UrsaClimb Logo

MuMu Player Pro (NetEase) silently runs 17 system reconnaissance commands every 30 minutes on macOS

Hacker News
February 20, 2026
AI-Generated Deep Dive Summary
MuMu Player Pro, a popular Android emulator developed by NetEase, has been found to secretly gather extensive system information from macOS devices every 30 minutes. This includes details like local network devices, running processes, installed applications, DNS configurations, and more, all tied to the device's serial number through SensorsData analytics. The collection process occurs without user consent or disclosure in the app’s privacy policy and appears unnecessary for basic emulator functionality. The data collection involves executing 17 commands that capture sensitive details such as network interfaces, active network connections, system services, resource limits, mounted filesystems, and even command-line arguments of running applications. This reveals potentially sensitive information like browser history, VPN configurations, development tools, and application-specific tokens. For instance, the "ps aux" command logs every process with full arguments, exposing user activity patterns and tool usage. The use of SensorsData analytics further complicates privacy concerns. The collected data is linked to the Mac's hardware serial number as a persistent identifier for tracking purposes. This includes detailed campaign tracking information and an 86KB analytics message queue maintained by the platform. On a typical day, this routine runs 16 times, generating approximately 400KB of data per collection. This revelation raises significant privacy and security concerns, particularly for users who prioritize data protection. The stealthy collection of such detailed system information without user consent or clear necessity undermines trust in software designed to enhance user experience. For tech-savvy readers, this highlights the importance of critically evaluating app permissions and understanding how personal data is handled by even seemingly benign tools.
Verticals
techstartups
Originally published on Hacker News on 2/20/2026