The popular Chinese photo- editing does more than just making you selfies beautiful, “it steals your data”- according to many experts.

After Chinese popular chat app, WeChat came under harsh criticism for violation of privacy, censorship and accused of passing the information of its user to the govt, another Chinese app Meitu is accused of collecting more than necessary information of its user.

Meitu is a smartphone based photo sharing and editing app which was launched in 2008 in China but it has gained a massive popularity in the west in recent times. according to its websites, it has more than 1.1 billion downloads with 456 million monthly active users in 26 countries.

It describes itself as a one touch for enhancing beauty and putting the finishing touches on your photos, apart from features like beauty retouch, blemish removal eyes, and legs enhancer it also has photo collage, FX camera, material for frames and background and also Meitu allows you to share your images on social networks and through messaging.

But a closer look at its permission detail and its privacy policy is enough to make you think twice before pressing that accept button reveal it’s not all glamor and glitz, for example, the app ask for permission to access

Device and app history;
Accurate location;
Phone status;
USB, photos, and files storage read and write;
Camera;
Wifi connections;
Device ID & call information;
Full network access
Run at startup,
And prevent device from sleeping.

And one read of the privacy policy will make you realised that it’s not all glamor and glitz,
it reads as follows;
Equipment or software information, such as the configuration information provided by your mobile equipment, web browser or other programs used to access our services, your IP address and the version and IMEI of the mobile equipment used, operating system information and network information;
Information relating to the mobile applications (APP) and other software that you have used, and the content from such mobile applications and software that you have used.
Information (metadata) involving the contents that you share through our services, such as the date, time, place, and others of shooting and sharing the photo or video.

“The app will transmit your phone’s IMEI (a unique per-phone identifier that can’t be altered under normal circumstances) to servers in China, It’s able to obtain this value because it asks for a permission called READ_PHONE_STATE, which (if granted) means that the app can obtain various bits of information about your phone including those unique IDs and whether you’re currently on a call.”wrote security developer Matthew Garrett on his blog.

According to the company’s privacy policy, Meitu claims it will only use your data for the following five purposes:
(I) To improve product functionality and upgrade user experience, thereby offering better services for the user;

(II) For identity verification, security control and customer services, so as to ensure the normal use and security of Meitu;

(III) To enable Meitu to better understand the interests of the user to help Meitu to respond to user’s individual demands;

(IV) Meitu may use the user’s personal information to prevent, find and investigate the practices of fraud, endangering of security, illegal actions or other conduct violating the agreement, policy or rules between the user and Meitu or its associated parties, so as to protect the legitimate rights and interests of Meitu or its associated parties;

(V) To enable the user to participate in the surveys of Meitu’s relevant products and services.

However, the company says it can also give away your information to comply with the law. which means it will give up all the user information if ordered to do so.

“Many apps collect data, however usually they are well-known company names which we have already trusted our data with,” says Greg Linares, a security researcher at the threat management firm Vectra Networks. Meitu, based in China, is “a foreign company, and they are collecting some very odd data that shouldn’t be looked at necessarily for the application functioning.”

“I didn’t see anything overtly evil,” says iOS security researcher and forensics expert Jonathan Zdziarski, “but that doesn’t mean there’s not something more serious in there. The thing [that’s noteworthy] is the number of different analytics and ad tracking packages they’ve loaded into the app. I counted at least half a dozen different packages in there. You don’t generally need that many unless you’re selling data.”

Share this on