A flurry of appearances of unknown devices on user accounts has raised questions about WeChat’s privacy, as users wonder if some sort of unknown threat actor has found some kind of vulnerability in the system.
But the company insists that the problem is caused by certain device settings from the manufacturer. However, WeChat called this a “very likely” cause for the appearance of unknown devices, but did not confirm it. Users aren’t necessarily buying the explanation, with chatter on Weibo speculating that Chinese law enforcement is inspecting accounts using some kind of backdoor.
WeChat’s privacy status is in question as unknown devices connect to accounts
With over 1 billion monthly active users, WeChat is not only China’s largest instant messaging service, but also a “super app” that integrates mobile payments, VoIP calls, video conferencing and a a number of other features that use its “app within an app” functionality. . It has become almost essential for daily life in the country, as one of the two major widely accepted mobile payment systems and one of the country’s most active sources for news and public notifications.
WeChat privacy issues come from many users posting logins from unknown devices to their accounts, sometimes at very late and odd hours. WeChat responded to the complaints by saying it was “very likely” that the manufacturer settings of some devices were causing a false login record by another device; he argues that these mysterious recordings are just the user device misinterpreting as unknown devices, and that the late-night logins result from the app automatically extending the login to stay active.
The appearance of unknown devices is not the first privacy problem for tencent services
It’s at least theoretically possible that devices using “private resolvable random addresses” that periodically change the device’s MAC address on networks (a fairly common feature on smartphones) create false reports of unknown devices in the network. ‘application. However, it is difficult for users to take the company solely at its word on this WeChat privacy history and previous incidents involving parent company Tencent.
Just a year ago, another WeChat privacy issue arose when a Chinese tech influencer discovered that the app was using a new Apple logging feature to surreptitiously scan user’s locally stored photos back- plan every few hours. WeChat disabled the feature after a flood of user complaints.
Users place great trust in WeChat every time they start it. Apart from constantly tracking locations, it also maintains access to the camera and microphone due to the range of features beyond basic instant messaging. The messages are not encrypted in any way, and the company has been observed censoring them when they contain content that the government might find objectionable. In 2021, the company was also accused of arbitrarily shutting down hundreds of accounts that openly supported the LGBTQ+ community. WeChat is widely regarded as one of the least private communication apps in the world, earning that status long before unknown devices started popping up.
Tencent, however, has a negative reputation for privacy that extends far beyond WeChat. The issues run so deep that the Chinese government has occasionally gotten involved, freezing the rollout of new apps and updates at the end of 2021 to ensure the company complied with its tough new privacy laws. Public companies were restricted from using Tencent’s apps during this review period. Tencent has also encountered issues with its overseas operations, including with the popular online game League of Legends. Published by Riot Games, which is owned by Tencent, the game was criticized in 2020 for the discovery that its “Valorant” anti-cheat system is essentially a rootkit that could potentially send data back to servers to which the Chinese government has free access. .
Government action in the case of the mysterious unknown devices may depend on whether or not the government is involved. While all bets are off for privacy when the government wants something, companies are held to fairly strict standards and penalties have been swift and severe in recent years. The country’s personal information protection law and data security law were developed in large part because of a history of domestic tech companies playing extremely fast and loose with user data, including allowing users to to transmit them to third-party data brokers abroad.