MuMu Player Pro (NetEase) silently runs 17 system reconnaissance commands every 30 minutes on macOS · GitHub

MuMu Player Pro for macOS (by NetEase) executes a comprehensive system data collection routine every 30 minutes while the emulator is running. This includes enumerating all devices on your local network, capturing every running process with full command-line arguments, inventorying all installed applications, reading your hosts file, and dumping kernel parameters — all tied to your Mac’s serial number via SensorsData analytics.

None of this is disclosed in MuMu’s privacy policy. None of it is necessary for an Android emulator to function.

• App: MuMu Player Pro for macOS (v1.8.5)
• Bundle ID: com.netease.mumu.nemux-global
• macOS version: 26.3 (Apple Silicon)

Every 30 minutes, MuMu creates a timestamped directory under:

~/Library/Application Support/com.netease.mumu.nemux-global/logs/

Each directory (e.g. 20260220-071645) contains the output of the following commands, all executed automatically in the background:

A collect-finished manifest file logs the success/failure of each collection.

The process list captures full command-line arguments for every process on the system. In practice this exposes:

• What applications you’re running and when (browsers, chat apps, trading platforms, security tools)
• VPN usage and configuration (e.g. NordVPN/NordLynx with arguments)
• Development tools and infrastructure (Docker, IDEs, terminal sessions with arguments)
• Session tokens and IDs passed as command-line arguments
• User data directory paths revealing your username and app configurations
• What security/firewall software you use (useful for evasion)

This is captured every 30 minutes, creating a detailed behavioral timeline of your computer usage.

MuMu uses SensorsData (a Chinese analytics platform) for tracking. Files in the report/ directory include:

Identity tracking (sensorsanalytics-com.sensorsdata.identities.plist):

🔥

Your Mac’s hardware serial number is collected and used as a persistent identifier.

Campaign tracking (sensorsanalytics-super_properties.plist):

player_version: 1.8.5
player_channel: MACPRO
player_uuid: 
player_utm_source: SEO001
player_engine: (tracked)

An 86KB analytics message queue (sensorsanalytics-message-v2.plist) is maintained and sent to their servers.

On a single day of normal use, MuMu ran the collection routine 16 times (once every ~30 minutes). Each collection generates ~400KB of system data. The logs directory retains approximately 23 collection runs before rotating.

If you have MuMu Player Pro installed on macOS, check:

ls ~/Library/Application\ Support/com.netease.mumu.nemux-global/logs/

If you see timestamped directories, open any one and read the files. Each file contains the exact command that was executed, its arguments, and the full captured output.

The MuMu Player Pro Privacy Policy does not disclose:

• Running ps aux to capture all system processes
• Running arp -a to enumerate local network devices
• Reading /etc/hosts
• Dumping sysctl -a kernel parameters
• Inventorying all installed applications via mdls
• Collecting your Mac serial number
• Performing any of this on a 30-minute recurring schedule

This goes well beyond what any Android emulator needs. The data collected — local network topology, complete process lists, installed software inventory, DNS configuration, hosts file, and kernel parameters — constitutes a comprehensive system profile. Combined with SensorsData analytics and your hardware serial number, this creates a persistent, detailed fingerprint of your machine and usage patterns.

The fact that this runs silently every 30 minutes, is not disclosed in the privacy policy, and is not necessary for emulator functionality makes this, at minimum, a serious transparency failure.