Selfie lovers are going crazy for Meitu, an app based in China that applies filters to portraits to make them look eerily like anime characters. However, some experts have raised concerns that Meitu takes too much personal information — a lot more than should be necessary for a selfie app to function. Filters that turn your selfie into a beautiful anime mermaid? Adorbs. An app that collects unnecessary data from your profile? Er, not so cute. For its part, Meitu has stated that it does not sell user data. (Bustle has reached out to Apple for comment and will update upon reply.)
Although it’s been available in China for years, Meitu has only recently gone viral in the United States. The app allows users to apply a variety of dreamy filters to images of faces. These filters can do everything from adding a bit of virtual makeup to converting a selfie into a full-on anime character, with large, liquid eyes, glossy skin, and lots of sparkles.
Meitu is free to download, but some security experts are asking if the price users pay in data access is too high. It’s not uncommon for apps to ask permission to access data on users’ phones; often, certain types of apps need data access to function. TechCrunch points out, for example, that a selfie app like Meitu obviously needs access to a phone’s camera and photos. But when users download Meitu, they’re agreeing to a lot more than access to their phones’ cameras. According to WIRED, Meitu accesses “users’ GPS location, cell carrier information, Wi-Fi connection data, SIM card information, jailbreak status, and personal identifiers that could be used to track you and your device across the web.” Um… yikes.
IOS security and forensics expert Jonathan Zdziarski told WIRED that, after analyzing Meitu’s code, he found “mostly par for the course junk.” “ I didn’t see anything overtly evil, but that doesn’t mean there’s not something more serious in there,” he explained. “The thing [that’s noteworthy] is the number of different analytics and ad tracking packages they’ve loaded into the app. I counted at least half a dozen different packages in there. You don’t generally need that many unless you’re selling data.”
Meitu has responded to the controversy by assuring users that it does not sell data and arguing that it requires access to so much data because the app is based in China. In a statement (via PC Magazine), the company claimed,
As Meitu is headquartered in China, many of the services provided by app stores for tracking are blocked. To get around this, Meitu employs a combination of third-party and in-house data tracking systems to make sure the user data tracked is consistent. Furthermore, the data collected is sent securely, using multilayer encryption to servers equipped with advanced firewall and IDS, IPS protection to block external attacks.
Meitu added, “Meitu's sole purpose for collecting the data is to optimize app performance, its effects and features and to better understand our consumer engagement with in-app advertisements. Meitu DOES NOT sell user data in any form.”
Only you can decide whether glossy, bubbly, cotton-candy-flavored selfies are worth giving out access to your personal data. This situation is a good reminder that, whatever you’re downloading, it's important that you take the time to learn exactly what you’re agreeing to.