Is WeChat safe? Understanding the privacy and security risks

WeChat is a mega platform created by Chinese tech giant Tencent that offers everything from messaging to making payments, booking appointments, and sharing photos. It boasts 1.3 billion monthly active users worldwide who use it as a daily tool. However, according to Forbes, WeChat may be unsafe because it gives the Chinese government direct access to user data in the US. 

So, let’s understand how this app works and is WeChat safe to use.

How WeChat works

WeChat is one of the most popular ways for people to connect in China, but the app is more popular because it provides a variety of features within one platform, such as:

• Instant messages: provides instant text, voice, and video messaging features in one app;
• Social networks: offers a feature just like Instagram for sharing photos and updates;
• WeChat Pay: integrated mobile payment system for making payments in physical stores and online by scanning a merchant’s QR code with WeChat;
• Mini programs: lightweight apps within WeChat for services like shopping and booking;
• Group chats: create group chats for multiple users;
• Public services: provide access to government services and information through official accounts.

WeChat is far more than just a messaging app in China — people use it to do everything from ordering food and calling taxis to paying bills and scheduling doctor’s appointments. 

In China, you can simply open WeChat to pay at most stores by scanning a QR code, just like using cash or a credit card. The app also lets you follow news accounts, play games with friends, and even apply for government services. 

It’s so deeply woven into Chinese society that it’s common for businesses to ask for your WeChat contact instead of a phone number or email. Many people rarely use other apps or carry a wallet since WeChat handles most of their daily needs all in one place.

But how does WeChat manage all this data for such a huge user base? It primarily stores this data on Tencent’s cloud. However, due to Chinese laws and regulations, government authorities can access user data if required for security or law enforcement purposes.

Privacy concerns surrounding WeChat

Since WeChat collects extensive user data, a lot of people wonder is WeChat safe. So, I’ll go into a bit more detail to help you understand some of its biggest privacy concerns:

• The amount of data collected: it collects user contacts, messages, location data, and even payment transaction details. According to the platform’s policy, they collect this data to improve user experience and provide tailored services. But, not everyone can feel comfortable with it because users may wonder how the company will use this data;
• Government surveillance: strict Chinese laws require tech companies like Tencent to comply with government requests for data access. This creates privacy risks for users, as their personal information can be subject to government scrutiny. Citizen lab researched and found out that WeChat communications conducted entirely among non-China-registered accounts are subject to pervasive content surveillance;
• End-to-end encryption: WeChat uses some encryption methods to protect data during transmission, but without end-to-end encryption, your messages can potentially be accessed by Tencent or government authorities. For example, WSJ reported that Chen Shouli, a construction supervisor in Puyang, China, was detained by police for five days after telling a joke in a WeChat chat group alluding to a senior government official. This also increases concerns regarding the confidentiality of user communications on the platform.

WeChat’s security vulnerabilities

Data collection and government surveillance aren’t the only privacy concerns regarding WeChat. CitizenLab researched and reported serious security weaknesses in WeChat’s custom cryptography. Let’s understand these:

Lack of transparency

WeChat is infamous for its lack of transparency regarding user data protection. Its privacy policy claims that it does not store chat data. However, Citizen Lab conducted research and found out that it monitors users’ chats, and both the monitoring and censorship happen in secret, without transparency to users. This secretive monitoring leaves users wondering how their private conversations are handled.

Third-party risks

Nobody wants to be a victim of unwanted target advertising when their data is compromised and given to third-party platforms. WeChat users have also raised issues about this problem due to its integration with various Mini Programs and services. Many of these Mini Programs handle sensitive data like health and financial information.

WeChat automatically enrolls all Mini Programs into its analytics and data collection programs without providing users or developers a choice. This increases the amount of data that may be shared with advertisers or external companies and exposes the public to potential data breaches or misuse of sensitive information.

Account hacking

Many reports have been published that indicate WeChat accounts are prone to hacking, with incidents where users have experienced unauthorized access to their accounts. 

For example, in 2024, WeChat experienced a security breach — where a group known as NinjaDefender hacked the platform, leaking sensitive user data. Because of this, those affected by the breach were advised to take precautionary measures on platforms like WeChat. 

Although WeChat uses certain security measures, this does not prevent the possibility of messages being accessed on WeChat’s servers. The Citizen Lab conducted research and found that even communications between non-China registered accounts were used to train China’s censorship algorithms. This indicates that user data could be exposed in ways that may compromise privacy and security.

