Viral Chinese Selfie App Meitu, Valued at Over $5 Billion, Phones Home With Personal Data (theregister.co.uk) 81
The Meitu selfie horrorshow app going viral through Western audiences is a privacy nightmare, researchers say. The app, which has been featured on several popular outlets including the NYTimes, USA Today, and NYMag, harvests information about the devices on which it runs, includes invasive advertising tracking features and is just badly coded. From a report: But worst of all, the free app appears to be phoning some to share personal data with its makers. Meitu, a Chinese production, includes in its code up to three checks to determine if an iPhone handset is jailbroken, according to respected forensics man Jonathan Zdziarski, a function to grab mobile provider information, and various analytics capabilities. Zdziarski says the app also appears to build a unique device profile based in part on a handset's MAC address. "Meitu is a throw-together of multiple analytics and marketing/ad tracking packages, with something cute to get people to use it," Zdziarski says. Unique phone IMEI numbers are shipped to dozens of Chinese servers, malware researcher FourOctets found. The app, which was valued at over $5 billion last year due its popularity, seeks access to device and app history; accurate location; phone status; USB, photos, and files storage read and write; camera; Wifi connections; device ID & call information; full network access, run at startup, and prevent device from sleeping on Android phones.
Da fuq?!! (Score:2, Funny)
Selfie app valued at $5 billion? *head asplodes*
Re: (Score:3)
And it's called "Meitu",
Please tell me that's not pronounced "Me Too" (although that would be the perfect name for a narcissistic selfie app.
Re: Da fuq?!! (Score:2, Insightful)
I read it as "My Too"
Re: Da fuq?!! (Score:5, Funny)
Yeah, me too
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re:Da fuq?!! (Score:4, Interesting)
Isn't Snapchat valued at ~25 billion?
Yep. And people don't think this dotcom bubble is going to burst anytime soon either. Then you've got stuff like Uber valued at ~68B, and blowing through 2-7B/quarter in losses. Think on that one, at 68B, they have a higher market valuation then the big-3(GM, Ford, Chrysler) automakers. And they manufacture physical products, own their own credit financing divisions.
My guess? We'll see that pop around the time that Canada's housing bubble pops. And anyone who thinks Canada isn't due for a massive housing price correction doesn't realize just how bad it is here. Here's a good kicker too, in Vancouver one of the really overly priced markets. The provincial government sets property taxes based on the "possible future valuation" of your property. [theglobeandmail.com] There's people in industrial areas, who are going to see their property taxes go from $160k to over $1m this year and are looking to get the hell out.
Re: (Score:1)
The market might be like Austin, where the values are increasing because people from other countries are buying. Austin's values are shooting through the roof because of foreign investments, and those are not leaving anytime soon.
Re: (Score:1)
And yet it's still better than living in most of the shitburg small towns in Texas.
Re: (Score:2)
That's exactly what it is. It's not happening in just a few places, if you want to see how bad this gets, look at Vancouver in Canada, or Victoria in Australia. Housing prices are way-way-way above what the average person can afford. In the case in Vancouver something like 60% of them are empty as well. It's so bad, that they instituted a "foreign buyers tax" to try and stop it from happening. It's worked, kind of but not very well. If anything it's simply pushed the problem to other markets. Even he
Re: (Score:2)
Foreign ownership numbers in Toronto are relatively low. A lot of things you're saying are kinda the super simple story version of reality ..
Re: (Score:2)
Nobody cares whether bubble or not because of the gigantic growth in SV. Even if some valuation is overpriced, the company is expected to outgrow it, which is precisely the reason why its so overpriced in the first place. Uber is the Amazon of the taxi industry, and Amazon in fact survived the first dot com bubble.
These companies expand into a gigantic market with almost no competitors (and with a regulatory body that allows deals like the one struck in China where they simply gave up competing) and therefo
Blame China! (Score:1)
It's almost as if this story doesn't want to admit the NSA is also doing the same thing?
Re: (Score:2)
I'm not worried about NSA or the Chinese government nearly as much as I am worried about corporations. While a government agency may or may not have good or bad intentions, in varying degrees, we know the concern of corporations is purely how much they can squeeze out of people. There's not even a chance that they have your best interest at heart. If they can get your data, and that data even gives them a microscopic push towards higher profits, they will collect and use it.
American, Chinese and Russian
Re: (Score:2)
There's not even a chance that they have your best interest at heart.
If they didn't have our best interest at heart, why would they give us this application for free? Surely you don't mean to imply that even free apps are financially motivated!
TANSTAAFL. Some people miss this. If somebody's giving something away for free, find their angle.
Re: (Score:2)
Most corporations exist to earn a profit, and if you're the customer instead of a product, and if there's a healthy market, they at least have to compete for your business. Things tend to get screwed up when you're the product instead of a customer (when anything is *free* from a corporation, watch out), or when there's no real competition (cable/ISPs), then things tend to really go bad.
