A new photo app that has been popular in China is now making global waves. And not just for its ability to create the ‘perfect selfie’. Security experts believe the app, called Meitu, is collecting much more data than it reasonably needs and it could have dark consequences.
A perfect selfie
In today’s selfie-obsessed world we seem to need more and more ways to curate the ultimate portrait of ourselves. CamMe, FaceTune, and Perfect365, for instance, are SmartPhone apps that all help to enhance features, get rid of dark circles or straighten a slightly crooked yet charming nose.
But the app market has taken it even further. SnapChat has made millions of users around the world into fairy queens and puppy dogs with their animated filters. Meitu is the latest app that’s been getting quite a bit of press recently. It’s a photo editor that retouches your selfies by brightening skin and smoothing out imperfections. It also has an FX editor that adds pastel hues and elfin features. It was an absolute hit in China and now the rest of the world is catching on.
But the security voice of doom has cast a shadow over its success.
Meitu, while completely free, wants your data.
In addition to accessing your camera, it wants permission to collect your phone’s location and time zone, Wi-Fi details and local IP address. And it also wants your SIM card number, whether the phone is jailbroken and any IMEI/IMSIs numbers.
Security expert Greg Linares suggests these requirements go beyond the necessary for ordinary photo apps and could have darker implications:
Let me get this straight…
All of you just installed a photo app from China that requires these permissions? Let me know how it works out. pic.twitter.com/wGDUYbRdSA
— Greg Linares (@Laughing_Mantis) January 19, 2017
He told Wired magazine:
This information can be used to track the individual’s physical location, day-to-day behaviours, as well as starting the process of performing a cell clone.
In response to the concerns, Meitu said:
Meitu’s sole purpose for collecting the data is to optimise app performance, its effects and features and to better understand our consumer engagement with in-app advertisements.
Forensic scientist, Jonathan Zdziarski took to Twitter to comment on the app saying. He claimed that Meitu was a “throw-together of multiple analytics and marketing/ad tracking packages, with something cute to get people to use it”. But some might argue that basically describes any free app from Google Play or the App Store.
That describes every free app ever.
— DaveP (@DavePee) January 20, 2017
Will Strafach from Sudo Security Group told TechCrunch that the information is partially sensitive but wasn’t uncommon:
People are not really aware how common this sort of thing is, I believe. Additionally, many are saying that the Android version is more invasive than the iOS version. I think it’s very good that a discussion has been started though, and I hope it will encourage infosec folks to crack open more apps and see what they do
Who else is ripping off your data?
MapMyRun, LoseIt and PeriodTracker are among 20 health apps that sold users’ data to third party advertising and analytics companies.
Pokemon Go, the augmented reality game and popular app, raised concerns regarding the amount of personal data it was collecting without users’ knowledge through a Google sign-in.
Angry Birds was another of the casual game variety that hoards personal information.
While companies seem to give their smart phone apps away for free, that’s not wholly accurate. They have to survive somehow. And optimising advertising by understanding consumer behaviour is how they justify collecting your data.
But it’s the transparency that’s missing. Consumers aren’t always aware what they are agreeing to or what nefarious consequences it could have. It’s relatively easy for companies to acquire, hold and pass on data. You have no idea what they’ll use it for, but they know an awful lot about you.
– Read more articles about online privacy in The Canary.
Featured image via Instagram
We need your help to keep speaking the truth
Every story that you have come to us with; each injustice you have asked us to investigate; every campaign we have fought; each of your unheard voices we amplified; we do this for you. We are making a difference on your behalf.
Our fight is your fight. You’ve supported our collective struggle every time you gave us a like; and every time you shared our work across social media. Now we need you to support us with a monthly donation.
We have published nearly 2,000 articles and over 50 films in 2021. And we want to do this and more in 2022 but we don’t have enough money to go on at this pace. So, if you value our work and want us to continue then please join us and be part of The Canary family.
In return, you get:
* Advert free reading experience
* Quarterly group video call with the Editor-in-Chief
* Behind the scenes monthly e-newsletter
* 20% discount in our shop
Almost all of our spending goes to the people who make The Canary’s content. So your contribution directly supports our writers and enables us to continue to do what we do: speaking truth, powered by you. We have weathered many attempts to shut us down and silence our vital opposition to an increasingly fascist government and right-wing mainstream media.
With your help we can continue:
* Holding political and state power to account
* Advocating for the people the system marginalises
* Being a media outlet that upholds the highest standards
* Campaigning on the issues others won’t
* Putting your lives central to everything we do
We are a drop of truth in an ocean of deceit. But we can’t do this without your support. So please, can you help us continue the fight?