How to protect your data on WeChat

If you’re worried about your safety on WeChat, relax. I have some tips that you can follow to get a bit more privacy while using WeChat and protect your data from possible security vulnerabilities:

• Be cautious with sensitive information: Avoid sharing your home address, credit card details, or other sensitive data through messages or WeChat’s Mini Programs, as these are not entirely private;
• Review permissions: WeChat needs certain permissions to work, but checking what it’s accessing regularly is a good idea. Go to your device’s settings and make sure WeChat doesn’t unnecessarily access features like your location or contacts. This minimizes data collection and keeps your details more private;
• Use strong passwords: a unique, complex password is your first defense to avoid getting your WeChat hacked. Enable 2FA (Two-factor Authentication) to make it more challenging for anyone to access your account without permission;
• Avoid public Wi-Fi: don’t use open Wi-Fi networks when using WeChat in public places to prevent data theft. If you need public Wi-Fi, consider using a VPN like Surfshark to encrypt your connection. This will add a layer of security and protect your conversations, including personal details, from malicious actors;
• Limit Moments visibility: this feature is great for sharing updates, but it’s wise to adjust who can see your posts. You can set privacy preferences so only close friends or family can access your moments. This will prevent your updates from being shared with a broader audience than intended;
• Use WeChat’s privacy mode: you can control who can find you through your phone number or WeChat ID. This limits unwanted contacts from reaching out or viewing your profile;
• Beware of scams and unknown contacts: scammers sometimes use WeChat to pretend to be your friend or offer investment opportunities. So, don’t accept friend requests from strangers, and avoid clicking on unfamiliar links or attachments to prevent phishing and malware attacks;
• Limit Mini Programs usage: WeChat’s Mini Programs can be fun and valuable but usually come with extensive data collection permissions. Use only those programs that are from trusted sources to reduce potential exposure to data tracking;
• Log out on shared devices: if you ever use WeChat on a shared or public device, remember to log out afterward. This will prevent anyone else from accessing your account and personal information;
• Consider a secondary device: if you rely on WeChat for important connections but want to keep your primary device secure, consider using a secondary phone dedicated to WeChat. This will limit the app’s access to your primary device’s data and contacts.

Alternatives to WeChat

Although WeChat offers many features you wouldn’t find in any other social networking platform, several other alternatives provide more security and privacy. Here are a couple of them:

• Signal: known for its strong commitment to privacy, Signal offers end-to-end encryption on all communications, including text, voice, and video calls. It doesn’t collect user data or metadata and is highly regarded by privacy advocates. It’s also open-source, so its code is transparent and regularly audited by the security community;
• LINE: a popular messaging app that originated in Japan in 2011. Known for its colorful stickers and cute characters, LINE has grown into a versatile communication platform offering free messaging, voice calls, and video chats. While it started as a simple messaging service, it has evolved into an all-in-one platform that includes mobile payments, news, and entertainment services. 
• WhatsApp: provides end-to-end encryption for all messages, calls, and shared media. However, it collects some metadata and shares data with its parent company, Meta. It may be suitable if you need a widely used app with solid security features, though it isn’t as privacy-focused as Signal.

While these apps offer more privacy-focused features than WeChat, it’s important to note that they are not without their own potential security risks. We have highlighted some popular alternatives, but you should carefully consider each app’s privacy policy and security practices before choosing.

Is WeChat worth using?

After learning about the privacy and vulnerability issues of WeChat, you’re probably wondering whether to keep it on or uninstall it. So, here are some things to consider:

If you have strong ties to China, switching may be challenging since WeChat is ubiquitous there. It integrates chat, payments, news, and more in one app. Many businesses, social connections, and government services in China are accessed almost exclusively through WeChat, so it is an essential app for many.

However, apps like Signal or Telegram provide stronger privacy protections for users. So, if you’re not based in China, switching to a different application can be more beneficial, as it may secure your data and reduce exposure to surveillance.

If privacy is your primary concern and you don’t need the added services WeChat provides in China, moving to an alternative platform could be a better fit. However, if WeChat’s ecosystem is part of your lifestyle or work, strict security practices can help balance connectivity with security.

Use WeChat on public networks with a secure VPN

Due to Chinese data-sharing regulations, WeChat is subject to government monitoring, lacks end-to-end encryption, and collects extensive user data. Your personal information is also accessible to third parties and hackers. 

To avoid this and get an additional layer of privacy while using WeChat on public networks, use a reliable VPN like Surfshark to reroute your traffic and mask your IP. If you’re highly concerned about data security, you can opt for alternatives that offer stronger encryption and data privacy.

Keep your data private

& use Surfshark for better security

See pricing