Security Concerns for NetEase's MuMu Emulator (made by ChatGPT)
[People News] The macOS version of the Android emulator MuMu Player Pro, developed by Chinese internet company NetEase, has come under fire for allegedly reading system information periodically in the background. This has led to discussions and scepticism on social media platforms such as X, Reddit, and within the tech community. These allegations have yet to be fully verified by independent security audits. As of this writing, NetEase has not publicly addressed the specific technical details.
Radio Free Asia reports that some users have shared technical testing screenshots indicating that the software executes multiple system commands while operating in the background, which includes reading process lists, network configurations, application information, and certain system parameters.
Several tech bloggers have disclosed that the MuMu emulator performs system information collection operations approximately every 30 minutes while running in the background. An anonymous cybersecurity researcher stated to Radio Free Asia, "This goes beyond simple performance debugging; it is a more thorough system scan. It queries parameters of running processes, the status of network interfaces, and device identification information, among other things."
Executed Approximately Every 30 Minutes
Log analyses shared by some users indicate that the software reads the /etc/hosts file during its operation and captures the complete command line parameters of running system processes. Technical discussions suggest that this type of information typically includes application paths and running parameters. Whether this involves sensitive data still requires further technical verification.
On social media platforms, some users have expressed concerns that related data might be used to generate device identification tags and linked to analytical platforms. Mr Wang, an independent developer who has been using the Mac system for a long time, told Radio Free Asia: "If data binding is conducted alongside hardware serial numbers and device identifiers, it could create a comprehensive device profile. Companies need to clarify the ultimate flow and use of the data."
Public information indicates that MuMu Player Pro is an Android emulator product developed by NetEase, primarily aimed at providing a mobile application and gaming environment for Mac users.
The central issue of the discussion revolves around the transparency of data collection.
Mr Gao, a data engineer from Hebei, informed Radio Free Asia that Android emulators generally need to access certain system information—such as CPU model and core count, memory capacity, graphics card model, system version, screen resolution, and current network type—when conducting performance adaptation, graphics acceleration debugging, and compatibility testing. This is necessary to determine whether specific rendering modes or virtualisation acceleration are supported. However, "whether this constitutes excessive data collection hinges on the scope of the collection, the intended use of the data, and whether it is clearly disclosed in the privacy policy."
He stated: "If the content being accessed includes unique device identification information, such as hardware serial numbers, MAC addresses, device UUIDs, motherboard information, or if it involves obtaining a complete list of running processes and network interface details, and this data is transmitted to a remote server or linked to a user account, it goes beyond what is necessary for simple performance debugging. Such actions should be clearly outlined in the privacy policy, detailing the types of data collected, the purposes for which it is used, the duration of data retention, and whether it is shared with third parties, while also providing users with clear options."
Researchers Discuss Risks of Domestic Applications
Cybersecurity researcher Ge Qiang reported to Radio Free Asia that uploading customer data to company servers could be a violation of privacy; however, without evidence, users often struggle to pursue legal action. "Domestic surveillance systems, computers, routers, televisions, and robotic vacuum cleaners all have their own 'backdoors' that quietly upload data."
Ge Qiang noted that in recent years, many products developed by internet companies require approval from the network management department, and they must indicate that they have controllable backend systems to facilitate government investigations at any time. "In such cases, users are often completely unaware, or even if they are aware, it is of no use; who can they report to?" He reiterated that uploading customer data to company servers could be a violation of privacy, but without evidence, users often find it difficult to take legal action. "Domestic surveillance systems, computers, routers, televisions, and robotic vacuum cleaners all have their own 'backdoors' that quietly upload data."
Ge Qiang noted that in recent years, many products developed by internet companies require approval from the network management department and must indicate that they have a controllable backend system to facilitate government investigations at any time. 'Users are completely unaware of this situation, and even if they are aware, it is of no use; who can they report it to?'
Public information indicates that some discussions have mentioned the potential integration of analytical tools provided by Shen Ce Data within the software. This company serves as a data analysis provider, offering user behaviour statistics and analysis services to internet enterprises. However, there is currently no independent technical report from a third party confirming whether specific data is uploaded, whether it is stored locally, or whether it undergoes anonymisation.
Controversies over data collection by Chinese applications are frequent
A report released by the security agency Sesame Disk previously pointed out that some applications might reduce user awareness through backend operating mechanisms, but the report did not provide a complete independent audit result specifically for MuMu Player Pro.
In recent years, there have been numerous instances of Chinese applications collecting user information. Several applications, including WeChat, have been found to collect user data even when they are not in operation.
Legal experts indicate that if Chinese products are aimed at overseas markets and involve cross-border data transmission, they must also comply with local data protection regulations. Determining whether a violation has occurred requires a specific assessment of the actual data collection, data flow, and user authorisation.
At present, the related controversies primarily exist at the level of technical discussions and social media, with no regulatory agency having released formal investigation results. Radio Free Asia will continue to monitor NetEase's responses and any subsequent developments.
△
News magazine bootstrap themes!
I like this themes, fast loading and look profesional
Thank you Carlos!
You're welcome!
Please support me with give positive rating!
Yes Sure!