A hot selfie app called Meitu turns users into anime characters, but its popularity has also sparked some scrutiny into its data collection practices.
As Meitu became viral, it drew a great deal of attention and it didn't take long before it went under the microscope and its practices started being questioned. The internet was abuzz with reports that Meitu compromises user privacy, collecting way more data than it should.
Meitu Denies Allegations Of Selling User Data
The Meitu selfie app requires a questionable number of permissions, including access to one's phone number and location, and permission to run automatically at startup. On iOS, meanwhile, the app even checks which carrier's network is in use, and whether the device is jailbroken or not.
That's quite an amount of detail Meitu is collecting, which automatically made everyone suspicious regarding the app's real purpose.
However, Meitu claims that while it does indeed collect a lot of data, it's not selling it. The real reason for the extensive data collection is apparently the fact that Meitu has its headquarters in China, where tracking services from app stores such as Google Play and Apple's App Store are banned.
As a workaround, Meitu uses a mix of in-house and third-party data systems - not to profit from the collected user data, but to ensure that the user data it collects is consistent.
"Furthermore, the data collected is sent securely, using multilayer encryption to servers equipped with advanced firewall, IDS and IPS protection to block external attacks," a Meitu spokesperson tells CNET.
What's With All The Meitu Permissions?
The company also explains some details about Meitu's data collection practices, such as why it asks for certain information. On iOS, Meitu doesn't require any permissions that it's not allowed to require based on Apple's terms and guidelines for developers. It asks for carrier details so it can better handle geo-based features and ad placements, and enquires about jailbreaks because it's using a software development kit from Chinese app WeChat to share content, and the SDK requires jailbreak detection.
According to the company spokesperson who spoke to CNET, the permissions not only ensure proper ad tracking, but also protect against illegal API usage.
When it comes to the permissions it requires on Android, the company explains that Google Play is blocked in China, which means that Meitu can't offer push notifications. To solve this matter, Meitu relies on a third-party notification service that requires the app to run at startup.
Launching a global version of Meitu with Google Play services is not an option because Meitu is based in China, where it doesn't have access to push notifications and tracking services.
All in all, Meitu doesn't deny that it asks for a lot of permissions, but it's pointing the finger at China's restrictions as the root cause for the extensive data collection. On the bright side, Meitu says it's not selling user data. On the downside, don't hold your breath for an international Meitu version that would snoop less.