In the application Temu, a Chinese online marketplace with over a hundred million downloads on Google Play, practically anything can be obtained at unbelievably low prices. To consumers, the platform appears to be just another shopping platform similar to Aliexpress, Wish, or Shein. However, cybersecurity experts warn that the Temu app is actually highly sophisticated malware that steals users’ personal data.
The information that the Temu app poses a security risk to Android devices came from the American research company Grizzly Research, based on a deep analysis of both the origin of the application and its code. Siegfried Eggert, the director of this institute, even referred to Temu as the “most dangerous application available to the general public” on CNBC’s Last Call program. So, what makes the Temu app so harmful? Essentially, every application needs to work with certain information to function. However, users have the option to deny access to the application to data such as location or contacts in the settings.
Temu, however, collects and sends a massive amount of information to Chinese servers that it doesn’t actually “need” for its function. This typically includes contacts in the address book, including addresses and birth dates, as well as photos, browsing history, or links to social networks. It also has access to GPS location, microphone, and gathers device information such as operating system version, hardware, and IP address. The problem is that Temu usually does this surreptitiously without the users’ knowledge, as that’s its purpose. And it definitely works with the stolen data.
According to Grizzly Research, Chinese companies can only operate in the market if their databases are accessible to Chinese government agencies, which, in other words, means that the local army and security agencies have access to them. From the perspective of an individual user from Central Europe, this may not seem so terrible; after all, “what would China do with those few photos?” However, on a global scale, this represents a huge risk not only in terms of potential loss or misuse of digital identity but also in terms of the security of states as such. This is exacerbated by the sad fact that China is a totalitarian state and is also rapidly developing artificial intelligence capable of recognizing almost anything from anything.
The fact that the Temu app is most likely dangerous spyware hiding behind the facade of cheap purchases can be deduced from its “lineage.” Temu belongs to the Chinese company PDD, which has already been involved in one major scandal. A few years ago, it was behind the development of the shopping app Pinduoduo, mainly intended for the domestic market. The app was available for download on Google Play, but it behaved very intrusively.
“We have never encountered a regular application trying so hard to gain access to things it shouldn’t have,” CNN quoted Mikko Hyppönen, head of research at the Finnish company WithSecure, which deals with cybersecurity, last spring.
Google responded to these serious accusations by immediately removing the application from its Play Store until the issue was resolved. And the company PDD subsequently released an update that was supposed to remove the malicious code and then also issued dismissals to people responsible for the development of the application. However, all of this was just a façade. “The fired employees were immediately hired by the Temu company, which is also under PDD,” Grizzly Research writes in the article.
Photo source: www.pexels.com
OR CONTINUE READING