AuthentificationCyberCrimeFirewallSecuritySecurity ManagementVirus

iOS And Android Photo App Meitu Is Sending A Lot Of Device Data Back To China

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Follow on: Google +

Meitu has exploded in popularity but beware of the data demands it makes

Chinese photo editing application Meitu has exploded in popularity in the past week but security researchers have discovered the app is obtaining significant amounts of data about the device it is installed on and sending it back to its home country.

Security researcher Greg Linares suggested that the requests go way beyond the remit of an entertainment application, noting the Android version requests permission to access device and app history, location, phone status, media files, camera, Wi-Fi and IMEI number.

It also wants to view network locations, reorder running apps, run at startup, change audio and display settings and get full network access. Linares said some of this data could be the starting point for a phone to be cloned and that even with the minimum permissions, sent the IMEI back.

Read more: Who are China’s tech giants?

Meitu 1

Meitu data

Other researchers noted on Twitter that the code included in the application also sought to see whether an iOS device was jailbroken.

Jonathan Zdiarski, who found WhatsApp left traces of deleted posts that could easily be recovered, said the iOS version exhibited similar behaviour and found some prohibited App store code. However he was not too alarmed, claiming that many other free apps sought to obtain as much information as possible to sell it to marketing agencies.

“Meitu is a throw-together of multiple analytics and marketing/ad tracking packages, with something cute to get people to use it,” he said on Twitter.

“Meitu is just par for the course crapware with ad tracking. Just. Like. Thousands. Of. Other. Apps.

“A few App Store infractions doesn’t make an app malicious. As many third party libraries in use here, could be just poor programming.”

Experts say the application doesn’t appear to do anything too malicious, but highlights the risk of using software that demand excessive permissions and use significant amounts of ad trackers.

Meitu was established in 2008 and its applications have been activated on more than 1 billion devices. At the time of writing, it was the 17th most popular free iOS app on the UK App Store.

Quiz: What do you know about China and technology?