Additional reporting by Rimantas Leonavičius.

When you download a beauty camera app, you’re probably expecting it to add a makeup or cartoon filter on your face for more interesting selfies, or just to clean up some lower-quality pictures you took.

But in the background, you’re not expecting these apps to scrape and sell your data, plague you with nonstop, malicious ads, redirect you to phishing websites, or even spy on you.



But that’s exactly what some of the top beauty camera apps have been found guilty of doing. Take the #1 beauty camera app, BeautyPlus – Easy Photo Editor & Selfie Camera, with 300 million installs, which was identified as being either malware or spyware. Its developer, Meitu, was suspected of collecting user data in its Chinese servers, and then selling it.



But they’re not the only one. There’s also the app developer iJoysoft, whose apps are connected to malicious adware. Lyrebird Studio, the developer behind Beauty Makeup, Selfie Camera Effects, Photo Editor, was identified by Trend Micro for sending users pornographic content, redirecting them to phishing sites, and collecting their pictures.



3 app developers are also apparently guilty of trying to hide their connection: they seem to be separate developers with separate apps, but we discovered that they are likely run by the same group in China.



I found that one app, Beauty Camera by Phila AppStore, simply went ahead and used my camera, without even asking for camera permission. The app has already been installed half a million times.



These and other apps are still available in the Play store, having been downloaded 1.4 billion times. So what’s the best thing for you to do? Obviously, you don’t need a beauty camera app, so the first thing to do is to delete any suspicious apps from your phone.



Suspicious apps include:

Beauty camera apps that are requesting permissions they don’t need

Apps from unknown app developers, especially free apps

Apps that engage in unethical behavior or show aggressive ads

Again – since you don’t really need these apps, it might be best to completely forego these camera apps, or instead use well-known camera and filter apps like Snapchat, Messenger, or Instagram.

Methodology

In order to perform this research, we analyzed the top 30 results that were displayed on Google Play after searching for the keyword “beauty camera.” In checking the trustability of these apps, we analyzed the following:

The amount of dangerous permissions they’re asking for

The location of the app developers, and the transparency of this location

Any history of malware, spyware, vulnerabilities, or unethical practices

Summary of our results

Our results are eye-opening:

More than half (16) of these apps are based in Hong Kong or China

One app doesn’t ask for permission to use your camera, but turns the camera on anyways – without any permission

Three seemingly separate developers seem to be run by the same group, and may be connected to apps previously found to contain a widely-dispersed Trojan

The top-ranked app developer Meitu, with more than 300 million installs , had apps identified as malware, violating Google’s ad policies, or secretly collecting data

, had apps identified as malware, violating Google’s ad policies, or secretly collecting data One app developer was found to install malware through its software

One app was accused of sending users pornographic content , redirecting them to phishing sites , or collecting their pictures

, redirecting them to , or These apps are requesting up to 7 dangerous permissions, 5 on average, most of which are unnecessary for the app to function

Unnecessary permissions include recording audio , using GPS , and seeing users’ phone statuses

, , and While only a few permissions are required for the app function, one app includes a whopping 40 total permissions

The riskiest camera apps in the Play store

In our investigation into these top beauty camera apps – which have been installed at least 1.39 billion times – we made some interesting discoveries. Let’s look at some of the biggest.

This app used our camera without permission

When we initially analyzed these apps to see what kind of permissions they were requesting, we were surprised to find that only 29 out of 30 apps asked for the CAMERA permission: Beauty Camera by Phila AppStore, with 500,000 installs already, didn’t ask for any camera access.



Intrigued, I installed and launched the app in our testing environment to see whether it was a mistake in our analysis, or if the app simply edited already captured images. We were quite surprised by the actual results:



The app used our camera without even asking for the CAMERA permission.



Let’s state the seriousness here: the CAMERA permission is considered a dangerous permission by Google’s Android policy, and absolutely requires users to agree to those permissions. One reader pointed out that this is achieved by using an Intent to launch the default camera app of the phone, have that photo stored to storage, and then using its STORAGE permissions to access the image. While this is possible, it seems suspicious, considering that the app could simply ask for CAMERA permissions and skip the more tedious process.



When we launched the app, we were immediately met with a full-screen ad. Going to the app’s home screen, we were met with two more ads.

