SoylentNews is people
SoylentNews
Meitu, a Chinese selfie editing app, has amassed billions in downloads since launching in 2008; it's been trendy in Asia for several years, and just recently began gaining popularity in the United States. The anime-style photo-editing tool, which is available through the Apple and Android app stores, features airbrushed, fairylike depictions of people.
But there's a serious privacy and security issue with the app, according to mobile security researchers who performed tests running the application, primarily on Android phones. The code instructs users' phones to send a large amount of data back to China, and possibly around the world.
That information that[sic] could potentially be used to spy on users and their communications.
Some of the application's permissions, presented before users download the app, include access to the calendar, camera, geolocation data, contacts, screen resolution, photos, the contents of the phone's USB storage, and other data.
The application also appears to be collecting the unique ID, the IMEI number, of users' phones, according to Greg Linares, a security researcher who examined the application. The IMEI is a 15-digit long serial number that can pinpoint the phone's country of origin and individual model.
(Score: 4, Insightful) by stormwyrm on Wednesday January 25 2017, @01:44AM
In principle, if you really owned your device, you could make it lie to all of these nasty pieces of software. Give a phony IMEI, phone number, contacts, geolocation data, show contacts with bogus info, firewall the hell out of network access, and so forth. But despite paying as close to a thousand dollars for some of these devices we in general still don’t really ‘own’ them, rather they want to own us. With root access, I suppose it should be possible to write an Xposed module to do this, to make an app think it has private information and send packs of lies back to the mothership without it being the wiser. Maybe someone already has done this, but I haven’t been paying very close attention to this scene of late.
But no, I suppose allowing this sort of capability out of the box would run counter to the business model, and any manufacturer who tried to empower their customers in this way would probably get the short end of the stick from Google.
Numquam ponenda est pluralitas sine necessitate.
(Score: 1) by DeVilla on Friday January 27 2017, @02:58AM
This kind of reminds me of my employer's BYOD policy. They encourage it, but you must install an app that essentially allows them to root the device. They will also flag the device as not be in compliance if you install something to give yourself root access. I won't own one of those devices anyhow since it's design to either fence me in, spy on me or be as insecure as possible if I try to assert any real control over it.