It has been discovered that Meitu, a popular Japanese anime-inspired app that gives you or your favorite celebrity an anime makeover, is sending key information about iPhone back to China. The app was recently ranked as high as 13th in the iOS App Store and is made by Chinese developers Xiamen Meitu Technology. The Android version of the app is equally popular.
Security researchers have discovered that Meitu has been collecting all sorts of key information about the device it is installed one and sends that information back to China which is then probably sold to advertisers. The Android app is particularly notorious as it seeks access to one’s GPS location and even IMEI number, though the iOS version of the app has also been discovered to make use of some undocumented APIs and code that violates App Store rules to load frameworks. In addition, it also collections other information like the cellular network the iPhone is connected to and creates a unique device identifier based on your iPhone’s MAC address. For some reason, the app also checks if your iPhone is jailbroken or not.
Welp, Meitu definitely has a number of different checks to see if your iPhone is jailbroken… pic.twitter.com/XSbKqDKgqX
— Jonathan Zdziarski (@JZdziarski) January 19, 2017
Since the accusations were levied on Meitu, the company has issued an official statement explaining its stance. The company says that the data collection code found inside its app is due to a new law from the Chinese government that requires app makers to be able to uniquely identify each of their user. It also adds that it cannot use data collection services from Apple (or Google) because they are banned in China. As for jailbreak detection, the company says it is a part of the check by the WeChat SDK it uses for sharing photos generated through the app.