While it’s been available in China for nearly a decade, the Meitu photo editing app has recently become very popular here in the US. You might not be so thrilled about your anime-themed selfies after you hear this news, though. There’s evidence that Meitu is collecting a lot of user data and sending it to unknown third-parties.
See also:How to build an image gallery app – full tutorial with codeOctober 3, 2016
Meitu is designed to turn your normal photos into more beautiful images with lots of effects, backgrounds, filters and more features to choose from. The big push to its popularity in the US occurred when the app recently added an anime filter. Now users are busy turning photos of themselves and others into people who would feel quite at home in Sailor Moon. The company behind Meitu claims the app has now been installed on over one million devices.
But is the app doing more than just making people super cute with its anime filter? Security-minded folks have been poking around Meitu’s code and discovered it has a lot of tracking code for things like device model, Android OS version, MAC address, and much more. If you download the Android version from the Google Play Store, it asks for more than 20 permissions before you install it. The app wants to manage your calls, to know your precise location, and even to run itself at startup. CNET contacted Meitu to ask about these security concerns, but so far the company has not responded.
Summary: Meitu is a throw-together of multiple analytics and marketing/ad tracking packages, with something cute to get people to use it.
— Jonathan Zdziarski (@JZdziarski) January 19, 2017
To be clear, there’s no evidence so far that the data that Meitu collects is used for anything more nefarious than ad targeting. A lot of apps – especially free apps, and especially apps from China – rely on selling user data to ad companies as their main business model. Nevertheless, you should be aware of these practices before you pick up Meitu, or for the matter, any app that requests tons of permissions without a clear purpose.