Exclusive Interview|CaoLiao QR Code's Journey in Building a Content Security System
Original: https://cli.im/article/detail/2062
Note: WeChat Coral Security is an official communication platform from Tencent, dedicated to in-depth exploration of internet content security systems, promoting security knowledge, and collaborating with the industry to discuss methodologies and experiences in content security, fostering healthy development within the WeChat ecosystem.
QR codes now permeate every aspect of life—scanning to ride public transport, access webpages, or enter residential compounds. As you read this article, you might have just completed a QR code payment. Have you ever tried creating your own QR code?
Today, we interviewed CaoLiao QR Code—a mini-program team that helps users generate and manage QR codes (supporting text, URLs, images, etc.). Its founding team recognized the potential of QR code technology as early as 2011. How has CaoLiao QR Code developed its content security system over the years?
A Mini-Program Platform Building Digital Profiles for Everything
CaoLiao QR Code's homepage declares: "A free QR code generation and management platform for everyone." It provides integrated online services including QR code creation, content management, data storage, label printing layouts, scan record management, and data analytics.
With the vision of "creating digital profiles for all things," CaoLiao QR Code now serves over 8 million registered users and tens of thousands of enterprise clients, including industry leaders like China Railway, State Grid, IKEA, and PetroChina.
In 2017, leveraging WeChat's nationwide user coverage, CaoLiao QR Code launched its WeChat mini-program alongside its H5 web version. As the team explains: "The WeChat mini-program ecosystem allows better permission control for QR code access and tracking. Native plugins and APIs also enhance user experience."
Current metrics show 1.7 million daily active users, 240 million scans in 2019 (ranking 4th among national tool-class mini-programs), and cumulative generation of billions of QR codes across industries like retail, construction, manufacturing, education, and lifestyle services.
Behind this scale lies a robust technical framework:
- Frontend: Developed using WeChat's native mini-program system, enhanced with an internal framework for improved efficiency (global reactive data flow, cross-page communication mechanisms)
- Backend: Horizontally split services fully containerized on cloud infrastructure using Kubernetes, cloud storage/databases, message queues, and load balancing
For content security, CaoLiao QR Code combines machine auditing (via cloud services) with manual reviews. The team has developed automated systems for identifying违规 content characteristics and rapidly locating违规 users.
Evolution of Content Security Systems
As user numbers grew, content security challenges intensified:
Early Stage (Manual Audits)
Security teams manually reviewed all content edit logs—extremely labor-intensive.
2017-2018 (Access-Based Filtering)
Implemented access-triggered audits (only reviewing content when reaching certain scan thresholds). However, this allowed some sensitive content to evade timely detection.
Fall 2018 (Wake-Up Call)
A system bug and subsequent regulatory warning prompted comprehensive reforms:
- Enhanced system testing and stability checks
- Integration of machine learning for sensitive content detection
2019 (Anti-Black Market Operations)
Developed risk profiling models to identify and block organized违规 groups through characteristic analysis (device fingerprints, registration patterns). Collaborated with authorities to dismantle multiple black market operations.
2019 Q2 (System Overhaul)
A dedicated 6-member team spent 3 months rebuilding the security architecture into the current hybrid model:
- User trust scoring
- Machine + human audits
- Risk characteristic models
The security team notes plans to adopt WeChat Coral Security's APIs: "As WeChat-native solutions, they better align with mini-program requirements while reducing our operational costs."
Expert Advice: Building Security Systems
Through years of refinement, CaoLiao QR Code's security team shares key lessons:
WHERE
Identify risk sources specific to your productWHY
Analyze how恶意 content might manifest in your systemORDER
Prioritize security needs based on risk levelsHOW
Develop in-house systems or procure third-party services (balance importance vs feasibility)STABILITY
Ensure new features integrate with existing security frameworksCHECK
Conduct regular audits and vulnerability scans
This framework emphasizes proactive security integration at every development stage—a crucial lesson for all platform operators.
Article reposted from WeChat Coral Security: "Exclusive Interview|CaoLiao QR Code's Journey in Building a Content Security System"