GitHub, an Internet hosting service for software development and version control using Git, announced on December 19 that it has partnered with Tencent‘s social app WeChat to scan for their tokens and help secure their mutual users on all public and private repositories with GitHub Advanced Security.
Furthermore, Tencent WeChat tokens will allow users to verify Official WeChat Accounts and Mini Program developers, obtain sensitive information on business applications and can be used to verify merchant identities.
GitHub will forward access tokens found in its public repositories to WeChat who will then notify affected users. WeChat encourages users to delete leaked API tokens on GitHub and to create a new token on the WeChat Pay Merchant Platform or WeChat Official Accounts Platform.
As of June 2022, GitHub reported having over 83 million developers and more than 200 million repositories, including at least 28 million public repositories. It is the largest source code host as of November 2021. Service providers can partner with GitHub to have their secret token formats secured through secret scanning, which searches for accidental commits of their secret format and can be sent to the service provider’s verification endpoint.
Tencent‘s financial report for the third quarter of 2022 shows that the combined monthly active users of its WeChat app in China and global market are 1.309 billion, an increase of 3.7% year-on-year. This super app, which is about to enter its twelfth year, has become increasingly broader in its scope, covering functions like official accounts, payment, shopping, games, mini-programs, as well as video channels.
Recently, WeChat Keyboard, a Chinese input method, was releases to help address concerns about privacy protection. According to Allen Zhang, senior executive vice president of Tencent and president of WeChat Business Group, WeChat didn’t want to launch an input method app, but received many complaints from users that their chat records were stolen, because whatever they entered would see the corresponding advertisements. Zhang denied that Tencent employees will be fired for snooping on chat records, and WeChat does not save chat records in the cloud. Therefore, in order to better protect users’ privacy, WeChat has launched its own input method.