Technology

Viral anime photo filter app Meitu sparks security and privacy concerns

Just as Meitu, the insanely popular mobile app that 'anime-fies' your face, has gone viral in the Western world, so has security and privacy concerns over the amount of data it collects on its users. Some security researchers have noted that, for a frivolous photo editing app, it's asking for way too many permissions to access information on a user's phone. The app is also apparently collecting information about a user's phone and sending it to remote servers in China. Here's what you need to know.

Meitu was created back in 2008 and has now become a viral app in English-speaking countries. Your Facebook feed may have been bombarded with posts of your friends' faces being transformed into anime-looking characters.

A ton of people are using Meitu and it has been downloaded more than a billion times. But something seems a bit fishy, particularly when you look at the permissions the app requests before you install it.

Here's a breakdown of what the app asks to access on your phone, as listed on the Android version:

  • retrieve running apps
  • approximate location (network-based)
  • precise location (GPS and network-based)
  • read phone status and identity
  • read the contents of your USB storage
  • modify or delete the contents of your USB storage
  • take pictures and videos
  • view Wi-Fi connections
  • read phone status and identity
  • receive data from Internet
  • view network connections
  • change system display settings
  • full network access
  • change your audio settings
  • run at startup
  • reorder running apps
  • control vibration
  • prevent device from sleeping
Advertisement

Mind you, there are plenty of apps out there that asks for a load of permissions that seem incongruous to their main functions. Meitu also doesn't require all of those permissions to be granted in order to work. Still, all of this makes the Meitu app seem very dodgy and it's another reminder as to why you should always check app permissions carefully before you download anything.

But when you dive into the code of Meitu, that's where things get interesting. Security researchers have jumped in to assess the photo editing app and found that it was indeed collecting information, including a phone's IMEI number (a handset's unique ID number), and sending it back to remote servers:

On the iOS version of the app, Meitu runs a check on whether a handset is jailbroken.

Now, some of the information the app is collecting may be mandated by the Chinese Government. According to Tech In Asia, China imposed stricter rules on mobile app developers last year that is aimed at enhancing data security but at the cost of increased user tracking. As of August 1, 2016, all Chinese mobile app providers must:

  • Confirm the real identities of their users in the app's back-end by using their phone numbers.
  • Create a robust user information security system and inform users about why any user data is being collected.
  • Create a robust content censorship system to filter out illegal content, with warning, suspension, restriction, and perma-banning features.
  • Remove any features that auto-download unrelated apps onto a user's phone.
  • Track user log information and keep it on file for at least 60 days.

But the more likely reason Meitu is collecting so much information on their users is to sell it to third-party ad companies. Security researcher Jonathan Zdziarski summed it up nicely:

Lifehacker Australia is your expert guide on how to get things done and do everything better.