If you hadn’t heard of Meitu before this week, you aren’t alone. In the last couple of days, though, the Chinese photo filter app has exploded on social media and soared into the list of top iPhone apps.
The iOS and Android app can be lots of fun, letting you turn your selfies into anime-style cartoon caricatures. It’s similar in premise to Snapchat’s face-distorting lenses or the masks that Facebook launched this year. (People love those products, too. Remember the puking rainbow selfies?)
But beware: It sounds like the app, particularly the Android version, seeks excessive permissions, including access to your phone’s GPS and other data. Security researchers are concerned about what Meitu intends to do with all the data it is collecting, since clearly they don't need location data to make your face all sparkly.
Take a look at the entire list of permissions from the the Meitu app. pic.twitter.com/AkSw2Z50T7— FourOctets (@FourOctets) January 19, 2017
I wrote a thing on Meitu's use of IMEIs. tl;dr: it's not unusually bad, and it needs fixing at the industry level https://t.co/1tEgEWgAHn— Matthew Garrett (@mjg59) January 19, 2017
Others have been criticizing the basic premise of the app, noting it makes people of all skin tones much whiter.
Of note: the Meitu app removes nearly all traces of melanin from ones skin.— EricaJoy (@EricaJoy) January 19, 2017
We tried to reach out to Meitu via their website but couldn’t get a message to go through. We also sent them a message on Facebook asking them to clarify the types of data they collect from users and why. We’ll update if we hear back.
Update: Meitu released a statement about its data collection on Friday:
“Meitu’s sole purpose for collecting the data is to optimize app performance, its effects and features and to better understand our consumer engagement with in-app advertisements. Meitu DOES NOT sell user data in any form...Data collected is sent securely, using multilayer encryption servers equipped with advanced firewall and IDS, IPS protection to block external attacks.”
According to the company’s website, Meitu’s parent company, which goes by the same name, creates a number of different photo apps, has more than 450 million monthly active users and has raised $360 million in venture funding.
So while it’s new to the scene in the U.S., Meitu has been been big for some in China. The app typically garners 100,000 to 200,000 iOS downloads per day there, according to data company Mobile Action. The Android version has between 10 million and 50 million installations, according to Google.
But it wasn’t on the radar here until the past few days, and it’s not super clear why that changed. Before this week, Meitu was getting just a few hundred iOS downloads in the U.S. per day, according to Mobile Action. That has jumped to 100,000 per day in the last couple of days.
Usage has spiked in China as well, rising to a million iOS downloads on Jan. 14, before returning to 300,000-400,000 the past couple of days. So while Meitu is definitely having its moment, you might want to be careful about participating in it.
The truth is, we need federal protections from predatory apps like Meitu. It's not just a consumer issue, but a national security issue.— Brianna Wu (@Spacekatgal) January 19, 2017
Update: Stephen Colbert isn’t worried.
This article originally appeared on Recode.net.