Should We Chat, Too? FAQ

This research reverse-engineers WeChat’s network encryption, revealing an inner Business-layer Encryption wrapped by an outer proprietary MMTLS layer; it identifies minor security issues (including a metadata leak exposing user account IDs at the Business-layer) but finds that MMTLS prevents practical exploitation and that overall network confidentiality remains intact, while noting WeChat is not end-to-end encrypted and servers can read message contents.