Meitu, a Chinese selfie editing app, has amassed billions in downloads since launching in 2008; it's been trendy in Asia for several years, and just recently began gaining popularity in the United States. The anime-style photo-editing tool, which is available through the Apple and Android app stores, features airbrushed, fairylike depictions of people.
But there's a serious privacy and security issue with the app, according to mobile security researchers who performed tests running the application, primarily on Android phones. The code instructs users' phones to send a large amount of data back to China, and possibly around the world.
That information that[sic] could potentially be used to spy on users and their communications.
Some of the application's permissions, presented before users download the app, include access to the calendar, camera, geolocation data, contacts, screen resolution, photos, the contents of the phone's USB storage, and other data.
The application also appears to be collecting the unique ID, the IMEI number, of users' phones, according to Greg Linares, a security researcher who examined the application. The IMEI is a 15-digit long serial number that can pinpoint the phone's country of origin and individual model.
(Score: 2) by zeigerpuppy on Wednesday January 25 2017, @12:50AM
the real problem here is that the user's choice about which data to share is not being respected by Google and Apple. it wouldn't be hard for them to add a 'permissions' app that overrides the application defaults. But they are exfiltrating so much data themselves that they don't want to remind people about data security. i, for one, have jumped ship and am happily using SailfishOS.
(Score: 1) by terrab0t on Wednesday January 25 2017, @02:20PM
There was an Android update around summer 2015 that finally gave users fine grained control of app permissions. Before that update you either accepted everything the app wanted or rejected the app entirely. Now you should be able to deny an app individual permissions while still installing it. My phone’s version of Android lets me change the permissions of apps that are already installed, so it’s not a one‐time choice either.
Most users don’t know or care what these permissions mean, but the options are there for those who do.