Meitu, an app that combines facial recognition with anime-like filters, is the most recent selfie craze to make rounds across social media and is making hit on Apple's charts.
The free photo-editing app, which is available both on iOS and Android, will allow users to turn their selfies into anime-style cartoon caricatures. It works similarly like Snapchat's face-distorting lenses and Facebook's masks, the Recode noted.
But before non-users think of jumping on the bandwagon, security experts are giving some warning as Meitu is reportedly acquiring more data than what is necessarily required for a conventional photo app. Tech Crunch reported it contained some alleged "sketchy code."
While it is normal for photo apps to seek permission to access the phone's camera and camera roll, Greg Linares, a security researcher, noted that the Android version of Meitu wants to access beyond those realm and would include sensitive data such as what other apps that are running; current and precise location; unique device identifier numbers (IMSIs); call information; carrier information; and Wi-Fi connections.
Apple users, on the other hand, are facing the same requirements, but the company has initiated steps to prevent apps from obtaining users' IMSIs, Jonathan Zdziarski, a forensic expert, said. He also added that some of Meitu's code are prohibited under Apple's data collection regulations.
"The iOS version is extremely tame with regards to analytics collection... Additionally, many are saying that the Android version is more invasive... I think it's very good that a discussion has been started though, and I hope it will encourage infosec folks to crack open more apps and see what they do," Will Strafach, Sudo Security Group's president, said.
In response, a Meitu spokesperson told Tech Crunch "I'd like to assure you that we work closely with Apple and Google on every product release and we follow privacy policies rigorously. I tend to think our engineers are smart enough and don't have to use stolen codes."
It should be noted, however, that Meitu is not the only free app that requires users to divulge information more than necessary for its core functions. Such sensitive information are usually sold to marketers or repurposed to monetize.
Meitu was developed by a start-up developer and smartphone maker from Xiamen that shares the app's name, the International Business Times reported. It recently raised $629 million on its latest IPO in Hong Kong and its market valuation now stands at $4.6 billion.