Meitu Photo App Is Sending Your Info to China
Meitu, a popular photo app that transforms users’ faces to have anime-like features, is collecting a large amount of data about its users and sending it to servers in China. The app allows users to take a selfie or picture of someone else’s face and then digitally smoothes the skin, modifies the eyes, and applies makeup to produce a cartoonish version of them. Numerous security experts have pointed out that the app collects an unreasonable amount of data from users including their GPS coordinates, phone numbers, and calendar details.
Launched in 2008, Meitu claims 1.1 billion unique installs for its iPhone and Android apps and 456 million monthly active users. While certain aspects of its data collection are related to the app’s function such as its access to the device camera, Meitu has additional permissions on a user’s mobile device such as changing audio settings, controlling the vibration function, preventing the device from sleeping, and reading the phone status and identity. This last capability includes a phone’s IMEI number or International Mobile Equipment Identity number.
Detecting and storing the phones’ IMEI number potentially allows Meitu, its advertising partners, and any company which buys the company’s data to monitor a user’s activity across various apps. Matthew Garrett from CoreOS writes, “Why would anybody want these IDs? The simple answer is that app authors mostly make money by selling advertising, and advertisers like to know who's seeing their advertisements…. using a device-level ID rather than an app-level one is preferred. The IMEI is the most stable ID on Android devices.”
In a statement to CNET, Meitu claims that its data collection practices are a result of the company’s location in China where tracking analytics provided by the Apple App store and Google Play are blocked, forcing the company to create a workaround. A Meitu spokesman also stated that the data collected within the app is transmitted and stored securely.
Meitu’s increasing popularity and the gratuitous amount of permissions the app requires should be kept in mind by potential users. ArsTechnica adds that the Android version of the app has the potential for greater privacy incursions, as its operating system allows increased permissions, “but according to digital forensics expert Jonathan Zdziarski, the app secretly checks to see if a user's iPhone is jailbroken—presumably to see if it can use that information to gather additional data.”