Privacy News Lawsuit claims Temu Shopping App is Deeply Intrusive Malware

[vtqhtr413]

Content source

https://arstechnica.com/tech-policy/2024/06/shopping-app-temu-is-dangerous-malware-spying-on-your-texts-lawsuit-claims/

Temu—the Chinese shopping app that has rapidly grown so popular in the US that even Amazon is reportedly trying to copy it—is "dangerous malware" that's secretly monetizing a broad swath of unauthorized user data, Arkansas Attorney General Tim Griffin alleged in a lawsuit filed Tuesday.

Griffin cited research and media reports exposing Temu's allegedly nefarious design, which "purposely" allows Temu to "gain unrestricted access to a user's phone operating system, including, but not limited to, a user's camera, specific location, contacts, text messages, documents, and other applications."

"Temu is designed to make this expansive access undetected, even by sophisticated users," Griffin's complaint said. "Once installed, Temu can recompile itself and change properties, including overriding the data privacy settings users believe they have in place."

Griffin fears that Temu is capable of accessing virtually all data on a person's phone, exposing both users and non-users to extreme privacy and security risks. It appears that anyone texting or emailing someone with the shopping app installed risks Temu accessing private data, Griffin's suit claimed, which Temu then allegedly monetizes by selling it to third parties, "profiting at the direct expense" of users' privacy rights.

Shopping app Temu is “dangerous malware,” spying on your texts, lawsuit claims

Temu "surprised" by the lawsuit, plans to "vigorously defend" itself.

arstechnica.com

 

[Aleeyen]

If its so bad then how come Google allows it in its playstore. Is Playstore's security feature is so bad that an app which can do so much damage gets passed.
I suspect there is some thing else.
It just may be another attempt by a big company to quash its competitor.
Its too bad to be true.

 

[TuxTalk]

If its so bad then how come Google allows it in its playstore. Is Playstore's security feature is so bad that an app which can do so much damage gets passed.
I suspect there is some thing else.
It just may be another attempt by a big company to quash its competitor.
Its too bad to be true.

Euh its also in the App store from Apple, and the Samsung Market, so dont blame google

 

[MacDefender]

Euh its also in the App store from Apple, and the Samsung Market, so dont blame google

FWIW in the Apple world, there's no way to accomplish any of the things the article is alleging, such as the app dynamically recompiling itself / introducing new executable code, or bypassing OS enforcement of sandbox and permission restrictions. Those would be serious security vulnerabilities in the OS which Apple aggressively patches and would pretty much serve a lifetime ban to any developer accused of exploiting as an app they submit to the store.

 

[kailyn]

If its so bad then how come Google allows it in its playstore.

Because Google does not have people screen apps. Automated software does the screening and that screening is trivially basic. There are no meaningful security checks performed.

FWIW in the Apple world, there's no way to accomplish any of the things the article is alleging, such as the app dynamically recompiling itself / introducing new executable code, or bypassing OS enforcement of sandbox and permission restrictions. Those would be serious security vulnerabilities in the OS which Apple aggressively patches and would pretty much serve a lifetime ban to any developer accused of exploiting as an app they submit to the store.

It is still possible. (I will not have a debate about it.) Have to wait to see how the case proceeds.

 

[MacDefender]

Because Google does not have people screen apps. Automated software does the screening and that screening is trivially basic. There are no meaningful security checks performed.


It is still possible. (I will not have a debate about it.) Have to wait to see how the case proceeds.

Both app stores use some degree of automated screening. It's not been the case that Apple human-screens most apps and certainly not their updates to already-approved apps.

Can you elaborate how you think it's possible to gain access to mail, messages, photos, or location on iOS for a 3rd party app? It's quite a claim to make and then say you're not entertaining a debate about how something the OS makes impossible is possible.