Every once in a while, you might wake up and see everyone playing the same new smartphone game/app, much like in The Next Generation. Meitu is a bizarre Chinese photo app, that applies various filters and 'enhancements' to pictures of yourself and others. In just the past few hours, it has received massive coverage online. While the app is certainly fun to mess around with, several users have pointed out that the application is sending a massive amount of user details to external IP addresses.
When using an Android device, it's a good idea to look at what permissions the app asks for. Meitu's APK manifest asks for no less than twenty-three permissions, including full network access, the ability to change settings, exact location, MAC address, local IP, and more (here's a pastebin we uploaded if you're curious).
Twitter user @rekrom12 found that MTAnalyticsAdLogEntity.java inside the APK contains code for sending several details about the device for analytics. This includes the device's model, resolution, Android OS version, MAC address, IMEI, and more. We have confirmed this as well.
In addition, user @FourOctets intercepted the app's network activity, linking it to several Chinese IP addresses. It's worth noting that we have not confirmed this ourselves, only the presence of analytics code.
— FourOctets (@FourOctets) January 19, 2017
In summary, you really shouldn't download Meitu unless you don't mind having spyware. The funny and somewhat-disturbing selfies aren't worth it.