Meitu, A Viral Selfie App, Brings Mobile Security to the Forefront

Over the past week, a viral app that transforms selfies into anime characters has gotten a lot of attention over security concerns. Meitu, a Chinese Android and iOS app that has been around for several years has recently caught on in North America. While seemingly harmless, experts have found that the app asks for permission to access information about a user that isn’t necessary to its function. While many apps request access to a variety of information, responsible ones typically limit these requests to information that’s necessary to the app’s functionality.

While Android users should be more wary of Meitu than iOS users, the amount of data the app collects is still a bit alarming. Information such as location, mobile carrier information, SIM card information, and a number of personal identifiers are collected. Some of these personal identifiers can even be used to spoof your device and hijack your accounts. The company behind Meitu has said that it uses this data for marketing purposes but the question of how secure this information is once it’s in the company’s hands remains, especially since we’ve seen even the largest, most reputable services hacked in recent years.

Meitu has come under scrutiny for this past week but it’s not the only app that unnecessarily asks for more information than it needs. As such, it’s important for users to remain vigilant when downloading new and popular apps. As a first step, I recommend asking yourself if the app you’re downloading is something you’ll use in the long run or if it’s a passing fad. If it is a fad, you might consider not going through with the download. If you decide to download the app, pay attention to what kind of permissions it reqeusts. Depending on whether you use an Android or iOS device, this might look a bit different.

iOS


On an iOS device, you won’t be able to see what permissions an app requests before downloading it. However, once you launch the app a number of prompts will ask you for permission to certain information and functionality. For example, you might be asked if you wish to give the app access to your GPS location or your camera. While going through these prompts, make sure to ask yourself if the permission requested makes sense to the functionality of the app.

In Meitu’s case, it might make sense to give it access to your camera but giving it access to your GPS location isn’t essential. Another strategy is to refuse all permissions and begin using the app, if it can’t perform a function because of its limited permissions, you’ll receive a prompt letting you know the specific permission it needs for the task you’re trying to perform. At that stage, you can decide if you’re comfortable with the way the app works.

Android


On Android phones, the process is a little different. For starters, you’ll be able to see the permissions an app requests in Google Play before you download it. However, once you’ve downloaded the app the permissions are automatically granted. That being said, in the most recent versions of the Android operating system, you can edit permissions in the main Settings app.

The bottom line? Your mobile devices hold a lot of personal information and it’s important to be vigilant in order to protect yourself from identity theft and other attacks. When downloading new apps, consider if you’re comfortable with the permissions they request and limit their access to information that isn’t necessary to their functionality. Don’t be afraid to revise permissions after you’ve granted them either.

By Mike Agerbo

January 24, 2017