DIY Photography

Hacking Photography - one Picture at a time

  • News
  • Inspiration
  • Reviews
  • Tutorials
  • DIY
  • Gear
Search

Submit A Story

Just how invasive is Meitu?

Jan 22, 2017 by Daniela Bowker 4 Comments

  • Share
  • Tweet
  • Flipboard
  • WhatsApp

Yesterday afternoon I noticed that my Twitter and Instagram feeds were humming with curiously styled selfies that slimmed faces, lightened skin, and applied a veneer of gloss and sheen that supposedly turned the selfees into animé-like characters. The transformations were courtesy of a Chinese app called Meitu that had suddenly become the height of fashion. I thought Meitu did a fantastic job of producing the archetypal Widow Twankey, so while I wasn’t desperate to have a go myself, I could understand why people were enamoured with it and enjoying a giggle.

And then, just before I went to bed, it appeared that some of the sheen on Meitu was dulling. There were mutters and murmurs that perhaps the app wasn’t all that it seemed, rising to a crescendo of potential-ID-theft-induced panic. Rather than being concerned about its Pantomime Dame proclivities, we should focus on the permissions that it was requesting from phones and, as a consequence, the data it was harvesting. While Meitu would require access to your phone’s camera, did it really need to know such specific information?

Depending on whether you were using the Android or the iOS version of the app, it seemed that Meitu might be scavenging information on your location, your carrier, your wi-fi connection, your calls, other apps you might be running, your device’s IMEI number, or if it were jailbroken. Given that Meitu is a Chinese-owned app, just what did it want with these data?

This morning the slightly panicked tweets and alarmist admonitions have toned down, but there remains a sense of unease surrounding Meitu. Just how intrusive is it? Are we right to be concerned that it is accessing more of your phone than it is entitled? I’ve summarised the general sentiments.

Android

By general reckoning, Meitu’s Android app is far more invasive than the iOS version. In particular, it relays your phone’s IMEI number (a unique identifier) to Meitu. That’s in addition to GPS data, and call, carrier, and wi-fi information. While it has been pointed out that it might well be Chinese legal requirement for Meitu to collect this sort of information, it is raising concerns for Greg Linares (info sec expert) and ‘security pessimist’ @FourOctets.

Let me get this straight…
All of you just installed a photo app from China that requires these permissions? Let me know how it works out. pic.twitter.com/wGDUYbRdSA

— Greg Linares (@Laughing_Mantis) January 19, 2017

Take a look at the entire list of permissions from the the Meitu app. pic.twitter.com/AkSw2Z50T7

— FourOctets (@FourOctets) January 19, 2017

And, as @FourOctet’s points out, this isn’t restricted to Meitu.

iOS

The consensus on the iOS version of Meitu is that it isn’t nearly as insidious as the Android offering. Both Will Strafach 9info sec specialist) and Jonathan Zdziarski (forensic scientist) are of the opinion that the data Meitu on iOS is collecting are generally comparable to those gathered by many other apps available in the App Store, even if it does want to know if your phone is jailbroken.

Like I said in several prior tweets, Meitu is just par for the course crapware with ad tracking. Just. Like. Thousands. Of. Other. Apps.

— Jonathan Zdziarski (@JZdziarski) January 19, 2017

And

Overall, the information collected by this app would appear to be on-par with analytics information collected within most iOS apps which are currently live in the App Store.

For Zdziarski, the issue here isn’t about Meitu specifically. It’s about paid ad trackers in general: ‘They’re overly invasive and in thousands and thousands of apps people use.’ It comes back to the adage that if you’re not paying for a product with your money, you’re paying for it with your data. The developers have to make it pay somehow.

To conclude

Meitu might have created a storm last night, but it isn’t isolated in its practices. As plenty of commentators have pointed out, data harvesting is normal. It’s how people make their money. Whether or not you want to download or continue using Meitu comes down to how comfortable you are releasing that much of your information to a company without knowing how it will be used. Meitu doesn’t blow back my hair; I’ve not downloaded it and I don’t intend to. But at least you can make a slightly more considered choice now, and apply it to other apps you download.

FIND THIS INTERESTING? SHARE IT WITH YOUR FRIENDS!

  • Share
  • Tweet
  • Flipboard
  • WhatsApp

Related posts:

FAA declares much of SF a ‘no drone zone’ for Super Bowl, says it could shoot down invasive drones Your Android Lollipop Camera Has a bug That Can Bypass The Lock Screen Finally! Instagram Is Testing Multi-Account Support Facebook confirms that a recent password leak affected millions of Instagram users

Filed Under: news Tagged With: App, ID fraud, ID theft, information security, infosec, Meitu, Meitu app, security

About Daniela Bowker

« POTUS Twitter account uses header photo from the wrong inauguration
Should we let our photographic failures rule us? »

Submit A Story

Get our FREE Lighting Book

DIYP lighting book cover

* download requires newsletter signup
DIYPhotography

Recent Comments

Free Resources

Advanced lighting book

Recent Posts

  • The Xencelabs Pen Display 24 is silent, glare-free retouching tablet
  • Fall in love with astrophotography with these 10 space objects
  • Hipstamatic app relaunches as a social network, but only for iOS
  • Instagram now has ads even in search results. Sigh
  • Panasonic has finally developed its 8K organic global shutter OPF CMOS sensor

Alex Baker is a portrait and lifestyle driven photographer based in Valencia, Spain. She works on a range of projects from commercial to fine art and has had work featured in publications such as The Daily Mail, Conde Nast Traveller and El Mundo, and has exhibited work across Europe

Dave Williams is an accomplished travel photographer, writer, and best-selling author from the UK. He is also a photography educator and published Aurora expert. Dave has traveled extensively in recent years, capturing stunning images from around the world in a modified van. His work has been featured in various publications and he has worked with notable brands such as Skoda, EE, Boeing, Huawei, Microsoft, BMW, Conde Nast, Electronic Arts, Discovery, BBC, The Guardian, ESPN, NBC, and many others.

John Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter - and occasional beta tester - of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

Dunja Djudjic is a multi-talented artist based in Novi Sad, Serbia. With 15 years of experience as a photographer, she specializes in capturing the beauty of nature, travel, and fine art. In addition to her photography, Dunja also expresses her creativity through writing, embroidery, and jewelry making.

Copyright © DIYPhotography 2006 - 2023 | About | Contact | Advertise | Write for DIYP | Full Disclosure | Privacy Policy