One of Chinese biggest shopping apps, Pinduoduo, has gained coverage due to malware claims. Security experts have argued that the app can spy on user data. The app (currently only available for Android users) is famous for purchases of all kinds ranging from foodstuff to electronics.
Popular in the US
While it is mostly used in China, Pinduoduo has entered the US market via the name Temu which offers various products at highly affordable prices. It made its Debut in September 2022 and became popularized via a viral Super Bowl ad. Sources reveal that Temu has not exhibited the same security risks as demonstrated by the mother app.
Suspended by Google
Late last monthGoogle suspended a version of Pinduoduo from its play store due to security concerns. A spokesman revealed that they had found malware issues on app versions. “ The Off-Play versions of the e-commerce app that were found to contain malware were enforced on via Google Play Protect,” read the report. A detailed coverage by CNN reported that Pinduoduo could bypass security constructs and monitor activity on its user’s phones; it also can change settings, read private messages, check notifications, and detect usage by other apps. Even worse was the allegation that Pinduoduo made it difficult for users to remove it. We haven’t seen a mainstream app like this trying to escalate their privileges to gain access to things they’re not supposed to, “Mikko Hypponen, a senior research officer at Secure (the Finnish cybersecurity firm), told CNN.
Findings by Kaspersky Researchers
Researchers at Kaspersky Lab found that the app could compromise user privacy and data security and relay information to Boomerang. Some evidence also showed that versions of Pinduoduo could install backdoors and obtain access to user data and notifications by exploiting system software flaws.
Same Suspicions as Titkot
The security issues that Pinduoduo has presented give credence to the fears government officials have raised about TikTok. Both apps have their roots in China, and legislators in Western countries have worried that the Chinese government could use them to spy. Congress recently grilled TikTok’s CEO for nearly 6 hours, and many people argue that the latest development will only make things worse for the short video giant.
What Our Lead Engineer Thinks
“Security is one of the most important concerns for technology providers regardless of the industry and country of origin. The fact that Pinduoduo has exhibited such glaring security inconsistencies will have a lasting impact on user trust. A company of Pinduoduo’s size should go above and beyond to ensure that its platforms adhere to the highest standards of security and privacy, with no excuses. This will almost certainly also have ripple effects on the TikTok situations currently unraveling here in the US,” said Mohamed Raza, Logie’s lead engineer, and a seasoned security expert’’.