The anime-styling selfie app Meitu has exploded in popularity recently, then someone got to wondering why it was asking for so many permissions. It turns out the app is grabbing your IMEI and MAC address and sending them to a server in China. People were understandably concerned, and now Meitu has issued a statement meant to assuage our fears. It kind of doesn't, though.
The statement provided to Cnet notes that Meitu is based in China, which we knew. However, this means it cannot use the anonymized user tracking in the Play Store (this part makes sense). Therefore, it's using IMEI/MAC as a unique identifier. This ID is used to track user data and ad placement. It goes on to talk about how secure its servers are, saying, "...the data collected is sent securely, using multilayer encryption to servers equipped with advanced firewall, IDS and IPS protection to block external attacks."
So, that's an explanation, but I don't think it's necessarily a good one. It doesn't explain why Meitu would use this data when it could generate unique IDs in other ways. The effort to point out how secure its servers are seems weird too. Sure, they have identifying data about you, but it's really safe. Okay.
It seems more likely this has something to do with new Chinese regulations that require app developers to be able to track data back to an individual user. I guess what we can take from this is that Meitu probably isn't selling your data, but it's not being upfront about why it has your data in the first place.