Security experts concerned about data collected by popular beauty filter app

The app has hundreds of millions of users – but are they aware of the permissions they have agreed to?

THERE HAS BEEN a lot of talk this week about the Chinese photo editing app Meitu, which allows users to turn their selfies into anime-like images.

The app, which has hundreds of millions of users, targets teenagers and young adults and enables users to smooth and change the colour of their complexions, widen their eyes and slim themselves down.

Meitu made went public in Hong Kong in December but only gained popularity with users outside of China in the last couple of days.

Whoops!

We couldn't find this Tweet

Last month analyst Jackson Wong said a lot of institutional investors wanted to follow the stock because it is a “one-of-a-kind in the market”. However, he said the profitability of the stock was not foreseeable at that stage.

“Whether they can monetise this app is a key for institutional investors to look at.”

Now security analysts have expressed concern about how the app’s creators might be trying to make money.

Meitu’s permissions include access to:

Information on apps running on the device;
Your location;
The contents of your USB storage;
Your WiFi connection;
Your network information;
Your IMSI number, which can be used to track user activity in other apps and browsers.

The app can also prevent the device from sleeping.

Let me get this straight...
All of you just installed a photo app from China that requires these permissions? Let me know how it works out. pic.twitter.com/wGDUYbRdSA
— Greg Linares (Laughing Mantis) (@Laughing_Mantis) January 19, 2017

Greg Linares / Twitter

Whoops!

We couldn't find this Tweet

Speaking to Wired, security researcher at Vectra Networks Greg Linares said many apps collect data, but Meitu is “collecting some very odd data that shouldn’t be looked at necessarily for the application functioning”.

Experts have speculated that the app may be collecting this information to sell to advertisers.

“I didn’t see anything overtly evil, but that doesn’t mean there’s not something more serious in there. The thing [that’s noteworthy] is the number of different analytics and ad tracking packages they’ve loaded into the app. I counted at least half a dozen different packages in there. You don’t generally need that many unless you’re selling data,” iOS security researcher and forensics expert Jonathan Zdziarski told the website.

Whoops!

We couldn't find this Tweet

In its privacy policy, Meitu says it only uses the information it collects;

To improve functionality;
For identity verification, security control and customers services;
To prevent and investigate fraud and other illegal actions.

Will Strafach, who runs a service that allows users to check the privacy of their apps, told TechCrunch that many free apps require users to hand over more data than is necessary.

“It’s becoming the new normal. It’s because we’re at this point in society, people want to generate their likes and retweets. People download this app and put security in the backseat to make sure they have their social media presence.”

- With reporting by AFP

Read: Meitu is the new beauty filter app that’s taking over – here’s what all the fuss is about>

Making a difference

A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

For the price of one cup of coffee each week you can make sure we can keep reliable, meaningful news open to everyone regardless of their ability to pay.

Support us Learn More