When Shanghai Adups addressed concerns that the kernels it was providing phone seller BLU enabled the software vendor to vacuum private user data into its Chinese servers, the company said that there was a misunderstanding — that the US-bound software shouldn’t have made it over the Pacific and that the practice was more accepted in China.
BLU denies that it was all just a “misunderstanding,” but there can be no misunderstanding when it comes to one Chinese selfie-focused company, Meitu. It produces smartphones if only to show off how much you can do in its selfie camera app.
Plenty of people recently had a field day (or two) testing out Meitu’s new standalone selfie app here in the states. Fun as it may be, security concerns were struck up pretty quickly.
On installation, the Android app was asking the user to grant 23 permissions for actions like changing settings, IP and MAC and to install apps altogether. Android Police reports that there’s also script in the .APK that reports aspects of the device like OS version, MAC, IMEI and others to an external source.
One Meitu user was able to intercept one of the reports and found that the data was going to China-based IP addresses.
— FourOctets (@FourOctets) January 19, 2017
The worry’s there, of course, for black hats to take advantage of the Swiss cheese nature of the app. But really, we should be asking you if you trust Meitu with your location data? After all, any given Chinese company claims to be using this data (all of it, apparently) to improve your experience with the app. Then again, who knows what it could actually be used for.