Left: full-screen ad right after launching the app; Right: the app’s home screen with more ads

I then clicked on the camera icon to see what happens – since no camera permissions were required at all. And, let me tell you, I was quite surprised by what I saw on my screen:



My surprised face at seeing my own face

I was especially surprised since I gave no CAMERA permission at all – and the app lists no camera permission in its settings:

No camera permission listed, and no camera permission given

As mentioned, the app accesses the camera when you give it permission to access your storage. We tried to reach out to the app developer to ask their opinion for why they don’t just ask for the CAMERA permission, but unfortunately the email address that Phila AppStore lists on their page just doesn’t work anymore:

One group to rule them all

When looking for the actual location of app developers, we found something interesting:



Three app developers seemed to be from the same group based in China. Even worse, they’re potentially connected to malware previously discovered.



The app developers Coocent, KX Camera Team and Dreams Room are seemingly separate developers with similar app offerings:

These app offerings are pretty similar: camera apps, music or audio apps, flashlight apps, and weather apps. The icons are also quite similar, but after analyzing 30 apps, I discovered that this seems to be part of the app development process.

However, when we looked at the privacy policies for these three developers, we found that they’re all hosted on the exact same domain:

Coocent privacy policy URL:

KX Camera Team privacy policy URL:

Dreams Room privacy policy URL:

The domain hosting these three apps’ privacy policies, aliyuncs.com, is from Alibaba Cloud Computing (Beijing) Co., Ltd.

We can even see the Coocent’s privacy policy extension is named KuXun (a sound similar to Coocent), and which is reflected in KX Camera Team’s name. KX Camera Team has another app, Super-Bright Flashlight, which even has “coocent” as part of its app ID (which is unchangeable after it’s been created):

Then there’s Coocent’s non-active Twitter account, which has some important information you can see right from the search results page:



Those Chinese characters at the end – 中华人民共和国 – translate to the “People’s Republic of China”, the formal name for China.

Because of all that, we believe that the app developers Coocent, KX Camera Team and Dreams Room are all from the same group and they are based somewhere in China.



There’s also the possibility of not just unethical business practices and hiding their actual location, but that this Coocent-KX-Dreams Room group may also have developed apps previously found to be malicious. A ThinkBig/Empresas article [in Spanish] discusses the Xynyin malware family, whose member apps steal users’ sensitive information, download another hidden app file (apk) and secretly installs it.



Included in this malware family is an app whose app ID contains the name “coocent”:

A reputation for maliciousness

The #1 and #2-ranked beauty camera apps, with combined installs of more than 310 million, are known for having been reported as malware or participating in unethical practices.



The top-ranked BeautyPlus – Easy Photo Editor & Selfie Camera was identified by the Indian government as being malware or spyware. The government alerted all military and paramilitary officials to inform their men to delete the listed apps.



This same app was also discovered to be in violation of Google’s advertising ID policies since they track their users more than is allowed. (Another camera app, B612 – Beauty & Filter Camera, with 100 million installs, was also mentioned in the research.) BleepingComputer mentions that these apps collect:



…persistent device identifiers such as serial numbers, IMEI, WiFi MAC addresses, SIM card serial numbers, and sending them to mobile advertising related domains alongside ad IDs.



The app developer behind BeautyPlus is Meitu (China) Limited, which had been called out before for secretly collecting and selling users’ data to companies for better ad targeting. The developer was also blamed for “already sending your phone’s unique identifier (the IMEI) to multiple servers in China.”



Another app developer, Hong Kong-based iJoysoft, has had some of its software connected to malware, either directly or through bundling. Through its YouTube Video Converter software, the VideoConverterHD adware is installed, which can drastically slow down your device’s performance, take over your screen with ads that are hard to close, and possibly inject harmful code in your computer’s registry editor.

Another app developer, Istanbul-based Lyrebird Studio, creator of the camera app Beauty Makeup, Selfie Camera Effects, Photo Editor,was identified in research by Trend Micro to be one of many apps that send users porn, redirect them to malicious phishing sites, or collect their pictures.

Too many dangerous permissions

Most obviously, camera apps will require about two dangerous permissions in order to function: CAMERA (to take pictures) and WRITE_STORAGE (to save your edited images).



What our research discovered, however, is that these apps are requesting an average of 5 dangerous permissions, with one app requesting 7 dangerous permissions.



So what dangerous permissions are they requesting?

1 app wants the ability to scan your contacts list

13 apps want access to your GPS location

10 apps want access to your coarse location (via cell towers and wifi networks)

(via cell towers and wifi networks) 23 apps want access to your microphone

30 apps want the ability to write files to your device

29 apps want access to your camera

29 apps want the ability to read files on your device

It becomes important then to ask why a beauty camera app needs to record audio, track your GPS location, or go through your contacts list.

