Lawsuit claims Temu Shopping App is Deeply Intrusive Malware

vtqhtr413

vtqhtr413

Level 27
Thread author
Verified
Top Poster
Well-known
Forum Veteran
Aug 17, 2017
1,273
17,246
2,568
Content source
https://arstechnica.com/tech-policy/2024/06/shopping-app-temu-is-dangerous-malware-spying-on-your-texts-lawsuit-claims/
Temu—the Chinese shopping app that has rapidly grown so popular in the US that even Amazon is reportedly trying to copy it—is "dangerous malware" that's secretly monetizing a broad swath of unauthorized user data, Arkansas Attorney General Tim Griffin alleged in a lawsuit filed Tuesday.

Griffin cited research and media reports exposing Temu's allegedly nefarious design, which "purposely" allows Temu to "gain unrestricted access to a user's phone operating system, including, but not limited to, a user's camera, specific location, contacts, text messages, documents, and other applications."

"Temu is designed to make this expansive access undetected, even by sophisticated users," Griffin's complaint said. "Once installed, Temu can recompile itself and change properties, including overriding the data privacy settings users believe they have in place."

Griffin fears that Temu is capable of accessing virtually all data on a person's phone, exposing both users and non-users to extreme privacy and security risks. It appears that anyone texting or emailing someone with the shopping app installed risks Temu accessing private data, Griffin's suit claimed, which Temu then allegedly monetizes by selling it to third parties, "profiting at the direct expense" of users' privacy rights.
Click to expand...
arstechnica.com

Shopping app Temu is “dangerous malware,” spying on your texts, lawsuit claims

Temu "surprised" by the lawsuit, plans to "vigorously defend" itself.
arstechnica.com arstechnica.com
 
  • Wow
  • +Reputation
  • Thanks
Reactions: Gandalf_The_Grey, simmerskool, Jonny Quest and 5 others
If its so bad then how come Google allows it in its playstore. Is Playstore's security feature is so bad that an app which can do so much damage gets passed.
I suspect there is some thing else.
It just may be another attempt by a big company to quash its competitor.
Its too bad to be true.
 
  • Hundred Points
  • Like
Reactions: simmerskool and vtqhtr413
jogs said:
If its so bad then how come Google allows it in its playstore. Is Playstore's security feature is so bad that an app which can do so much damage gets passed.
I suspect there is some thing else.
It just may be another attempt by a big company to quash its competitor.
Its too bad to be true.
Click to expand...
Euh its also in the App store from Apple, and the Samsung Market, so dont blame google
 
  • Like
Reactions: vtqhtr413 and simmerskool
Jengo said:
Euh its also in the App store from Apple, and the Samsung Market, so dont blame google
Click to expand...
FWIW in the Apple world, there's no way to accomplish any of the things the article is alleging, such as the app dynamically recompiling itself / introducing new executable code, or bypassing OS enforcement of sandbox and permission restrictions. Those would be serious security vulnerabilities in the OS which Apple aggressively patches and would pretty much serve a lifetime ban to any developer accused of exploiting as an app they submit to the store.
 
  • Like
Reactions: vtqhtr413 and simmerskool
jogs said:
If its so bad then how come Google allows it in its playstore.
Click to expand...
Because Google does not have people screen apps. Automated software does the screening and that screening is trivially basic. There are no meaningful security checks performed.

MacDefender said:
FWIW in the Apple world, there's no way to accomplish any of the things the article is alleging, such as the app dynamically recompiling itself / introducing new executable code, or bypassing OS enforcement of sandbox and permission restrictions. Those would be serious security vulnerabilities in the OS which Apple aggressively patches and would pretty much serve a lifetime ban to any developer accused of exploiting as an app they submit to the store.
Click to expand...
It is still possible. (I will not have a debate about it.) Have to wait to see how the case proceeds.
 
  • Like
  • Thanks
Reactions: vtqhtr413 and simmerskool
kailyn said:
Because Google does not have people screen apps. Automated software does the screening and that screening is trivially basic. There are no meaningful security checks performed.


It is still possible. (I will not have a debate about it.) Have to wait to see how the case proceeds.
Click to expand...
Both app stores use some degree of automated screening. It's not been the case that Apple human-screens most apps and certainly not their updates to already-approved apps.

Can you elaborate how you think it's possible to gain access to mail, messages, photos, or location on iOS for a 3rd party app? It's quite a claim to make and then say you're not entertaining a debate about how something the OS makes impossible is possible.
 
  • Like
Reactions: simmerskool
You must log in or register to reply here.

You may also like...