Chinese Shopping App Temu Stealing US Users Data
Chinese Shopping App Temu Stealing US Users Data

Arkansas Attorney General Tim Griffin has put his foot down on Temu, a Chinese shopping app that’s taken the U.S. by storm in rapid time. Filed by Griffin, the suit accuses Temu of being “dangerous malware” that secretly monetizes large amounts of unauthorized user data. This, indeed, has been supported by various research papers as well as media articles that bring to light the alleged malicious design of the app, whereby it tries to gain unrestricted access to a user’s phone operating system, sensitive information like a user’s camera, specific location, contacts, text messages, and other applications.

The complaint of Griffin brings out the state-of-the-art and covert nature of the access capabilities of Temu.

As the allegations reveal, the application, when installed, can recompile itself and change its properties and settings, hence overriding those made by users concerning data privacy. In fact, according to such invisible accesses, great invasion of privacy and security can have an effect on both users and non-users. According to Griffin, in this app, anyone who communicates with a Temu user stands a chance of having their private information accessed and monetized by the app. He says the threat from Temu is quite significant.

Most worrying in the case of Griffin is the association that may exist with PDD Holdings, owners of Temu, who are Chinese. The lawsuit claims that, under Chinese law on secret collaboration with intelligence, PDD Holdings can be forced to share all data it collects with the Chinese government. This compromises the national security and privacy of U.S. citizens.

The complaint draws heavily on a deep forensic investigation conducted by Grizzly Research in September. Research company Grizzly previously published that it believed PDD Holdings was an “outright fraudulent company” and the Temu software is acting as “clandestine spyware,” constituting an active security concern for the United States’ national interests. That prior research underpins the charges made by Griffin and many others against Temu. Griffin believes Temu reels them with all sorts of discount quality goods promises while its real motives are to access as much user data as possible. Keeping people engaged—spinning a wheel for deals—offers the ability to track people who keep returning and work out how to present themselves in ads. But, according to hundreds of complaints to the Better Business Bureau, the quality of Temu’s goods is questionable.

This pattern suggests that Temu does not want to dominate the shopping platform market. Instead, he aspires to ways of exploiting user data for profits. Griffin said he hopes a jury finds Temu in violation of the Arkansas Deceptive Trade Practices Act and the Arkansas Personal Information Protection Act because in winning, Temu could be hit with some substantial penalties, including fines of up to $10,000 per violation of the ADTPA, and disgorgement of profits from data sales and deceptive practices.

Related Posts
  Don't Miss Out!

Stay informed with Enfoa's bite-sized offensive cybersecurity newsletter. We value your time and deliver only the most interesting and impactful updates straight to your inbox.

Join over 10,000 companies that have already subscribe.

Newsletter