Super-app Security Scandals: Meituan-Dianping and Wechat

Recently Meituan-Dianping and WeChat both came under fire for privacy and security related scandals.

It was reported that users of Dianping, the yelp-like service rating app, found their personal information leaked after logging in with their WeChat accounts.

Users became automatically connected with their Wechat friends on the Dianping app after logging in with Wechat. The connection meant that information on their past transactions at restaurants, attractions, hotels and other services as well as all their postings on the platform were shared unreservedly with their WeChat friends.

Dianping’s announcement.
Dianping’s announcement.

As a response to user complaints, Dianping announced on July 9 a new feature in the app to stop all social media connections with one tap. The practice, however, lead to the criticism that users privacy is always last on the minds of the application developers.

A recent case of WeChat follows a user surnamed Huang from southern China. Huang mistook one of his WeChat contacts as his cousin as they shared the same WeChat alias and transferred 80,000 yuan ($14,000) to the wrong man. When Mr. Huang realized his mistake, he had already been blocked by the individual and couldn’t get in touch.

Transfer UI of Wechat
Transfer UI of Wechat

He took the case to WeChat but they also lacked personal information on Huang’s contact. The WeChat team later told Chinese media that they have already established contact with Huang and are already cooperating with the police to resolve this issue.

Incidents like this reveals flaws in the design of the WeChat payment security system. It is suggested that more account or personal details should be required for the transferring of large amounts of capital.

According to Chinese central bank’s requirements for preventing telecom fraud, many banks allow customers to apply for revocation of transfers within a limited amount of time. China’s largest payment platforms of WeChat and Alipay, however, cannot reverse the action once the transfer has been initiated.

Featured Image Source: appknox.