
Popular Selfie App Sending User Data to China, Researchers Say - bootload
https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/
======
niftich
This story has been circulating and has been rehashed by different publishers.
A different one from Wired was posted three days ago here on HN and it didn't
get much traction, but I did write a scathing comment [1] which, after reading
_this_ article, is perhaps even more relevant here.

To summarize what I said there, it's quite hypocritical that the app's
_Chinese_ nature is played up while spreading FUD, while western apps get an
implicit free pass, despite collecting comparable info. It's extremely
disingenuous to spread the fear about the sinister uses of the data, while
then quoting a security researcher who says that it's probably just run-of-
the-mill adware.

The Wired article mentioned this app may have been a Google program that seeks
to promote viral apps, but hasn't followed up with a response from Google
since it's been posted.

All in all, this reporting is fearmongering at best and is a malicious kind of
clickbait, that doesn't provide substantive evidence while causing
reputational harm to a third party.

[1]
[https://news.ycombinator.com/item?id=13441570#13441675](https://news.ycombinator.com/item?id=13441570#13441675)

~~~
Markoff
is there such thing as closed sourced Chinese app which ain't shady? i am yet
to see one after years spend in China

i hope everyone already switched from shady SuperSU to PHH superuser

only Chinese apps which can touch my phone would be open source

------
cjensen
The media really likes to take it to 11 when security researchers find issues.
In this case, it looks like the App is sending lots of identifying information
about you for advertising purposes.

Is that Evil? Yes. Is that done all the time in lots of apps and websites?
Yes. Do I wish advertisers would stop being idiots and assuming that these
practices improve advertising effectiveness? Yes. Is this a serious security
threat? Probably not.

~~~
noobermin
Regarding that the data is for advertizing, that is stated in the article...by
both experts they contacted.

~~~
cjensen
Yep, and I appreciated that they included those quotes. While "sending data to
China" is literally the same idea, it kinda implies more sinister than it is.

------
flashman
Do any popular Western apps collect the same range of data? I won't install
the Facebook app because I don't really trust it. Wouldn't be surprised if
they were suggesting friends based on Wi-Fi access points we're both nearby.

~~~
wjossey
Yeah. Sorry to tell you, but nearly every app you have installed, even if they
don't have active advertisements in the app, likely has attribution software
installed in their app which they used for any user acquisition.

This data is then fed to ad networks who help run these campaigns, which then
use this data to better hone in on ads to show you later on. It's unlikely
that the app is sending anything other than "user123 installed the app", but
one never knows without inspecting the packets. This data is "mostly"
harmless, but I respect the fact that many users are unaware just how many
companies have profiles built out about them.

Not being a historian of this sort of stuff, it's my presumption this is just
a modern form of what large retailers would do with loyalty programs back and
store credit cards. The data was far more siloed and less likely to be leaked
to third parties, but one was still being tracked none the less.

Qualifications: 4+ years in ad tech.

~~~
Markoff
and that's why i use network firewall (AFwall+ is the best option) for apps
where network access ain't main functionality

------
ffggvv
If it were sent to the US it would be ok! /s

~~~
ffggvv
just kidding. china and russia actively block american sites because of this,
but manchurian candidates seem eager to defend them and blame the US when we
suggest the same.

~~~
StrLght
In Russia it's mostly not like that. If this information is depersonalized
(eg. IMEI) then everything is fine. But if you store something "personal" (eg.
names with phones) then you have to store it on server located in Russia.

------
willstrafach
This is mostly the same information collected by American and other apps as
well. It is not exclusive to Meitu.

------
est
Title should be changed to:

> MEITU, A CHINESE-made Popular Selfie App Sending User Data to China,
> Researchers Say

These researchers are really disgusting, making everything political driven,
the Chinese government are using the exact same excuse to ban "Western
websites".

~~~
bootload
thx @est, can't missed the window.

------
jmnicolas
Here's another article title that we could talk about :

"Popular operating system sending user data to US, researchers say."

