Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Tuesday January 24 2017, @09:57PM   Printer-friendly
from the better-or-worse-than-facebook? dept.

Meitu, a Chinese selfie editing app, has amassed billions in downloads since launching in 2008; it's been trendy in Asia for several years, and just recently began gaining popularity in the United States. The anime-style photo-editing tool, which is available through the Apple and Android app stores, features airbrushed, fairylike depictions of people.

But there's a serious privacy and security issue with the app, according to mobile security researchers who performed tests running the application, primarily on Android phones. The code instructs users' phones to send a large amount of data back to China, and possibly around the world.

That information that[sic] could potentially be used to spy on users and their communications.

Some of the application's permissions, presented before users download the app, include access to the calendar, camera, geolocation data, contacts, screen resolution, photos, the contents of  the phone's USB storage, and other data.

The application also appears to be collecting the unique ID, the IMEI number, of users' phones, according to Greg Linares, a security researcher who examined the application. The IMEI is a 15-digit long serial number that can pinpoint the phone's country of origin and individual model.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Informative) by bob_super on Tuesday January 24 2017, @11:23PM

    by bob_super (1357) on Tuesday January 24 2017, @11:23PM (#458317)

    A lot of it is indeed because the free ad-supported versions rely on canned subsystems which are just imported by the person trying to get paid for their work. They come with an insane amount of privacy-invading requests, to maximize the value of the ad to you, of course.

    I've found a few apps totally devoid of any permissions (stuff to read the accelerometer of other device-bound feature), but that took scrolling past pages and pages of BigBrotherWannabees.

    I can't thank enough the people who do go through the pains of coding, debugging, and pushing to the Play store, and don't ask for cash or try to load crapware... Hats off to them

    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Informative=1, Total=2
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4