 2: Weixin in China, Big Brother is watching you
→ Read Part 4: Safety advice for journalists using WeChat and Weixin
Co-written by Bence Kócsi. Bence Kócsi is an experienced freelance editor, writer, and researcher. He has been focusing on a wide range of topics including digital security, technology, historical linguistics, politics, and medicine.
Co-written by Benjamin Finn. From Houston (USA), Benjamin has been in the IT field for a decade, during which his primary focus was the deployment of internal enterprise tools across large enterprises, including cybersecurity focused efforts.
