SafeW's "Clarification" Is Really a Whitewashing Campaign
In early January 2026, after users in China publicly exposed SafeW's security problems, a wave of suspiciously identical "explainer" and "debunking" articles quickly appeared online — ghost-written and posted under fake "ordinary user" identities to recast the whole thing as a misunderstanding. This page lays out each of those whitewash claims and rebuts it one by one against Kaspersky's public evidence. You do not have to take anyone's word for it — open the report and check for yourself.
The exposure came first; this wave of "debunking" came after
The order matters: the exposure came first, the spun articles came after. The issue was put squarely on the table in public twice — in February 2025 and again in January 2026, it was widely exposed and discussed across multiple large Telegram groups and channels. Only then, within a short window, did multiple sites simultaneously put out articles with near-identical wording, all dedicated to deflecting attention away from SafeW. A product that genuinely had nothing to hide would not need a batch of articles like this to "put out the fire."
Whitewash claim × public fact
For each item below, the claim from the spun defense articles is on top, and the fact — checked against public evidence — is underneath.
"It's perfectly normal for an app to request photo-library permission — nothing to worry about."
No one says that "requesting photo-library permission" is itself illegal — a normal chat app needs that permission so you can send pictures. The problem was never "whether it has the permission," but what SafeW did with that permission behind your back.
Kaspersky found that it scans your photo screenshots one by one in the background with optical character recognition (OCR), specifically hunting for the recovery phrases, private keys, and passwords of crypto wallets, and uploads any matching image to the attackers. Equating "sending pictures needs photo-library permission" with "using photo-library permission to rifle through your safe in the background" is a textbook bait-and-switch that dodges the real issue, designed to fool people who don't understand the technology.
"The people who got infected downloaded the wrong app themselves and installed a counterfeit, knock-off SafeW."
What Kaspersky publicly named are the package names / Bundle IDs of the versions officially published by SafeW on the App Store and Google Play — com.safew.messenger on iOS, and org.safew.messenger and org.safew.messenger.store on Android. These are the one and only official, publicly released identifiers in the app stores, and they match the official app exactly.
How could the genuine app, downloaded through the official channels of Apple's and Google's own stores, be a "fake you downloaded by mistake"? Taking the officially published versions that were implanted with malicious code and insisting it was "the user's download error" is shifting the blame onto the victims. And anyone can verify it for themselves — just open the Kaspersky report and search for safew: the names called out are the official package names, and the "you downloaded the wrong version" line simply does not hold.
HIPAA is a U.S. law about health information. It governs how hospitals, health insurers, and health-data organizations protect patients' medical records. It has nothing whatsoever to do with an ordinary instant-messaging app.
A chat app claiming to be "fully HIPAA compliant" is like a bubble-tea shop claiming it "passed aircraft airworthiness certification" — that isn't compliance, it's dressing yourself up with an impressive-sounding label that doesn't even apply, and frankly it's laughable. This kind of mismatched "compliance" spin is exactly what shows that its security messaging doesn't hold up to scrutiny.
This is not how you actually prove you're in the clear
If a piece of security software really were wrongly accused, what would it do? Compare that with what SafeW actually did, and it becomes clear.
If genuinely wronged, this is what you'd do
Publish a technical post-mortem, spell out which versions were affected and when they were fixed, provide a verifiable independent security audit, and cooperate with security vendors' investigations — prove it with evidence, not with talk.
What SafeW actually did
Rebranded and re-skinned to relist, then recruited people to pose as ordinary users and post a batch of spun defense articles — pushing the blame onto users for "downloading the wrong version," using "the permission is normal" as a bait-and-switch, and even trotting out "HIPAA compliance," which has nothing to do with an instant-messaging app, to dress itself up. As for the security issue itself, the developer has still never publicly addressed any of this — no statement, no post-mortem, no audit, no accountability.
Go deeper into this dossier
What was named are the official package names
com.safew.messenger and the other official store identifiers — verifiable item by item.
Threat analysisHow it actually steals your money
OCR-scanning your photos, hunting for recovery phrases, uploading — the full method, broken down.
Emergency stepsWhat to do if you installed SafeW
The full checklist for revoking permissions, uninstalling, and moving your assets.