Temu - A shopping app with a shady malware past (Snopes.com Investigates)

[Ink]

Content source

https://www.snopes.com/news/2023/06/05/temu-shopping-app-scam-china-spyware/

Is Temu Shopping App a Communist China-Based Scam That Spies on Users?​

Temu, launched in September 2022, made waves with a pricey Super Bowl ad buy in February 2023 that promoted the company slogan "shop like a billionaire." At the time of this reporting, the Temu app was the second most popular free app in Apple's App Store.

As described in an April 2023 report by the U.S.-China Economic and Security Review Commission (USCC), "Temu's success raises flags about its business practices." The fact that the prices offered are so low has led potential users to wonder if the deals are real or if they are part of a scam operation.

As described in the 2023 USCC report, "Temu's lack of affiliation with established brands has brought concerns of product quality as well as accusations of copyright infringement."

PDD Holdings (then named Pinduoduo) was included in the U.S. Trade Representative's 2021 list of "Notorious Markets for Counterfeiting and Piracy."

There is no evidence that Temu's data are, or have been, shared with Chinese authorities, but PDD Holdings' Pindoudou platform has had a history, to say the least, of malfeasance when it comes to broader "consumer privacy and data security issues."

While Temu does collect data related to your contacts via social media, the notion that Temu can gain access to "literally everything on your phone" stems from the discovery of aggressive malware in Pindoudou. Beginning in February 2023, several reports revealed unambiguous evidence that Pindoudou contained dangerous and illegal spyware. As reported by CNN in April 2023:.

The malware identified by researchers gave the app privileges and visibility into other apps without the user's knowledge or consent.

These elevated privileges allowed the app access to chats and photos. Cybersecurity expert Sergey Toshin told CNN that "the exploits allowed Pinduoduo access to users' locations, contacts, calendars, notifications and photo albums without their consent. They were also able to change system settings and access users' social network accounts and chats, he said.

The malware was found only on an "off store" version of the app designed for Android users. China blocks both the Apple Store and the Google Play store, and mobile apps are downloaded from other "off-store" third party websites.

Following public exposure of these actions in March 2023, Pindoudou fired the team of researchers responsible for exploiting Android vulnerabilities for Pindoudou's benefit.

While security experts have not identified any such Malware in Temu, valid concerns exist about the methods employed by other companies under the umbrella of PDD Holdings. As CNN reported, Temu now employs many of those fired programmers.

Read full article: Is Temu Shopping App a Communist China-Based Scam That Spies on Users?