WeChat’s 2016 Red Envelope Photo on Android: Performance, Security, and Rapid Development

In the 2016 Chinese New Year’s Eve, WeChat launched a new activity called “Red Envelope Photo”, where users could view a photo only after sending a red envelope. The article discusses the feature from an Android client developer’s perspective.

System Overview

The feature consists of several modules:

Entry and red‑dot control logic for publishing permissions.

Publishing module handling photo upload and publishing logic.

Thumbnail loading with a unique timeline display.

Full‑size image loading that shows a blurred image with a random “hole” effect.

Payment module that requires sending a red envelope to view the full photo.

Statistics module for reporting and analysis.

Although each module is simple, delivering the first version in just over two months posed challenges in time, performance, security, and traffic control.

Efficient Development Model

Because the product design changed frequently, the team adopted an iterative development approach, emphasizing speed and stability:

Fast: Rapid prototyping to keep up with product iterations.

Stable: Maintaining high quality despite quick releases.

Cross‑platform alignment through face‑to‑face communication.

Continuous code review, detailed exception handling, and thorough testing.

Small‑scale internal rehearsals before public release.

Performance

The core experience involves a blurred image with a random circular “hole” that reveals part of the picture; viewing the full image requires payment. The team discovered that blurring a large image took about 1500 ms, while a thumbnail required less than 50 ms, a 30‑fold difference. They therefore applied blur to the thumbnail.

Hole placement follows rules (e.g., higher probability around faces). Face detection is performed on the thumbnail; the resulting coordinates are used to clip a circular region from the original high‑resolution image, overlay it on the blurred thumbnail, and adjust edge transparency.

Through these optimizations, the total interaction time was reduced to under one second.

Security

Images are downloaded via HTTP from CDN servers and stored locally, making them vulnerable to packet sniffing and file extraction. The team focused on two aspects:

Secure download: Changing the download protocol was not feasible within the project timeline.

Local storage protection: Encrypting stored images.

The solution encrypts image data returned over HTTP, embedding a per‑image key in the file path. The client uses a custom EncInputStream / EncOutputStream that transparently encrypts/decrypts data, keeping the encryption algorithm lightweight and fast.

Control

Given the massive traffic and unknown load, the system needed fine‑grained control:

Publish permissions, number of participants, and frequency are all configurable.

Payment button logic can limit amount ranges and target specific user groups.

Caching reduces server pressure from repeated random amount requests.

Dynamic quota adjustments and occasional “easter eggs” help balance load.

Postscript

During the 2016 Monkey Year Spring Festival, the Red Envelope Photo activity generated 29 million photos and over 1.92 billion interactions. Future articles will dive deeper into performance and control logic.