Categories
Android iOS iPhone News privacy security Software

Meitu selfie app apparently collecting, transmitting user data back to Chinese source

The good news is that the Meitu app adds some cool selfie editing tools, allowing you to pretty much transform your selfie pictures into nifty anime characters.

The bad news is that the app is apparently sending back as much private information as it can to a Chinese source.

The MeituPic app, launched in 2013, soared to the top of the Chinese app charts. It was rebranded as “Meitu” in 2016 and works by taking a selfie, smoothing a person’s skin, adding virtual makeup and a number of other effects.


Meitu then asks for your phone’s location, Wi-Fi connection information, time zone, local IP address, SIM card number, whether a phone is jailbroken, and, on Android devices, the unique identity number (IMEI). This data is seemingly being sent back to China.

“Meitu’s sole purpose for collecting the data is to optimise app performance, its effects and features and to better understand our consumer engagement with in-app advertisements,” a statement from the company says. “Meitu DOES NOT sell user data in any form.”

“As Meitu is headquartered in China, many of the services provided by app stores for tracking are blocked. To get around this, Meitu employs a combination of third-party and in-house data tracking systems to make sure the user data tracked is consistent.”

Meitu also says permissions on Android and iOS are within both app store’s guidelines and are similar to other camera apps. The firm checks if phones are jailbroken as it is a requirement from the WeChat SDK, and because “jailbroken devices can manipulate and modify the app source code”.

Meitu has stated that as a means of preventing hackers from potentially accessing private data, the company has added only limited analytics and advertising units in the app. The company has stated that it transmits user data through encrypted layers to keep information private.

This is the latest in a line of high-profile data collection concerns. WhatsApp was recently criticised for sharing personal information with parent company Facebook in 2016; privacy campaigners heavily criticised the UK’s Investigatory Powers Act that allows for the collection of web history; and some of tech’s largest companies have been trying to change how they are seen. Apple has a privacy site, for example, and Google regularly updates its privacy tools.

However, many web services and applications are involved in selling user data to advertisers and other firms. A study in 2013 found 20 of the top health apps were selling anonymised user data to around 70 companies.

In short, it may be a cool app, but it may also be harvesting and transmitting as much user information as it can get its hands on, so be careful.

Via Wired.co.uk and Medium