Update: Meitu has now commented on privacy claims and said it is not selling data to third-party companies. According to Meitu, the strange permissions within the photo editing app are because the company is headquarted in China.
Usually China blocks tracking services (something most apps are set up to do) within applications downloaded from the Google Play and Apple App Store.
A Meitu spokesperson told CNET, "To get around this Meitu employs a combination of third-party and in-house data tracking systems to make sure the user data tracked is consistent."
"Furthermore, the data collected is sent securely, using multilayer encryption to servers equipped with advanced firewall, IDS and IPS protection to block external attacks."
Original: Our seemingly never-ending craze for selfies has helped make Meitu – a photo-editing app that warps your face into an anime-like visage – go viral in the West in the last few days.
The app can be fun, allowing you to create Japanese-inspired anime versions of your face, then share the often hilarious results with your friends and family. So what’s not to like about this frivolous little app?
There’s a caveat, particularly for Android-owners: To be part of the fun, Meitu asks for a bucketload of permissions to access information on your phone, which has sparked numerous security and privacy concerns.
From frivolous to serious concern
Meitu was created by Chinese entrepreneur Cai Wensheng in 2008 and since then has been ruling the selfie-editing apps in China. The edits can make users look fairer, taller, slimmer and remove dark circles and blemishes with just a few taps.
The app’s recently become popular throughout the rest of the world and has been downloaded more than a billion times.
And, like most other smartphone apps, it requests access to certain parts of a user’s phone.
But, unlike most other apps, Meitu arguably takes it too far on Android phones by requiring access not just the phone’s camera and storage (which is only natural), but also to your phone number and location (both network-based and GPS) just to start up.
But that’s not all. It also asks to read, modify and delete the contents of an Android phone’s USB storage, view network connections, change display and audio settings, reorder running apps, control vibrations and prevent the device from going into sleep mode. The iOS version of the app runs a check to see if a handset is jailbroken or not.
Security researchers have delved into the apps’ code and found that it even collects phone IMEI numbers – something which could allow user’s habits to be tracked across different apps.
Meitu doesn’t need these permissions to perform its main functions, so hoovering up all this information seems dodgy, especially when all this data is allegedly being collated and stored in servers in China.
Protect yourself
While we’d recommend not installing the app (at least until the company has responded to the privacy concerns), there are ways you can protect yourself. Here’s what you can do to ensure your data is safe.
If you’re an Android user, check the list of requested permissions before downloading an app and use the operating system’s permissions options to control information accessibility by individual apps. You can even revoke permissions later.
It’s a lot more difficult to see what permissions an app requires in the App Store, but there’s detailed controls in the iPhone’s Settings and iOS always prompts users when an app is trying to access any part of the phone for the first time.
