A backdoor to China?
One must sacrifice for beauty, but this is going too far: An app called Meitu will let you create a pretty picture of yourself—but only if you send a boatload of your personal information to China.
The app has been popular in Asia for years and is now sweeping North America. The app invites users to upload a selfie and then applies a series of transformations such as slimming and smoothing the face as well as applying cosmetics.
The results are stunning. My colleague, Daniel Bentley, for reasons known only to himself, used Meitu and then agreed to share the photo with the rest of us. He’s a fine looking fellow, but after his transformation, he looked like this:
But while Meitu may seem no like more than a fun vanity project, security research Greg Linares has pointed out on Twitter, the app also gobbles up a staggering amount of personal information from your phone.
While many apps may request access to your contact list or camera, Meitu sucks up a whole lot more than that. For instance, it extracts information about users’ location and phone calls as well as Internet and Wi-Fi activity:
There is no evidence Meitu needs all this extra information to function and, as Linares notes, its Chinese provenance means all that user information is likely landing in the lap of that country’s government.
Computer scientists Jonathan Zdziarski described the app this way:
Zdziarski added on Twitter the iOS version of the app is less intrusive than the Android one thanks to Apple’s security features.
Get Data Sheet, Fortune’s technology newsletter
The app’s overall behavior, however, should be enough to make anyone think twice about using it. Its data gobbling is similar to a line of low-end cell phones sold in the U.S. that researchers found to contain a backdoor that sent data to China every 72 hours.
As for my colleague Bentley, he was not fazed by the data threat posed by Meitu.
“Totally worth being tracked by the People’s Republic,” he said of his selfie.