WeChat Found Scanning User Photos in the Background as a Routine

• A tech influencer published proof that WeChat is accessing unexpected user personal data.
• They posted screenshots of activity logs showing how the app was scanning user photos. 
• This shows that Tencent's apps still have issues approaching its users' privacy.

A discovery was published recently, revealing how WeChat periodically scans user photo albums, which means Tencent's app is accessing private data without requesting permission. The proof was posted on Weibo by a tech influencer named Hackl0us, and it consisted of screenshots from Apple's new "Record App Activity" feature in iOS 15.

The user goes on to tell how a friend turned on the new iOS 15 feature to monitor all apps for seven days, and that is how they discovered that WeChat, QQ, Taobao, and other Chinese apps constantly scan user photo albums in the background, even without the app being in use in the moment of the scan.

This looks like over-requesting, considering some of the apps mentioned above are reading even while the user is sleeping. Besides, this needless activity occupies RAM and consumes the phone's battery.

They also offer a few steps to solve this privacy issue, at least partially, from the WeChat Settings page:

• Drop down to find "WeChat" > Album, then change "All Photos" to "Selected Photos" or "Not Allowed". Adjusting or turning off this permission can limit or prevent WeChat from reading the album to the greatest extent.
• Turn off the "Background App Auto Refresh" switch. It will not affect WeChat's push function, and it will not prevent WeChat from reading albums, but it will terminate WeChat when it is not running at all.
• Check other permissions - you should turn off: local networking permissions if you don’t back up your chat history through your computer, location permissions if you don’t share location frequently, and Bluetooth permissions if you don’t use a mini-program to unlock shared bikes on WeChat.

They go on and recommend offering minimal permissions for other domestic apps as well, by cutting off things that specific apps don't use, like location tracking or the background automatic refresh function. In the end, they challenged the Tencent WeChat team to explain themselves.