What these apps want with all your data

When looking at the past problems these app developers have had with data collection, the answer may become very obvious: money.



App developers can make lots of money by selling all your data to advertisers. Location-sharing agreements between app developers and app brokers – where apps can send your GPS coordinates up to 14,000 times per day – can bring in a lot of revenue. With just 1,000 users, app developers can get $4/month. If they have 1 million active users, they can get $4,000/month.

And that’s from just one broker. If they work with two app brokers with similar payouts, and have at least 10 million active monthly users, they could stand to make $80,000/month. With more dangerous permissions given by the user, they will get more sensitive data, which means they’ll make more money.

And that’s why these apps are free.

The cheaper apps, of course, take the easier route and simply flood their apps with non-stop, full screen ads that will cause their users to delete the apps sooner or later.

Summary

When considering this view of these popular beauty camera apps, it seems important to note the following:



These are non-essential apps that seem to be quite risky. Therefore, we recommend that you practice caution on deciding whether or not to download these apps at all.



Essentially, you have to consider these important points:

These apps are non-essential, as they provide no crucial function

The top-ranked apps are created by developers with spotty reputations, outright malicious behavior, or using unethical practices

There are bigger, more dependable apps out there that have similar features, are more accountable and with a clearer ownership structure, such as Messenger, Snapchat, Instagram, etc.

The full list of the 30 analyzed beauty camera apps are below.



Ranking App name App Developer Installs (as of Dec. 2019) #1 BeautyPlus – Easy Photo Editor & Selfie Camera Meitu (China) Limited 300,000,000 #2 BeautyCam Meitu (China) Limited 10,000,000 #3 Beauty Camera – Selfie Camera InShot Inc 10,000,000 #4 Beauty Camera Plus – Sweet Camera ♥ Makeup Photo Fantastic Photo – Beauty Makeup Pro StudioPhotography 1,000,000 #5 Beauty Camera – Selfie Camera & Photo Editor Sweet Selfie Inc. 500,000 #6 Selfie Camera – Beauty Camera & Photo Editor KX Camera Team 10,000,000 #7 YouCam Perfect – Best Selfie Camera & Photo Editor Perfect Corp. 100,000,000 #8 Sweet Snap – Beauty Selfie Camera & Face Filter Sweet Chat & Snap Apps 100,000,000 #9 Sweet Selfie Snap – Sweet Camera, Beauty Cam Snap Pro Too Movie Apps Good Develop 500,000 #10 Beauty Camera – Selfie Camera with Photo Editor Coocent 1,000,000 #11 Beauty Camera – Best Selfie Camera & Photo Editor KX Camera Team 5,000,000 #12 B612 – Beauty & Filter Camera SNOW, Inc. 500,000,000 #13 Face Makeup Camera & Beauty Photo Makeup Editor Alex Joe 10,000,000 #14 Sweet Selfie – Selfie Camera & Makeup Photo Editor Sweet Selfie Inc. 100,000,000 #15 Selfie camera – Beauty camera & Makeup camera PhotoArt Inc. 1,000,000 #16 YouCam Perfect – Best Photo Editor & Selfie Camera Perfect Corp. 100,000,000 #17 Beauty Camera Makeup Face Selfie, Photo Editor Virgilo Malley 1,000,000 #18 Selfie Camera – Beauty Camera Best App – Top Droid Team 500,000 #19 Z Beauty Camera GOMO 5,000,000 #20 HD Camera Selfie Beauty Camera iJoysoft 5,000,000 #21 Candy Camera – selfie, beauty camera, photo editor JP Brothers, Inc. 100,000,000 #22 Makeup Camera-Selfie Beauty Filter Photo Editor Photo Editor Perfect Corp. 1,000,000 #23 Beauty Selfie Plus – Sweet Camera Wonder HD Camera Sai2D 100,000 #24 Selfie Camera – Beauty Camera & AR Stickers Dreams Room 1,000,000 #25 Pretty Makeup, Beauty Photo Editor & Selfie Camera Photo Editor Perfect Corp. 10,000,000 #26 Beauty Camera Phila AppStore 500,000 #27 Bestie – Camera360 Beauty Cam PinGuo Inc. 10,000,000 #28 Photo Editor – Beauty Camera KX Camera Team 100,000 #29 Beauty Makeup, Selfie Camera Effects, Photo Editor Lyrebird Studio 5,000,000 #30 Selfie cam – bestie makeup beauty camera & filters Hd wallpapers and backgrounds studio 100,000

Total installs: 1,388,300,000





