Over the last few days, a shit-ton of people have discovered and started using a cute app called Meitu that turns your selfies into anime-like photos.
Okay, IMica Burton January 17, 2017
But the Meitu has a darker, creepier side: it collects an inordinate amount of data about you and your phone, and sends it to a bunch of servers in China. As noted security researcher Jonathan Zdziarski put it in a message to Motherboard, Meitu is “a piece of crapware with a bunch of ad tracking / analytics packages baked into it.”
On Android, the app collects your phone’s unique identifier or IMEI (International Mobile Equipment Identity) and sends it to several Meitu servers, as some security researchers pointed out on Twitter. (On iOS, the app collects far fewer information, as security researcher Will Strafach wrote in a blog post.)
“Just like many other terrible mobile apps, [Meitu] appears to be harvesting some sensitive information including your device’s imei, iccid [the SIM card’s its unique serial number], device location, and if your device is jailbroken,” Greg Linares, another security researcher, told Motherboard in a Twitter direct message.
For an app like this to collect your IMEI is not common, according to Linares. And on Android, the app also asks for a lot of permissions that don’t make a lot of sense, such as access to your location, to make phone calls, full network access, control vibration, and view Wi-Fi connections, among others.
Let me get this straight...
But Meitu dismissed the criticism, sending out a long statement to reporters.
“It's such a nice problem to have with our App being noticed by the media, celebrities, and consumers,” Meitu’s managing director for global markets Frank Fu told Motherboard in an email. Fu added that the company works “closely” with Google and Apple and follows privacy policies “rigorously,” and he also invited me to a new product launch in China.
In the statement, the company said the “sole purpose” for collecting the data is to “optimize app performance,” and that Meitu “DOES NOT sell user data in any form.”
Moreover, the company said that the permission it asks on Android “are similar to those users will find with most popular photo editing apps.” The company justified collecting data such as MAC address and IMEI to better track users given that “as Meitu is headquartered in China, many of the services provided by app stores for tracking are blocked.”
It’s possible that the Meitu developers are not collecting all this data with malicious intent in mind, but if you’re not comfortable sharing all this information, maybe don’t use it.
Get six of our favorite Motherboard stories every day by signing up for our newsletter.
from This Popular Anime Selfies App Is ‘Crapware’ That Collects Private Data