Chinese photo editing application Meitu has exploded in popularity in the past week but security researchers have discovered the app is obtaining significant amounts of data about the device it is installed on and sending it back to its home country.
Security researcher Greg Linares suggested that the requests go way beyond the remit of an entertainment application, noting the Android version requests permission to access device and app history, location, phone status, media files, camera, Wi-Fi and IMEI number.
It also wants to view network locations, reorder running apps, run at startup, change audio and display settings and get full network access. Linares said some of this data could be the starting point for a phone to be cloned and that even with the minimum permissions, sent the IMEI back.
Read more: Who are China’s tech giants?
Other researchers noted on Twitter that the code included in the application also sought to see whether an iOS device was jailbroken.
Jonathan Zdiarski, who found WhatsApp left traces of deleted posts that could easily be recovered, said the iOS version exhibited similar behaviour and found some prohibited App store code. However he was not too alarmed, claiming that many other free apps sought to obtain as much information as possible to sell it to marketing agencies.
“Meitu is a throw-together of multiple analytics and marketing/ad tracking packages, with something cute to get people to use it,” he said on Twitter.
“Meitu is just par for the course crapware with ad tracking. Just. Like. Thousands. Of. Other. Apps.
“A few App Store infractions doesn’t make an app malicious. As many third party libraries in use here, could be just poor programming.”
Experts say the application doesn’t appear to do anything too malicious, but highlights the risk of using software that demand excessive permissions and use significant amounts of ad trackers.
Meitu was established in 2008 and its applications have been activated on more than 1 billion devices. At the time of writing, it was the 17th most popular free iOS app on the UK App Store.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…