Some key aspects on how to safely use WeChat from BtCIRT

Using WeChat Securely

One of the widely used social network apps in Bhutan is WeChat. It has permeated through almost all corners of the country where 3G service is available because of its simplicity and cost effectiveness with which communication can take place. Due to this size of user base, it has become a target for misuse and abuse. Quite a number of cases of compromised WeChat accounts have been reported. Technically, it is a secure app with password protection and phone number validation controls. But there are few simple habits a user has to adopt in order to ensure safety of an account. Here are some suggestions that can save your WeChat account from getting compromised.

Secure password

Make sure u take some time to set a strong password. Ideally it is recommended to have a password which is 10-12 characters long. However, you can be safe by setting the length to at least 8 characters with combination of letters, numbers and special characters like symbols. This can, in most of the times, overcome password guessers and crackers.

Sign out when you are done

By default, you continue to remain signed in even after you close the WeChat app. If you lose your phone, the app will be accessible if you have not logged out of it. Someone could then send any kind of messages or post information from your account. You fall at the mercy of the perpetrator’s imagination to hurt you. This applies to all other password protected apps. Therefore, you should always logout when you’re finished using the app. In WeChat you can do this by tapping the Me menu, followed by Settings, and finally, selecting LogOut. Doing this every time may seem inconvenient but getting compromised is a far greater inconvenience.

Privacy settings

After you successfully register yourself on WeChat, then the first thing you should do is the review your privacy settings. You can do that in Me > Settings > Privacy. If you navigate to “Add me as a Friend” under Privacy, you will be able to control how you can be searched on WeChat and be added as a friend by other users. You don’t want your profile to show up in any random “People Nearby” searches launched by any random users as you can be subjected to abuse and exploitation. You can also block users that you don’t want to be concerned by. There are no restrictions or mandatory features that need to be enabled here, so you can configure the privacy setting as you need.

Avoid using the WeChat “Shake” function.

On WeChat you can find people anywhere by just shaking your phone. You can then interact with them with greetings and other messages. However, the messages that you receive could be automated ones, which could get you subjected to spam or undesirable ads/propaganda. Worse, you could also be duped into unwittingly sharing private information like passwords via phishing links. Unlike users found through “People Nearby” searches, it is near impossible to ascertain the whereabouts of a user as he/she could be living outside your country. Even if you manage to determine it and you choose to legally pursue the matter, you could only get yourself caught in legal complications due to discrepancies between local and foreign laws.

Take a moment before you send a message.

Once you send out a message you relinquish all control over it to the recipient. One can share it to whoever they want. You can never undo this situation and it can come back to bite you. You can delete messages at your end but it is impossible to guarantee it’s off the network.


WeChat messenger is extremely popular in Bhutan pervading all walks of life. It is one of the influential factors that has contributed to increased smartphone users and internet subscription in the country. It is a great app and it has changed the ways of living and communication. However, many people globally, have expressed concerns over security and privacy of user data. Therefore, it is very important that users understand these cyber threats and always adopt good habit of securely using the app.