WeChat Found Scanning User Photos in the Background as a Routine

  • A tech influencer published proof that WeChat is accessing unexpected user personal data.
  • They posted screenshots of activity logs showing how the app was scanning user photos. 
  • This shows that Tencent’s apps still have issues approaching its users’ privacy.

A discovery was published recently, revealing how WeChat periodically scans user photo albums, which means Tencent’s app is accessing private data without requesting permission. The proof was posted on Weibo by a tech influencer named Hackl0us, and it consisted of screenshots from Apple’s new “Record App Activity” feature in iOS 15.

The user goes on to tell how a friend turned on the new iOS 15 feature to monitor all apps for seven days, and that is how they discovered that WeChat, QQ, Taobao, and other Chinese apps constantly scan user photo albums in the background, even without the app being in use in the moment of the scan.

This looks like over-requesting, considering some of the apps mentioned above are reading even while the user is sleeping. Besides, this needless activity occupies RAM and consumes the phone’s battery.

They also offer a few steps to solve this privacy issue, at least partially, from the WeChat Settings page:

  • Drop down to find “WeChat” > Album, then change “All Photos” to “Selected Photos” or “Not Allowed”. Adjusting or turning off this permission can limit or prevent WeChat from reading the album to the greatest extent.
  • Turn off the “Background App Auto Refresh” switch. It will not affect WeChat’s push function, and it will not prevent WeChat from reading albums, but it will terminate WeChat when it is not running at all.
  • Check other permissions – you should turn off: local networking permissions if you don’t back up your chat history through your computer, location permissions if you don’t share location frequently, and Bluetooth permissions if you don’t use a mini-program to unlock shared bikes on WeChat.

They go on and recommend offering minimal permissions for other domestic apps as well, by cutting off things that specific apps don’t use, like location tracking or the background automatic refresh function. In the end, they challenged the Tencent WeChat team to explain themselves.

REVIEW OVERVIEW

Latest

Mob Psycho 100 Season 3: Release Date, Teaser, Poster and Where to Watch!

Mob Psycho 100 season 3 has finally been confirmed by the series’ official Twitter account, along with the release of a new...

GPSD Bugs Set to Roll Back Clocks to 2002 on Sunday

A GPSD bug will make apps roll back to 2002 on Sunday, 24th November 2021.The bug comes from a mistaken code put...

Ransomware Attacks Perpetrated via Vulnerability in BillQuick Billing Software

A critical vulnerability that allowed remote code injection was discovered in multiple versions of the relatively popular BillQuick billing software.The exploit comes...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari