Slashdot Mirror

← Back to Stories (view on slashdot.org)

Viral Chinese Selfie App Meitu, Valued at Over $5 Billion, Phones Home With Personal Data (theregister.co.uk)

Posted by msmash on from the security-woes dept.

The Meitu selfie horrorshow app going viral through Western audiences is a privacy nightmare, researchers say. The app, which has been featured on several popular outlets including the NYTimes, USA Today, and NYMag, harvests information about the devices on which it runs, includes invasive advertising tracking features and is just badly coded. From a report: But worst of all, the free app appears to be phoning some to share personal data with its makers. Meitu, a Chinese production, includes in its code up to three checks to determine if an iPhone handset is jailbroken, according to respected forensics man Jonathan Zdziarski, a function to grab mobile provider information, and various analytics capabilities. Zdziarski says the app also appears to build a unique device profile based in part on a handset's MAC address. "Meitu is a throw-together of multiple analytics and marketing/ad tracking packages, with something cute to get people to use it," Zdziarski says. Unique phone IMEI numbers are shipped to dozens of Chinese servers, malware researcher FourOctets found. The app, which was valued at over $5 billion last year due its popularity, seeks access to device and app history; accurate location; phone status; USB, photos, and files storage read and write; camera; Wifi connections; device ID & call information; full network access, run at startup, and prevent device from sleeping on Android phones.

8 of 81 comments (clear)

  1. Da fuq?!! by Anonymous Coward · · Score: 2, Funny

    Selfie app valued at $5 billion? *head asplodes*

    1. Re:Da fuq?!! by Oswald+McWeany · · Score: 2

      And it's called "Meitu",

      Please tell me that's not pronounced "Me Too" (although that would be the perfect name for a narcissistic selfie app.

      --
      "That's the way to do it" - Punch
    2. Re: Da fuq?!! by Anonymous Coward · · Score: 2, Insightful

      I read it as "My Too"

    3. Re:Da fuq?!! by Mashiki · · Score: 3, Interesting

      Isn't Snapchat valued at ~25 billion?

      Yep. And people don't think this dotcom bubble is going to burst anytime soon either. Then you've got stuff like Uber valued at ~68B, and blowing through 2-7B/quarter in losses. Think on that one, at 68B, they have a higher market valuation then the big-3(GM, Ford, Chrysler) automakers. And they manufacture physical products, own their own credit financing divisions.

      My guess? We'll see that pop around the time that Canada's housing bubble pops. And anyone who thinks Canada isn't due for a massive housing price correction doesn't realize just how bad it is here. Here's a good kicker too, in Vancouver one of the really overly priced markets. The provincial government sets property taxes based on the "possible future valuation" of your property. There's people in industrial areas, who are going to see their property taxes go from $160k to over $1m this year and are looking to get the hell out.

      --
      Om, nomnomnom...
    4. Re: Da fuq?!! by The-Ixian · · Score: 4, Funny

      Yeah, me too

      --
      My eyes reflect the stars and a smile lights up my face.
  2. Not so much for iOS by radish · · Score: 2

    It's worth pointing out that iOS doesn't allow apps to access the MAC, IMEI or any other persistent unique ID field (for just this reason). There is a unique ID field designed for apps to use for device identification but it is generated by the device on a per application basis, so it cannot be correlated with other apps. It also changes if you reinstall the app. Both of these facts make it fairly useless for nefarious purposes.

    --

    ---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"

  3. Re:Well by Lirodon · · Score: 2

    I'm not a millennial so I'm behind the times when it comes to apps. I've never heard of this Chinese Communist selfie app but it doesn't take an app to do a selfie. You've got an Android or iPhone builtin app to do it for you. It even lets you easily share it to Facebook. Who the hell really needs an add-on selfie app?

    because of filters and stickers and editing stuff

  4. Re:We deserve what we get. by rwa2 · · Score: 2

    A Meitu spokesman actually replied to the ArsTechnica article on this:
    http://arstechnica.com/securit...

    Since they're a Chinese company, they have to collect their own user data since they don't have access to user data from the Apple / Google stores. So they likely have less info about you than most Western app devs.

    I installed Meitu on an Android 7.1 device yesterday. It only asks for device permissions as it needs them. I denied giving it access to my phone functions and the app works fine without that telemetry. But if you're really paranoid, go ahead and play with it in Andyroid or something.