Chinese woman using a phone

China’s most popular shopping app spies on users

Multiple experts say that one of China’s most popular shopping apps, Pinduoduo, has the ability to spy on users. Now its sister app, Temu, the second-most downloaded app in the US, is coming under scrutiny.

Experts say Chinese shopping app Pinduoduo can spy on users

Multiple experts say Chinese app Pinduoduo, one of the most popular shopping apps with over 750 million users per month, can spy on users and perform a number of other stealth activities that violate users’ privacy.

Worsening the situation, once Pinduoduo is installed, it’s difficult to remove, according to cybersecurity researchers.

The findings come in a detailed investigation by CNN that was prompted by a tipoff from multiple former and current Pinduoduo employees.

CNN consulted with half a dozen cybersecurity teams from Asia, Europe, and the United States, and multiple experts identified the presence of malware on the Pinduoduo app, which exploited vulnerabilities in Android operating systems.

According to company insiders, the exploits on the Pinduoduo app were utilized in order to spy on both users and competitors, all in an effort to boost sales.

The hidden dangers of the Pinduoduo app

According to multiple cybersecurity experts who spoke to CNN, privacy and security violations and escalations of privileges embedded in the Pinduoduo app software are “next level.”

Malware is short for malicious software, referring to any software developed to steal data or interfere with computer systems and mobile devices.

The app can bypass users’ cell phone security to monitor activities on other apps, check notifications, read private messages and change settings.

Google, the maker of the Android operating system, already suspended Pinduoduo from its Play Store in March, citing malware identified in versions of the app.

Experts are advising iOS (iPhone, iPad) users to avoid downloading the Pinduoduo app.

Both Android and iOS users who already have the Pinduoduo app on their devices are urged to delete it immediately.

Is user data being given to the Chinese government?

There is no evidence Pinduoduo has provided data to the Chinese government, according to CNN. However, Beijing has significant leverage over businesses under its jurisdiction. US lawmakers are concerned any company operating in China could be forced to cooperate with a broad range of security activities.

Nonetheless, cybersecurity experts say the possibility remains that personal information from anyone using the app could be provided to the Chinese government or other third parties.

New scrutiny of Chinese app Temu – second-most downloaded app in the US

Temu, LLC is a Chinese-based shopping app, which represents an American-based online marketplace. It was the second-most downloaded app in the US and is a subsidiary of Chinese-based PDD Holdings Inc., which also owns Pinduoduo.

The Temu app had 15 million downloads in 2022, second only to the Amazon app, Yahoo reported.

Being that Temu comes from the same company that owns Pinduoduo, the recent revelations about the spying features of the latter app have drawn new scrutiny toward Temu and its safety.

At present, Temu is available both on Apple’s App Store and Google Play Stores. However, it has a reputation for mysterious charges, incorrect orders, undelivered packages, and unresponsive customer service.

According to Yahoo, Temu has a Better Business Bureau (BBB) customer rating of 2.3 stars from hundreds of complaints.