You’ve probably noticed the selfies appearing on social media platforms and elsewhere across the web recently containing subjects who resemble anime-like characters. It’s the work of Chinese photo editing app Meitu, and while it may seem like harmless fun, there could be a more sinister side to the software.
Meitu has been available in China for almost a decade. It has been installed over a billion times around the world and has over 456 million average monthly users, but it only recently became a viral sensation in the US. The app uses facial detection technology and filters to turn people into large-eyed, glossy-lipped, blusher-covered beauties with smooth skin.
As more people around the world start using Meitu, some users have noticed that it asks for an awful lot of permissions – 20 in total – for a photo editing app. These include full network access, ability to alter device settings, mange calls, modify and delete the contents of a phone’s USB storage location data, unique device identifier numbers, carrier information, wifi connections, and running itself at startup.
The Android version is agreed to be the more insecure version. Digital forensics expert Jonathan Zdziarski said the iOS incarnation is slightly less invasive but it secretly checks if a user’s iPhone is jailbroken. He added that Meitu’s code may even violate App Store policies on data collection.
It was suspected that Meitu was selling the user information to third-party advertisers, possibly for ad-targeting purposes, but the company says this isn’t true. It claims the permissions are required because the firm is located in China.
CNET reports that tracking services within applications from the Google Play and Apple App stores are usually blocked in the Asian country. “To get around this, Meitu employs a combination of third-party and in-house data tracking systems to make sure the user data tracked is consistent,” said a Meitu spokesperson.
“Furthermore, the data collected is sent securely, using multilayer encryption to servers equipped with advanced firewall, IDS and IPS protection to block external attacks.”