Written by 4:09 am Science & Technology Views: [tptn_views]

Temu accused of knowledge risks after sister app was suspended for malware

According to Apptopia data shared with CNBC, in only 17 days of release, Temu has overtaken Instagram, WhatsApp, Snapchat and Shein within the Apple App Store within the US.

Stefani Reynolds | AFP | Getty Images

The US has accused discount website Temu of possible data loss after its Chinese sister app was faraway from the Google App Store because of “malware” – but analysts say they are not anxious about it.

Compared to Pinduoduo, which was suspended by Google in March after versions offered outside the Google Play store contained malware, Temu “is not as aggressive,” said one analyst.

The malware in Pinduoduo was found to use specific vulnerabilities in Android phones, letting the app bypass user security permissions, access private messages, modify settings, view data from other apps and stop uninstallation.

Google called it an “identified malicious app” and urged users to uninstall the Pinduoduo app, however the Chinese online retailer denied these claims.

According to an evaluation by Kevin Reed, director of data security at cybersecurity firm Acronis, Pinduoduo asks for as many as 83 permissions, including access to biometrics, Bluetooth, and Wi-Fi information.

“Some of those permissions that Pinduoduo is asking for seem unexpected for e-commerce apps,” said Reed, who shared his evaluation of each apps with CNBC.

“But Temu is just not as aggressive as Pinduoduo, who demands all types of privileges,” Reed said.

Pinduoduo is a Chinese e-commerce app that sells every little thing from groceries to clothing. This is the flagship product of the Nasdaq-listed Chinese company PDD holdings who also owns Temu. Temu is headquartered in Boston.

Pinduoduo is rather more aggressive in collecting details about users and after all passing it back to the corporate.

Kevin Reed

Chief Information Security Officer, Acronis

“There must be no have to store biometrics on an e-commerce site or app. Personally, I would not want my biometrics stored anywhere aside from my device,” said Sean Duca, vp and regional head of security for Asia-Pacific and Japan at cybersecurity firm Palo Alto Networks.

“Biometrics has loads more value than anything because I can not just change my fingerprint, unlike passwords,” said Duca.

He also asked why access to Wi-Fi information is essential. If it’s a company Wi-Fi network that the user is connected to, “it would change into a really lucrative goal for cybercriminals who will start actually accessing this information,” warned Duca. “But why does an e-commerce provider really want it?”

What does Tem do?

Called the imitator of the fast fashion brand Shein, Temu is taking the American market by storm.

Just 17 days after launching in September, the app surpassed Instagram, WhatsApp, Snapchat and Shein within the US Apple App Store, in response to Apptopia data shared with CNBC. It launched within the UK in March, just weeks after entering Australia and New Zealand.

The proven fact that Pinduoduo “requested much more permissions than the Temu app, regardless that they seem like similar apps, seems too intrusive to me,” Reed said.

“Pinduoduo is rather more aggressive in collecting user information,” said Reed, who claimed the information was “obviously [transferred] back to the corporate.”

PDD Holdings didn’t reply to CNBC’s request for comment on these permits.

In comparison, the Temu app requests 24 permissions, Reed said. Some of those permissions include access to Bluetooth and knowledge about Wi-Fi networks.

I worry less about shopping apps than about social media platforms like TikTok and Lemon8.

Lindsay Gorman

Senior Emerging Technologies Specialist, German Marshall Fund

“There have been no reports of malicious features present in official Temu Play, App Store or third-party versions. The keys used to sign the Pinduoduo malware are usually not the identical keys used to sign the Temu app,” said Daniel Thanos, vp and head of Arctic Wolf Labs, the threat intelligence arm of Arctic Wolf cybersecurity company.

“Based on our evaluation, this malware appears to be primarily targeting Chinese users because it appears to focus on devices typically sold and utilized in China, resembling Xiaomi, Vivo, Oppo, Samsung, etc., and their corresponding apps. Thanos said. PDD Holdings didn’t immediately reply to CNBC’s request for comment.

Data risk

IN report on Chinese “fast fashion” platforms. published in April, the US-China Economic and Security Review Commission accused Temu and Shein of posing a possible data risk.

Shein and Temu “rely totally on US consumers to download and use Chinese apps to pick out and deliver products,” the report said.

“The business success of those corporations has encouraged each established Chinese e-commerce platforms and startups to repeat their model, posing risks and challenges to US regulations, laws and market access rules,” it said.

Chinese-owned apps are under intense scrutiny within the US because of security concerns. US lawmakers have warned that any Chinese-owned apps may very well be vulnerable to data privacy breaches or interference from the Chinese government.

While politicians often accuse Chinese corporations of giving data to the Chinese government, there isn’t a evidence to support such claims.

“But there’s also an even bigger game here, which is that many other apps that are not talked about are also collecting information and have been doing it for a really very long time,” Duca said, noting that it’s more of a systemic issue.

Read more about technology and cryptocurrencies with CNBC Pro

One analyst said yes less anxious about shopping apps than social media platforms like TikTok and its sister app Lemon8.

“From a national security viewpoint, along with creating user profiles with all this data, social media platforms even have the power to pick out, promote and demote content based on opaque metrics that we ultimately don’t really see,” said Lindsay Gorman, senior security officer. emerging technologies on the German Marshall Fund.

For shopping apps, the “real sort of content impact” may very well be Chinese corporations promoting their products, which “senses less of a threat to democracy,” Gorman said. Instead, social media apps can promote politically-themed content, which is way harder to trace, she said.

TikTok is facing a possible ban within the US after its CEO Shou Zi Chew’s testimony before Congress did not allay lawmakers’ concerns concerning the app’s ties to China or the adequacy of Project Texas, its plan to store US data on US soil.

“ByteDance is just not owned or controlled by the Chinese government. It’s a non-public company,” Chew said through the hearing.

I don't think shutting down or banning TikTok is needed, the analyst says

In his first public interview because the congressional hearingChew told TED2023 last week, “We’re constructing all of the tools to forestall [Chinese government interference in U.S. elections] from the event.”

He said he was “very confident” that the chance may very well be reduced to close zero because the corporate was “very, very far-off” from Project Texas.

Another analyst, Glenn Gerstell, a senior adviser on the Center for Strategic and International Studies, said these apps are “ultimately controlled by Chinese parties and that is what the American political system will deal with.” Geopolitical tensions with China will proceed to bring Chinese apps under scrutiny.

“It could also be that if we became more sophisticated, we might have the ability to tell apart one application from one other and create a safer, more confined and controlled space. But in the meanwhile we do not have such a system,” Gerstell said.

[mailpoet_form id="1"]
Close