Just how invasive is Meitu?

Jan 22, 2017

Daniela Bowker

Daniela Bowker is a writer and editor based in the UK. Since 2010 she has focused on the photography sector. In this time, she has written three books and contributed to many more, served as the editor for two websites, written thousands of articles for numerous publications, both in print and online, and runs the Photocritic Photography School.

Just how invasive is Meitu?

Jan 22, 2017

Daniela Bowker

Daniela Bowker is a writer and editor based in the UK. Since 2010 she has focused on the photography sector. In this time, she has written three books and contributed to many more, served as the editor for two websites, written thousands of articles for numerous publications, both in print and online, and runs the Photocritic Photography School.

Join the Discussion

Share on:

Yesterday afternoon I noticed that my Twitter and Instagram feeds were humming with curiously styled selfies that slimmed faces, lightened skin, and applied a veneer of gloss and sheen that supposedly turned the selfees into animé-like characters. The transformations were courtesy of a Chinese app called Meitu that had suddenly become the height of fashion. I thought Meitu did a fantastic job of producing the archetypal Widow Twankey, so while I wasn’t desperate to have a go myself, I could understand why people were enamoured with it and enjoying a giggle.

And then, just before I went to bed, it appeared that some of the sheen on Meitu was dulling. There were mutters and murmurs that perhaps the app wasn’t all that it seemed, rising to a crescendo of potential-ID-theft-induced panic. Rather than being concerned about its Pantomime Dame proclivities, we should focus on the permissions that it was requesting from phones and, as a consequence, the data it was harvesting. While Meitu would require access to your phone’s camera, did it really need to know such specific information?

Depending on whether you were using the Android or the iOS version of the app, it seemed that Meitu might be scavenging information on your location, your carrier, your wi-fi connection, your calls, other apps you might be running, your device’s IMEI number, or if it were jailbroken. Given that Meitu is a Chinese-owned app, just what did it want with these data?

This morning the slightly panicked tweets and alarmist admonitions have toned down, but there remains a sense of unease surrounding Meitu. Just how intrusive is it? Are we right to be concerned that it is accessing more of your phone than it is entitled? I’ve summarised the general sentiments.

Android

By general reckoning, Meitu’s Android app is far more invasive than the iOS version. In particular, it relays your phone’s IMEI number (a unique identifier) to Meitu. That’s in addition to GPS data, and call, carrier, and wi-fi information. While it has been pointed out that it might well be Chinese legal requirement for Meitu to collect this sort of information, it is raising concerns for Greg Linares (info sec expert) and ‘security pessimist’ @FourOctets.

And, as @FourOctet’s points out, this isn’t restricted to Meitu.

iOS

The consensus on the iOS version of Meitu is that it isn’t nearly as insidious as the Android offering. Both Will Strafach 9info sec specialist) and Jonathan Zdziarski (forensic scientist) are of the opinion that the data Meitu on iOS is collecting are generally comparable to those gathered by many other apps available in the App Store, even if it does want to know if your phone is jailbroken.

And

Overall, the information collected by this app would appear to be on-par with analytics information collected within most iOS apps which are currently live in the App Store.

For Zdziarski, the issue here isn’t about Meitu specifically. It’s about paid ad trackers in general: ‘They’re overly invasive and in thousands and thousands of apps people use.’ It comes back to the adage that if you’re not paying for a product with your money, you’re paying for it with your data. The developers have to make it pay somehow.

To conclude

Meitu might have created a storm last night, but it isn’t isolated in its practices. As plenty of commentators have pointed out, data harvesting is normal. It’s how people make their money. Whether or not you want to download or continue using Meitu comes down to how comfortable you are releasing that much of your information to a company without knowing how it will be used. Meitu doesn’t blow back my hair; I’ve not downloaded it and I don’t intend to. But at least you can make a slightly more considered choice now, and apply it to other apps you download.

Filed Under:

Tagged With:

Find this interesting? Share it with your friends!

Daniela Bowker

Daniela Bowker

Daniela Bowker is a writer and editor based in the UK. Since 2010 she has focused on the photography sector. In this time, she has written three books and contributed to many more, served as the editor for two websites, written thousands of articles for numerous publications, both in print and online, and runs the Photocritic Photography School.

Join the Discussion

DIYP Comment Policy
Be nice, be on-topic, no personal information or flames.

Leave a Reply

Your email address will not be published. Required fields are marked *

4 responses to “Just how invasive is Meitu?”

  1. Andrew Whitus Avatar
    Andrew Whitus

    It seems to be a photo editing app…so it fits the bill in my book…not all photographers are using DSLRs.

  2. Burt Johnson Avatar
    Burt Johnson

    Anyone taking selfies deserves to be hacked… :( Quit being so full of yourselves and see the world, not just a mirror. AND GET RID of those da** selfie sticks that poke everyone else.

    1. Jyi Offer Avatar
      Jyi Offer

      “Anyone taking selfies deserves to be hacked”

      What a stupid comment?

  3. Gvido Mūrnieks Avatar
    Gvido Mūrnieks

    So basically, it’s like facebook.