Meitu, a Viral Anime Makeover App, Has Major Privacy Red Flags
MEITU IS A popular app that transforms your selfie into an adorable anime character. You’ve probably already downloaded it. In exchange for the simple pleasure of giving you an absurd makeover, though, it demands sprawling access to your personal data and numerous features of your smartphone, seemingly collecting a bloat of information about you in the process. Wannabe nymphs and sprites everywhere: be warned.
It’s normal for apps to need access to a variety of data and functions on a smartphone so they can run properly and deliver their service. But responsible apps ask for the fewest number of “permissions” possible so they don’t have access to anything they don’t absolutely need. It’s natural, for instance, for Meitu to accesses your camera. But it also has access to users’ GPS location, cell carrier information, Wi-Fi connection data, SIM card information, jailbreak status, and personal identifiers that could be used to track you and your device across the web.
“Many apps collect data, however usually they are well-known company names which we have already trusted our data with,” says Greg Linares, a security researcher at the threat management firm Vectra Networks. Meitu, based in China, is “a foreign company, and they are collecting some very odd data that shouldn’t be looked at necessarily for the application functioning.”
Experts say that the reason for the manifold permissions, seemingly unrelated to its core purpose, are numerous pre-built analytics and ad-tracking packages that weigh Meitu down. “Meitu has a strong partnership with Google Play—including being a part of their prestigious Sand Hill program,” Google’s boutique booster program for companies with viral potential, says a Meitu spokesperson, who also indicated that a more detailed response may be coming. (We’ll update if and when it does.) “[Google]’s provided a lot input and insight to help improve the app experience for different markets around the world.” A preliminary analysis of the Meitu iOS app by Will Strafach, co-founder of the app security firm Verify.ly, found that it collects a variety of personal data, but nothing far outside the norm.
Meitu’s not alone in loading up on hidden adware, of course, and it’s always important to pay attention to the permissions any app requests. Even well-known apps like Pokemon Go can run into problems if people discover that the programs can access too much. But without technical know-how there isn’t always a way to know the extent of an app’s reach. And with a popular app like Meitu it can be impossible to determine a developer’s true motives, though the company’s privacy policy seems to limit exposure to third parties.
Source | wired
