Meitu is one of Google Play's "Sand Hill" apps, part of the company's accelerator for apps with "viral potential" -- take a pic of yourself and Meitu will make you over to look like an anime character, and all they ask in return is every salient fact about you that can be gleaned from your mobile device.
Meitu rolls in a bunch of off-the-self analytics tools that ask for a really wide variety of permissions that are not needed to provide the app's services: GPS location, cell carrier, wifi connection, SIM card ID, jailbreak status, and personal identifiers for cross-web tracking.
It's the modern successor to 2014's privacy invading flashlight apps, which marked the first time that the mainstream began paying attention to the privacy grabs in "free" apps.
To protect yourself, Android users should check the list of requested permissions before downloading an app, and can use the operating system’s granular permissions options to control what each app can actually access. Users can also change their minds and revoke permissions they once approved. (Older versions of Android have a bit less flexibility, so update if you can.) In iOS it’s harder to see in the App Store what permissions an app will require, but iOS also offers detailed controls in Settings, and actively prompts users the first time an app attempts to access something, like the microphone, to request opt-in permission.
It’s no fun letting a meme pass you up because you’re worried about privacy, but it’s even worse to have your personal data taken for who knows what without you realizing it. Meitu may not be an outlier in the world of adware-bundled apps, but its popularity provides a useful teachable moment. Like a fantastical anime makeover, free apps often look snazzier on the surface than what’s hiding underneath.
Meitu, a Viral Anime Makeover App, Has Major Privacy Red Flags [Lily Hay Newman/Wired]
In a new paper for IEEE Security, a trio of researchers (two from Cambridge, one from private industry) identify a de-anonymizing attack on Iphones that exploits minute differences in sensor calibration: an Iphone user who visits a webpage running the attack code can have their phone uniquely identified in less than a second, through queries […]
The DOJ has indicted three former Verizon and AT&T employees for alleged membership in a crime-ring known as the "The Community"; the indictment says the telco employees helped their confederates undertake "port-out" scams (AKA "SIM-swapping" AKA "SIM hijacking"), which allowed criminals to gain control over targets' phone numbers, thereby receiving SMS-based two-factor authentication codes.
While 5G mobile networks promise to provide tremendous wireless speeds with low latency, they may also make it more difficult for meteorologists to provide weather forecasts. That’s because 5G’s neighboring frequencies are used by satellites that detect water vapor in the atmosphere, data that informs weather models used by meteorologists. From Nature: Astronomers, meteorologists and […]
Need to upgrade your sound? Bluetooth technology has never been better, but that’s not the only reason to look into a new set of speakers or headphones. We found ten pieces of audio gear that are already on sale, and you can take an additional 15% off the final price for Memorial Day weekend by […]
Trying to earn a promotion? Memorial Day weekend might be a good place to start. There are tons of e-learning packages that can help you build professional skills a lot quicker (and cheaper) than any technical academy. Whether you want to earn IT certifications, learn to code, become a designer, or anything else, these comprehensive […]
If you’re into tools or gadgets, Memorial Day weekend is your Christmas. Take an extra 15% off the final price of these DIY accessories – all of which are already on sale – by entering the promo code WEEKEND15. LUXJET Universal 24-in-1 Magnetic Screwdriver Set & Repair Kit This small but sturdy kit won the […]