Anyone know if there's been any sort of security audit for WeChat? I'm basically forced to use it and I'm sure the Chinese government must've put some kind of backdoor in it.
At my last job, about 2/3 of the company was in the US and 1/3 was in China. Members of the China IT and Developer teams were always trying to get the US teams to put WeChat on our phones so they could send us questions and we always refused. They thought it was because we did not want them to send us questions after hours, but someone finally told one of the China Developers, while they visiting a US office, that no American would put WeChat on their phone because Americans considered everything WeChat handled to be accessible by the Chinese government. We did not want our calls and messages to be spied on by the Chinese government. We would not even tell them that over the phone because Americans just assumed that the Chinese government listens in on all calls to China.
I think your concern was appropriate, but it reminds me of the corresponding view that many people have that communications software developed in the U.S. will inevitably have backdoors for the U.S. government. That view feels reasonable to them because they know the U.S. government is also extremely aggressive about surveillance capabilities.
I find it sad that we're in an environment where assuaging these concerns can be a complicated and difficult undertaking, and even trying to understand the landscape is a big challenge. Lots of people see it as risky to use technology developed in another country, and while some particular fears and theories are overblown, it's hard to dismiss the overall concern.
The US tries to keep its surveillance secret. Seems to me that this makes it unlikely that they'll backdoor apps, because random hackers might reverse engineer the apps and discover and publicize the backdoors. Instead, the US backdoors communications lines and data centers, or uses existing security holes to break into targets.
China doesn't keep its surveillance a secret. They don't go out of their way to publicize it, but they don't seem to care if people know it's there. A backdoor in an app would fit their style better.
I'm curious if they'd take a similar position about using phone calls/SMS or any non-encrypted HTTP communication to UK which are 100% being intercepted.
Besides the fact that on android, the app requires what appears to be every single permission, be aware that all companies dealing in media have a designated Party official liaison who usually sits in the office and has more decision power than the editor in chief.
Based on my experience working and developing in China, I would say I can all but guarantee that the Chinese government is viewing and editing all data as it pertains to wechat. All chatlogs, all private conversations, all financial transactions, all GPS coords for checkin locations, all of it. They may not be doing anything with it, but it's being stored.
I'm aware of incidents of the government deleting my posts and messages. When students in Hong Kong were having a riot over I believe last summer I sent messages and posts, privately and publicly.
My public posts on my discovery wall were removed and my private messages were also deleted. My fiance also noticed lots of generic pro-government messages in her feed at the time.
I don't believe there is a back door, just a connected office.
Any such back door would be best implemented in the WeChat back-end servers. You'd never find it by analysing the client app or the communications to and from it.
But then the problem is that some apps bug you for location access every half hour (I'm looking at you, WhatsApp) because they don't realize they're being blocked.