After its Chinese counterpart app was banned from Google’s app store owing to “malware,” the United States has voiced concerns about possible data vulnerabilities linked with the bargain shopping site Temu. Analysts believe that Temu’s worries are, however, comparatively less serious.
Temu is said to be less aggressive than Pinduoduo, which Google threatened to suspend in March after discovering malware in versions distributed outside the Play Store.
By taking advantage of certain Android phone flaws, the virus discovered in Pinduoduo was able to circumvent user security permissions, read private messages, change settings, see data from other applications, and block removal.
The Chinese online store denied Google’s allegations that the software was “identified malicious” and recommended users to delete it.
Kevin Reed, the chief information security officer of the cybersecurity company Acronis, did an investigation that showed Pinduoduo asked for up to 83 permissions, including access to biometrics, Bluetooth, and Wi-Fi network data.
“Some of these permissions requested by Pinduoduo seem unexpected for an e-commerce app,” said Reed, who examined both applications for CNBC. He did see that Temu is not as forceful in his demands for different privileges as Pinduoduo.
A large selection of items are available on the Chinese e-commerce platform Pinduoduo, and Temu, which is owned by PDD Holdings, is rapidly expanding in the American market. Within only 17 days of its September introduction, Temu, sometimes referred to as a Shein-clone, outperformed well-known applications like Instagram, WhatsApp, Snapchat, and even Shein itself.
Regarding the permissions requested by the two applications, Reed underlined that Pinduoduo aggressively gathers user data and sends it back to the corporation. Temu, on the other hand, asks for 24 permissions, including the ability to view Bluetooth and Wi-Fi network information.
Biometric data collecting by e-commerce applications has drawn criticism from cybersecurity experts, who stressed the need of keeping such sensitive data alone on users’ devices. An e-commerce provider’s need to access Wi-Fi data was also questioned since, if linked to corporate Wi-Fi networks, it may become a target for hackers.
While Pinduoduo was accused of having harmful functionality, there have been no complaints of similar problems in the official Temu releases that are accessible via authorized channels. The Pinduoduo virus, according to experts, appears to target Chinese consumers exclusively and concentrate on Chinese devices.
In a study published in April, the U.S.-China Economic and Security Review Commission expressed worry about potential data threats related to Shein and Temu. The research emphasized how these “fast fashion” platforms depend on Chinese applications that Americans download and use, which puts American laws and market access principles in jeopardy.
Due to security concerns, the possibility of data privacy breaches, and Chinese government intervention, Chinese-owned applications are subject to more scrutiny in the US. However, there is no proof to back up assertions that data was shared with the Chinese government.
Analysts said that social media platforms like TikTok and Lemon8, which have more content, should be included in the discussion of data concerns instead of only shopping applications.
