But it's on the App Store....

By lance on January 21, 2017 2:00 PM | 3 Comments

I have a great idea! How about I let China know everything about me so that I can look googly-eyed on my selfie.

Security of your person and privacy is and always has been your job. It's a silly request, but I'd ask that people start taking that job seriously. Especially if you're one of the special ones who demand access to the company network on your own device.

Things you should think about before installing anything:

1. Do I really need this application?
2. What do I know about the people who wrote this app?
3. If I install this app, do I know what it is really doing?
4. Is there anything past, present or future that I wouldn't want Russia, China, the kid down the block or the mafia to know about me on this device?
5. If it requires a network connection, where and who in the physical world am I giving that information?

A Chinese app which allegedly makes selfies look more attractive—or more like an anime character, at any rate—has a dark secret: it demands permissions for far more personal data than it needs, including users' IMEIs, phone numbers, and GPS coordinates. Meitu, an app which has been out for years on both iOS and Android in China, has shot to fame outside the country in the last few weeks, due to the "beauty" filters it can apply to people's selfies. Among other functions, it can sharpen people's jaws, put a sparkle in their eyes, and smooth out and lighten their skin.

The result? Meitu-filtered pictures are suddenly everywhere. The backlash, however, has been just as swift.

Almost as soon as infosec bods became aware of it, they found numerous serious privacy flaws and avenues for potential leaks of personal data. One eagle-eyed researcher found the Android version of the app asked users for dozens of intrusive permissions, and sends the data to multiple servers in China—including a user's calendar, contacts, SMS messages, external storage, and IMEI number.


Megaviral Meitu