WeChat: Data protection apparently stops at "political boundaries

The Chinese IT company Tencent is diligently collecting data via the WeChat app and is apparently not stopping at European users either.

This article was first published at ITK SECURITY.


Last updated 1 year ago by Patrick Ruppelt

Reading time: 3 minutes

The Chinese internet group Tencent operates the well-known WeChat App1) as the Asian counterpart to WhatsAppif you will. The big difference to applications that we know in the western world are probably undisputedly the State monitoring functions and the Censorship be.

Besides familiar functions such as chat and video telephony, WeChat is also regularly used in China to make payments or call a taxi. In China, it is "normal" to do all this via WeChat. So popular, in fact, that even German companies like the Munich-based payment service provider Wirecard are jumping on this bandwagon2).

In times of Corona, WeChat therefore lends itself to the Extending surveillance even further. Within the WeChat app, another "mini-app" has been built in, with which Body temperature questions, conspicuous symptoms and Whereabouts of the past weeks be processed3). What is particularly succinct is that the app naturally also accesses location and environment data and even the Mobile phone camera has. To what extent do authorities Data collection The fact that the government will be able to stop the Corona epidemic again is seriously doubtful.

However, the app is not only used in China, but worldwide. As the researchers from Citizen Lab have now discovered, the manufacturer Tencent does not limit itself to the Chinese market when collecting all this data.4). "The US broadcaster CNBC reports that the foreign user accounts, although not censored, were monitored. The data collected in this way was then apparently forwarded to China in order to use the database there for Tencent's censorship in the home market. to improve", writes the editorial team of finanzen.net5).

A legitimate legal basis for this cannot be directly identified. The manufacturer points out that it relies on the EU standard contractual clauses.6). Ah yes. So actually you can't rely on it, but if you have nothing else to show then it would be the last nail in the coffin to submit to such clauses. The translation from Chinese seems to have got a bit mixed up. The evil of it is to be feared.

In itself, it would be expected that the Data protection supervisory authorities of the Länder and of course the European data protection supervision would take on such issues first and foremost.

However, as we can see from the case we reported Italian police fine collectors post photos and data on the internet without password protection7) nothing happens within Europe.

So we no longer expect Europe to consider doing anything against Chinese mega-corporations.

List of sources

↑1 https://www.wechat.com/en/
↑2 https://www.wirecard.com/payment-base/wechat-pay
↑3 https://www.nzz.ch/wirtschaft/china-setzt-auf-tracking-app-bei-wiederaufnahme-des-schulbetriebs-ld.1554340
↑4 https://citizenlab.ca/2020/05/wechat-surveillance-explained/
↑5 https://www.finanzen.net/nachricht/aktien/fuer-zensur-in-china-tencent-hat-wohl-auslaendische-nutzer-von-wechat-ueberwacht-8857958?utm_campaign=browser_notification&utm_source=desktop
↑6 https://www.wechat.com/de/privacy_policy.html
↑7 https://www.itk-security.de/italienische-bussgeldeintreiber-der-polizei-stellen-fotos-und-daten-ohne-passwortschutz-ins-internet/