Finally they have let the cat out of the bag. While updating to Tencent-owned messaging app WeChat’s latest version users are greeted with a new privacy policy statement that confirms what has been suspected for sometime now: WeChat shares private user data with the Chinese government. This was first reported by The Epoch Times. Users who do not agree to the terms and conditions outlined in the privacy policy will not be able to access their WeChat accounts.

As per the new policy, the Log Data that WeChat collects to power its in-app advertising and direct marketing activities and other Personal Information that it collects can be disclosed:

  • To comply with applicable laws or regulations.
  • To comply with a court order, subpoena or other legal process.
  • In response to a request by a government authority, law enforcement agency or similar body (whether situated in your jurisdiction or elsewhere).

Log Data is collected automatically by WeChat using cookies, web beacons, log files, scripts and etags. So, what kind of information is collected as part of the Log Data?

  • Mobile carrier-related information, configuration information, IP address, and device version and identification number.
  • Information on what the user has searched for and viewed using WeChat, including web search terms used, social media profiles visited, content accessed or requested through WeChat, etc.
  • Information about people user has communicated with, including time, data and duration of communication.
  • Metadata, which is information such as time, date or location shared when a photo or video is posted using WeChat.

This isn’t surprising, because WeChat has long been criticised for not taking user privacy and data protection seriously. Last year, a survey conducted by Amnesty International ranked WeChat bottom of the pile in terms of protection of user privacy among the eleven most popular messaging apps in the world. While WeChat’s affinity towards the Chinese government became evident when it decided to filter and censor content related to a Buddhist/Tibetan event in India, in January this year. The app started blocking and not displaying messages containing the words Tibetan, Dalai Lama and Kalachakra (event name). In fact, as far back as 2013 it was known that WeChat censors sensitive words shared in the app, indicating that the company processes and monitors user’s shared data including chat messages, as reported by Tech in Asia.

Similar accusations against Xiaomi: In 2014, the Indian Air Force (IAF) had accused Chinese smartphone maker Xiaomi of spying on its users and transmitting user’s personal information back to Chinese servers. An alert note issued by IAF to its staff and their family members warned them against using any Xiaomi products, saying that the company was stealing not just their phone numbers and IMEI (device identifier) number, but was also accessing their phone calls and personal text messages. At the time, Xiaomi’s former VP of International operations Hugo Barra had told MediaNama that they do not collect any information without user permission. “Users will always be notified beforehand in situations when we require your personal information, and will have to approve the request.”