The app, with over 1 billion monthly active users worldwide, is known to censor its users in China to ensure content falls within topics deemed acceptable by the Chinese Communist Party.
The report, however, found that communications between users outside of China are also monitored to help refine the app’s censorship algorithm for its users in China.
The findings revealed that overseas users are subject to “pervasive content surveillance that was previously thought to be exclusively reserved for China-registered accounts,” Citizen Lab said.
Around 100 million people hold WeChat accounts registered outside of China, according to Munich firm Messenger People.
Inside China, the app offers a multitude of services ranging from chatting, shopping, marketing, banking to booking movie tickets and taxis.
Feeding a Censorship Apparatus
The report found that WeChat will screen images and documents that overseas users share with each other to build up a database it uses to censor its China-based accounts.
The researchers reached these finds based on experiments conducted between November 2019 and January. They set up two group chats: one containing only overseas users, and another containing overseas users and one China-registered account.
They found that when they sent politically sensitive images and documents in the chat solely containing overseas users, shortly after those files would be censored for China-registered users.
WeChat also retains data of the files that users delete in the app and therefore never received by the other party, the researchers found.
“[N]one of the information WeChat makes available to users explains the rationales for such surveillance,” the report concluded, noting that WeChat’s data protection staff never fully addressed the researchers’ questions regarding the company’s data handling practices.
Tencent, Shenzhen-based tech giant that owns the app, said in a statement on Friday that “with regard to the suggestion that we engage in content surveillance of international users, we can confirm that all content shared among international users of WeChat is private.”
While further technical analysis is necessary to determine if the same red flags are present among other Chinese firms, it’s “plausible that other platforms use surveillance similarly,” according to Jeffrey Knockel, a postdoctoral fellow at the institute who co-authored the report.
He suggested that privacy regulators could issue fines to companies for misleading users. In Canada, residents could also complain to federal privacy regulators who could “provide non-binding recommendations for how the company must modify its services,” Knockel told The Epoch Times.
Concerns Around Chinese Apps
The report adds to a growing chorus of criticism over the censorship and data handling practices by Chinese social media platforms.
In a March report, Citizen Lab found that WeChat in China actively censored discussion on the outbreak from January. It identified 516 keyword combinations directly related to the virus on a WeChat blacklist, including references to the whistleblower doctor Li Wenliang, who died of the disease.
In late April, Sens. Ted Cruz (R-Texas) and Josh Hawley (R-Mo.) introduced a bill, titled “Countering Chinese Attempts at Snooping”, which aims to ban federal employees from using tech platforms that are subject to control of the Chinese Communist Party. Tencent is one of the Chinese companies on the list.
“Companies like Tencent and Huawei are espionage operations for the Chinese Communist Party, masquerading as telecom companies for the 21st century,” Cruz said in a press release. He added that stopping taxpayers dollars from contributing to these platforms are “common sense measures to protect American national security.”
Rep Jim Banks (R-Ind.) recently also introduced a resolution to warn about the national security threats posed by popular Chinese video-sharing app TikTok, saying “Americans should know which is which before they hit the download button.” The U.S. military had banned its personnel from using the mobile app on government-issued phones in January.
Zoom, which exploded in popularity as a convenient conferencing tool as millions of Americans work from home, has also drawn scrutiny over privacy and security concerns in recent weeks. The company is based in the United States, but owns three companies in China that develop its software.
On April 3, a group of 19 House lawmakers collectively signed a letter raising concerns over the company’s data collection practices. Zoom also faces a class-action lawsuit from its shareholder for overstating its privacy standards and failing to disclose its lack of end-to-end encryption.
During multiple test calls in North America in April, Citizen Lab researchers also observed the app to be sending data to servers in Beijing, raising security concerns about whether such data might fall into the hands of nation-state attackers such as the Chinese regime, the report noted. The company, however, said the data was mistakenly routed through China.
“Beijing theoretically could demand that the encryption keys for those calls be handed over for decryption by Chinese authorities, allowing them full access to the contents of those calls and the ability to listen in on supposedly private conversations,” Attila Tomaschek, data privacy expert at ProPrivacy, told The Epoch Times in a recent interview.