It also really depends on how they go about making that profit. Done well, it's a mutually beneficial transaction in whi
Re: (Score:2)
It's almost as if this story doesn't want to admit the NSA is also doing the same thing?
Nah, it's SOP. Of course it's worth that much specifically because it steals all your data.
If Microsoft does it, it must be good! (Score:1)
Re: (Score:1)
Outside of Spotlight suggestions, which can verifiably be disabled, how does macOS phone home exactly?
Re: (Score:2)
Get Little Snitch and watch as ** every ** app sends data to anywhere and everywhere. Adobe and Autodesk manage to try to talk to more than a dozen servers each. Some are needed for authorization (it is 2017 after all, can't just sell the software) and some are needed for who-the-hell-knows.
Even good ol Apple itself wants to talk to your little un-PC.
How is Apple responsible for what Adobe, AutoDesk, et al, do?
And I notice that you are, of course, quite vague with regard to Apple's activities in this area, as you cannot actually cite verifiable examples, instead just disparaging them with a ridiculous, snarky little comment at the end.
Re: (Score:1)
xPrivacy used to do exactly that, but it (and the XPosed framework) seems not to have been updated in years.
We deserve what we get. (Score:2, Insightful)
"...includes in its code up to three checks to determine if an iPhone handset is jailbroken..."
When the code looks to sniff out less-than-legitimate activity, it tends to make you wonder who paid them to write it.
"Meitu is a throw-together of multiple analytics and marketing/ad tracking packages, with something cute to get people to use it.
At least we're finally being honest about what it takes to grab the attention span of the average idiot consumer.
As ignorant as people are about privacy and security, I'm starting to believe we deserve what we get when it comes to solutions.
Re: (Score:1)
Re: (Score:2)
It helps when MSM like the NY Times legitimizes and promotes the spyware app. The consumer feels he can trust what the Journal of Record endorses. Until either the Times tech editor learns about security or all trust in the Times is eroded, the journalists need to bear some blame that you've assigned the idiot consumer.
I would agree in assigning burden. The journalists working for the MSM are also part of the same group of idiots. The main difference is the additional factor of greed, since they get paid to promote ignorance and falsehoods. Dumb as a fox? Perhaps. This might also explain how so much fake news has managed to "leak" into MSM. They get paid to promote facts or bullshit, since all it takes to generate revenue is hype these days.
That said, how did this pass Apple's App Store vetting? Isn't the point of walling off the garden to prevent shit like this?
Since part of the code was specifically designed to sniff out jailbroken iPh
Re: (Score:3)
A Meitu spokesman actually replied to the ArsTechnica article on this:
http://arstechnica.com/securit... [arstechnica.com]
Since they're a Chinese company, they have to collect their own user data since they don't have access to user data from the Apple / Google stores. So they likely have less info about you than most Western app devs.
I installed Meitu on an Android 7.1 device yesterday. It only asks for device permissions as it needs them. I denied giving it access to my phone functions and the app works fine without that
Damn copycats (Score:2)
Typically Chinese, they can't come up with anything themselves, all they can is copy our successful products!
Regulation (Score:2)
Not so much for iOS (Score:3)
It's worth pointing out that iOS doesn't allow apps to access the MAC, IMEI or any other persistent unique ID field (for just this reason). There is a unique ID field designed for apps to use for device identification but it is generated by the device on a per application basis, so it cannot be correlated with other apps. It also changes if you reinstall the app. Both of these facts make it fairly useless for nefarious purposes.
Re: (Score:2)
It's worth pointing out that iOS doesn't allow apps to access the MAC, IMEI or any other persistent unique ID field (for just this reason). There is a unique ID field designed for apps to use for device identification but it is generated by the device on a per application basis, so it cannot be correlated with other apps. It also changes if you reinstall the app. Both of these facts make it fairly useless for nefarious purposes.
Good point!
Well (Score:2)
Re: (Score:3)
I'm not a millennial so I'm behind the times when it comes to apps. I've never heard of this Chinese Communist selfie app but it doesn't take an app to do a selfie. You've got an Android or iPhone builtin app to do it for you. It even lets you easily share it to Facebook. Who the hell really needs an add-on selfie app?
because of filters and stickers and editing stuff
Re: (Score:2)
I'm not a millennial so I'm behind the times when it comes to apps. I've never heard of this Chinese Communist selfie app but it doesn't take an app to do a selfie. You've got an Android or iPhone builtin app to do it for you. It even lets you easily share it to Facebook. Who the hell really needs an add-on selfie app?
because of filters and stickers and editing stuff
IOW, stuff that should only be of interest to anyone 12 years old and under, and then, only for about a week.
Re: (Score:2)
No surprises here (Score:1)
Should anyone be surprised about something like this?
Certainly the PRC has realized that the various spook+corps around the globe pay for dirt
Firewalling? (Score:2)
All permissions is the default with Chinese apps (Score:2)
What do you think ... (Score:2)
... why they are valued $5 billion?
Why am I not surprised? (Score:1)