WeChat Android Phone Missing Attachments  


I have been asked by a client to find out answers to some of the following questions. We performed collection of WeChat data using APK Downgrade via Cellebrite on an Android device and we weren’t able to get any attachments to the messages. I reached out to Cellebrite Support but I figured it couldn't hurt to see if you all have any experience with it and can provide some answers/guidance.

1. If we used some method/tool other than Cellebrite, could we get attachments from Android phones?
2. Could we open this users account on an iPhone to get the missing attachments?
3. Do attachments expire/disappear from the phones after a period of time?

Appreciate any insight you all have. I believe Belkasoft has a WeChat module so i reached out to them for more information.

Whats to say the attachments were stored on the phone.

1. Always dual tool to see the differences in tools
2. Always manually verify the download against the handset. I would recommend opening the Wechat app on the phone and looking at the settings for storage values and also the chats to see if the attachments are present. Then you will get your answer.
3. It is possible, but i doubt it with this app.

Its more than likely that attachments were not stored to the device.

Thanks Dan for those curious i did some testing and found some answers

1. If we used something other than cellbrite, could we get attachments from Android phones? Checked with Belkasoft and it requires a physical image (root). Cellebrite doesn’t have a solution. Also reached out to MSAB (XRY) if they have a solution (haven’t heard back yet)
2. Could we open this users account on an IPhone to get the missing attachments? Logging into another iPhone doesn’t transfer the conversations
3. Do attachments expire/disappear from the phones after a period of time? I don’t see any option within the GUI to set an attachment disappear or expire.

My team has come up with a proposed solution that seems promising. Use the WeChat desktop APP and create a backup local to the PC of all messages/attachments on the android. You can then restore the data to a brand new iPhone and then use Cellebrite to collect. You will then have all the decoded messages / attachments.

You can also restore this to an Android device that you can either perform a physical extraction on / already rooted in order to do so.

Hope this helps someone in the future.

