This story has been circulating and has been rehashed by different publishers. A different one from Wired was posted three days ago here on HN and it didn't get much traction, but I did write a scathing comment [1] which, after reading this article, is perhaps even more relevant here.
To summarize what I said there, it's quite hypocritical that the app's Chinese nature is played up while spreading FUD, while western apps get an implicit free pass, despite collecting comparable info. It's extremely disingenuous to spread the fear about the sinister uses of the data, while then quoting a security researcher who says that it's probably just run-of-the-mill adware.
The Wired article mentioned this app may have been a Google program that seeks to promote viral apps, but hasn't followed up with a response from Google since it's been posted.
All in all, this reporting is fearmongering at best and is a malicious kind of clickbait, that doesn't provide substantive evidence while causing reputational harm to a third party.
The media really likes to take it to 11 when security researchers find issues. In this case, it looks like the App is sending lots of identifying information about you for advertising purposes.
Is that Evil? Yes. Is that done all the time in lots of apps and websites? Yes. Do I wish advertisers would stop being idiots and assuming that these practices improve advertising effectiveness? Yes. Is this a serious security threat? Probably not.
Yep, and I appreciated that they included those quotes. While "sending data to China" is literally the same idea, it kinda implies more sinister than it is.
okay but it takes it to another level when its taking it to a hostile foreign country with companies that share data with their government. not sure how that's debatable.
did you? " just recently began gaining popularity in the United States." Those are "god damn" american users. so not sure what youre so angry about or if you can't see the point.
it's not a crime but you're saying users shouldn't be informed that their data goes directly to communist hands... i don't think we(americans) need a chinese person to play false equivalence and convince us to allow their communist government to spy on us. especially with how much they rip off our ip. hopefully the new administration will make it illegal. just as german data stays in germany and chinese data stays in china, our data should stay here. if a chinese company wants to come
here let them build a data center here.
> just as german data stays in germany and chinese data stays in china, our data should stay here
Brilliant plan, exact the same like China's policy. That's why the built a wall (Great Fire-Wall) if every other nation follows we can have a nice Balkanized Internet[1] shortly.
Do any popular Western apps collect the same range of data? I won't install the Facebook app because I don't really trust it. Wouldn't be surprised if they were suggesting friends based on Wi-Fi access points we're both nearby.
Oh my, yes, and entire verticals exist to close the loop on what you did when the app couldn't connect in the background for whatever reason (e.g. combining wifi points, other sensor data, and retransmitting when back online and comparing to credit card activity or customer data from participating businesses).
This article is a bit anti-facebook/what-if 101, but may give you some things to look into if you're interested: http://www.salimvirani.com/facebook/
Yeah. Sorry to tell you, but nearly every app you have installed, even if they don't have active advertisements in the app, likely has attribution software installed in their app which they used for any user acquisition.
This data is then fed to ad networks who help run these campaigns, which then use this data to better hone in on ads to show you later on. It's unlikely that the app is sending anything other than "user123 installed the app", but one never knows without inspecting the packets. This data is "mostly" harmless, but I respect the fact that many users are unaware just how many companies have profiles built out about them.
Not being a historian of this sort of stuff, it's my presumption this is just a modern form of what large retailers would do with loyalty programs back and store credit cards. The data was far more siloed and less likely to be leaked to third parties, but one was still being tracked none the less.
just kidding. china and russia actively block american sites because of this, but manchurian candidates seem eager to defend them and blame the US when we suggest the same.
In Russia it's mostly not like that. If this information is depersonalized (eg. IMEI) then everything is fine. But if you store something "personal" (eg. names with phones) then you have to store it on server located in Russia.
> MEITU, A CHINESE-made Popular Selfie App Sending User Data to China, Researchers Say
These researchers are really disgusting, making everything political driven, the Chinese government are using the exact same excuse to ban "Western websites".
To summarize what I said there, it's quite hypocritical that the app's Chinese nature is played up while spreading FUD, while western apps get an implicit free pass, despite collecting comparable info. It's extremely disingenuous to spread the fear about the sinister uses of the data, while then quoting a security researcher who says that it's probably just run-of-the-mill adware.
The Wired article mentioned this app may have been a Google program that seeks to promote viral apps, but hasn't followed up with a response from Google since it's been posted.
All in all, this reporting is fearmongering at best and is a malicious kind of clickbait, that doesn't provide substantive evidence while causing reputational harm to a third party.
[1] https://news.ycombinator.com/item?id=13441570#13441675