Meitu Photo App’s Security Flaws Leak Your Personal Data

Popular face-recognizing photo app from China called ‘Meitu’, that transforms your selfies into adorable anime characters, has shot to fame outside the country in the last few weeks, due to the new “beauty” filters. However, it seems that beneath the layers of artificial makeup is a potential privacy nightmare.

While the free app is currently rocking the charts, both in App Store and Google Play, its rather suspicious code demands permissions for far more personal data than it needs (via CNET).

Meitu permissions android

In addition to asking permission to access your camera and photos, it wants access to your location (GPS coordinates), IMEI and your phone number, in order to automatically run itself at startup. According to security researcher Jonathan Zdziarski, the iOS version of the app is quietly checking to see whether your phone is jailbroken, which cellular carrier you’re using, and is even potentially able to uniquely identify your device using the hardware MAC address of your phone.

Why would it need all that? He speculates that the company is selling your information to companies who’ll target you with advertising.

It’s not remotely unusual for apps to sell data to advertisers, but an app that could be constantly, quietly collecting that data (using code that violates Apple’s rules, according to Zdziarski) even after you reboot your phone, or put in in sleep mode… let’s just say it raises some privacy concerns.

In a statement to CNET, Meitu has claimed that the data collection code was included because the company is headquartered in China, where tracking services provided by App Store and Google Play are blocked.

Well, looks like you need to think very carefully about your personal security before downloading and using the app.