Can Your Company See WeChat Chat Content? A Technical Analysis of Web and Mobile WeChat Protocols

The author was asked whether a company can see the content of WeChat chats when employees use the corporate network. The investigation reveals that WeChat uses private protocols that appear as raw byte streams to protocol analysis tools, making direct content extraction difficult.

For the web version, the author used a man‑in‑the‑middle tool (Fiddler) to intercept SSL/TLS traffic. By installing a forged root certificate, Fiddler can decrypt the HTTPS stream and reveal the chat messages, as demonstrated by screenshots of the captured content.

In contrast, the mobile app does not use HTTPS; it communicates over plain HTTP with proprietary encryption. The captured HTTP headers are readable, but the body appears as an incomprehensible byte stream, and the tool fails to display any chat text.

Further analysis shows that the mobile app uses TCP with a private protocol, employing either a long‑connection (TCP + private protocol + MMTLS + business layer) or a short‑connection (TCP + HTTP + MMTLS + business layer). The short‑connection is for backward compatibility, while the long‑connection is a fully private implementation that Fiddler cannot decode because it only captures HTTP/HTTPS.

The author explains MMTLS, a simplified version of TLS 1.3 used by WeChat, which removes client authentication and retains only server authentication via a pre‑installed ECDSA public key. This key validates the server’s identity, preventing tools like Fiddler from spoofing the server.

WeChat also embeds a static ECDH public key, enabling 0‑RTT communication by allowing the client to compute the pre‑master and master keys locally without additional round trips.

Because the mobile client strictly verifies the server using the embedded ECDSA key, any attempt by a MITM tool to replace the server’s certificate will cause the app to reject the connection, making the mobile chat effectively unreadable to the company regardless of network type.

Final conclusions: (1) When using WeChat Web on a corporate network, the company can see the chat content; using a 4G network prevents this. (2) When using the WeChat mobile app, the private protocol and embedded cryptographic keys ensure that the company cannot see the chat content on either corporate or 4G networks.