I live in Canada. My girlfriend is Chinese (also living in Canada), and while we are able to communicate via SMS, her mobile carrier isn’t the best, and so there have often been issues for us with regular texting. She expressed a strong preference to use WeChat, at least as a backup option for when texting fails us. While I have some pretty significant reservations, it’s not the hill I want to die on. So my question is: what can be done to use WeChat without compromising my whole phone? I’m okay with it if our conversations aren’t private, but I’d like to know that I’m not giving unfettered access to all of my phone’s systems and data to the CCP. What can be done to limit the reach of this ubiquitous app on my device?
Use an old phone for it?
Why not another app, such as one that offers end to end encryption?
Shelter?
Yup, that’s what I’ve ended up doing. It wasn’t on my radar before making this post, so I’m thankful for everyone who suggested it.
Maybe meet in the middle? If she’s willing to put up with SMS for you, I think she’ll be fine with Signal.
Basically 2 options: A work profile or a separate Android user profile. I’d definitely recommend the latter, as it has much stronger isolation. Some vendors like Samsung disable user profile support though. A work profile is still better than nothing.
Probably not the solution that you are looking for, but maybe try Signal? It’s better than SMS, WeChat, WhatsApp and most other messengers. Unlike stuff like WhatsApp and SMS, Signal can even be used in China, because it has a built-in censorship circumvention system which uses special TLS proxies or can even be used over Tor.
Signal can even be used in China
I had no idea! I’ll definitely talk to her about this.
This feature only exists, because the people behind Signal actually care about freedom and want to help their users. Unlike WeChat, Signal is not built by any government to spy on people, and unlike commercial messengers like WhatsApp and Facebook Messenger, it’s not built by a corporation that wants to extract money from their users by selling their data. It’s a non-profit organization, created by people who are dedicated to make the world more private and secure. Just keep that in mind when choosing a messaging app.
I’m well aware of what Signal is. I just didn’t realize it could go through the Great Firewall.
You can put it in a work profile and trust that Android is protective enough to keep your data safe and access limited. Otherwise buy a second phone just to put WeChat on it. Don’t know how WeChat works, but if it’s like Whatsapp then you don’t need to bother with a secondary number.
That’s an oxymoron. Apart from having a dedicated device, you can’t really sandbox the app since it requires basic permissions to function that give access to core phone functions. See https://reports.exodus-privacy.eu.org/en/reports/com.tencent.mm/latest/
You can try to limit permissions of some features that you don’t intend to use.See Exodus…
Hard for me to take anything they say seriously when they say Facebook does not contain any trackers:
We have not found code signature of any tracker we know in the application.
https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/
Edit: I’m not saying WeChat is clean, just that I don’t exactly trust Exodus for tracker reporting.
If you actually bothered to read, you would know that it shows 0 trackers because Facebook doesn’t embed their trackers in the SDK, and inject them later once you grant them the permissions to the device, exactly the same way WeChat does.
If you actually bothered to read…
I did read, and it changed nothing about what I said. Let’s revisit: did it detect Facebook, which I think we can all agree is invasive, as having trackers? No? The “why” of it doesn’t seem particularly relevant as we are just looking for trackers in apps.
https://discuss.grapheneos.org/d/9358-using-apps-with-known-trackers-with-no-google-play-services/6