I haven't really seen anyone doing a decent security audit for WeChat though. Last time (2014) I tried digging into their third party API, I was put off by uses of MD5 as the preferred hash function. Does anyone know they have improved on the security front in the intervening two years?