A photography app that has become incredibly popular in recent weeks after adding an anime makeover feature has been sending user data back to its developer in China.
Meitu carries out checks to establish if an iOS device is jailbroken and collects information about its carrier before passing it onto Xiamen Meitu Technology. It’s thought the company could be selling the information to marketing agencies for targeted ads.
Meitu has been available on iOS since February 2016, but it suddenly started appearing in the App Store’s top charts Friday morning. Its swift rise prompted security researchers to dig into its code — and they made some interesting discoveries.
According to Jonathan Zdziarski, Meitu makes “a number of different checks” to see if an iPhone is jailbroken and collects information about its carrier. It then creates a unique identifier based on part of its MAC address — a unique code assigned to every device.
This data is then sent back to Meitu’s creator in China.
If you use Meitu on Android, even more data is collected. Upon installation, the app requests access to your handset’s GPS, Phone app, and audio settings. It also asks for permission to run on startup, so it can operate in the background before you’ve even opened it.
“Meitu is a throw-together of multiple analytics and marketing/ad tracking packages, with something cute to get people to use it,” Zdziarski tweeted. “If the app is free, chances are it’s your tracking data that’s making somebody money.”
“If you like being the target of marketing and big data, by all means run Meitu. I’m sure whoever’s buying their data will thank you.”
But before you start panicking, there’s something you should know. While Meitu’s practices may be frowned upon, they’re perfectly acceptable in Apple’s eyes. The app won’t be banished from the App Store for the way in which it collects data, or for sending it to China.
What’s more, Meitu isn’t the first app to do this, and it certainly won’t be the last. In fact, it’s a pretty common practice, so chances are you have other apps installed that are doing very similar things.
“If you think Meitu is too invasive, boy have I got some news for you about apps,” adds Zdziarski. “Like I said in several prior tweets, Meitu is just par for the course crapware with ad tracking. Just. Like. Thousands. Of. Other. Apps.”
Even if you go out of your way to avoid apps like this, advertisers are still going to get hold of your data somehow and create targeted ads just for you. Don’t like it? Throw away your iPhone, cancel your internet, and live the Amish life.