Temu implicated of information threats in the middle of TikTok, Pinduoduo worries

I don't think a shutdown or ban of TikTok is needed, analyst says

Revealed: The Secrets our Clients Used to Earn $3 Billion

In simply 17 days after launch, Temu exceeded Instagram, What sApp, Snapchat and Shein on the Apple App Store in the U.S., according to Apptopia information shown CNBC.

Stefani Reynolds|Afp|Getty Images

The U.S. has actually implicated discount rate shopping website Temu of possible information threats after its Chinese sibling app was pulled from Google’s app shop over “malware”– however experts state they’re not that concerned.

Compared to Pinduoduo, which was suspended by Google in March after variations provided outside Google’s Play shop were discovered to consist of malware, Temu is “not as aggressive,” one expert stated.

The malware in Pinduoduo was discovered to utilize particular vulnerabilities for Android phones, permitting the app to bypass user security approvals, gain access to personal messages, customize settings, see information from other apps and avoid uninstallation.

Google called it an “identified malicious app” and prompted users to uninstall the Pinduoduo app, however the Chinese online merchant rejected those claims.

According to analysis by Kevin Reed, primary info gatekeeper at cybersecurity company Acronis, Pinduoduo ask for as lots of as 83 approvals– consisting of access to biometrics, Bluetooth and info about Wi-Fi networks.

“Some of these permissions Pinduoduo is asking seems to be unexpected for an e-commerce app,” stated Reed, who shared his analysis of both apps with CNBC.

“But Temu is not as aggressive as Pinduoduo that is requesting all kinds of privileges,” stated Reed.

Pinduoduo is a China- based e-commerce app that offers whatever from groceries to clothes. It is the flagship item of Nasdaq- noted Chinese business PDD Holdings which likewise ownsTemu Temu’s head office lie in Boston.

Pinduoduo is a lot more aggressive in gathering users’ info and undoubtedly move it back to the business.

Kevin Reed

primary info gatekeeper, Acronis

“There should be no need for biometric data to be stored on an e-commerce website or app. I personally wouldn’t want my biometric data to be stored anywhere else other than my device,” stated Sean Duca, vice president and local primary gatekeeper for Asia Pacific and Japan at cybersecurity company Palo Alto Networks

“Biometrics have a lot greater value than anything else, because I can’t simply change my fingerprint at all, unlike passwords,” stated Duca.

He likewise questioned why access to Wi-Fi info was needed. If it is business Wi-Fi that the user is linked to, it will “become a very lucrative target for cyber criminals where they start to actually gain access to this information,” warnedDuca “But why does an e-commerce provider actually need that?”

What does Temu do?

Temu, called a copycat of fast-fashion label Shein, is taking the U.S. market by storm.

Just 17 days after its launch in September, the app exceeded Instagram, What sApp, Snapchat and Shein on the Apple App Store in the U.S., according to Apptopia information shown CNBC. It introduced in the U.K. in March, simply weeks after going into Australia and New Zealand.

The truth that Pinduoduo “has requested even more permissions than Temu app even though they seem to be a similar kind of applications seems over-intrusive to me,” stated Reed.

“Pinduoduo is much more aggressive in collecting users’ information,” stated Reed who declared the information was “undoubtedly [transferred] back to the business.”

PDD Holdings did not react to CNBC’s ask for remark concerning those approvals.

In contrast, the Temu app ask for 24 approvals, statedReed Some of these approvals consist of access to Bluetooth and info about Wi-Fi networks.

I am less concerned about the shopping apps than social networks platforms like TikTok and Lemon8.

Lindsay Gorman

Senior fellow for emerging tech, German Marshall Fund

“There have been no reports of the malicious functionality present in official Play, App Store or third-party versions of Temu. The keys used to sign the Pinduoduo malware are not the same keys used to sign the Temu app,” stated Daniel Thanos, vice president and head of Arctic Wolf Labs, the danger intelligence arm of cybersecurity company Arctic Wolf.

“Based on our analysis, it appears that this malware is targeting Chinese users primarily, as it appears to target devices usually sold and used in China such as Xiaomi, Vivo, Oppo, Samsung, etc, and their corresponding applications,” statedThanos PDD Holdings did not right away react to CNBC’s ask for remark.

Data threats

In a report on Chinese “fast fashion” platforms released in April, the U.S.-China Economic and Security Review Commission implicated Temu and Shein of presenting possible information threats.

Shein and Temu “primarily rely on U.S. consumers downloading and using Chinese apps to curate and deliver products,” stated the report.

“These firms’ commercial success has encouraged both established Chinese e-commerce platforms and startups to copy its model, posing risks and challenges to U.S. regulations, laws, and principles of market access,” it stated.

Chinese- owned apps deal with extreme examination in the U.S. over security issues. U.S. legislators have actually warned that any Chinese- owned apps might be susceptible to information personal privacy breaches or disturbance from the Chinese federal government.

While political leaders frequently implicate Chinese business of handing information over to the Chinese federal government, there is no proof to support such claims.

“But there’s also a larger play here, which is many other apps that are not talked about are also collecting information and have been doing so for such a very long time,” stated Duca, noting it is more of a systemic issue.

Read more about tech and crypto from CNBC Pro

One expert stated she was less concerned about going shopping apps than social networks platforms such as TikTok and its sibling app Lemon8.

“From a national security standpoint, in addition to creating user profiles with all these data, social media platforms also have the ability to select, promote and demote content based on opaque metrics that ultimately, we don’t really have an insight into,” stated Lindsay Gorman, senior fellow for emerging tech at the German Marshall Fund.

For shopping apps, the “real sort of content influence” might be Chinese business promoting their items which “feels less of a threat to democracy,” statedGorman Instead, social networks apps might promote content about political subjects which are much more difficult to track, she stated.

TikTok deals with a possible restriction in the U.S. after its CEO Shou Zi Chew’s statement prior to Congress, which stopped working to stop legislators’ issues about the app’s ties to China or the adequacy of Project Texas, its strategy to save U.S. information on American soil.

“ByteDance is not owned or controlled by the Chinese government. It’s a private company,” Chew stated throughout the hearing.

In his very first public interview because the congressional hearing, Chew stated at the TED2023 conference recently: “We are constructing all the tools to avoid any of [Chinese government interference in U.S. elections] from occurring.”

He stated he was “very confident” the threat can be minimized to as close as absolutely no with the business being “very, very far along” with Project Texas.

Another expert, Glenn Gerstell, senior consultant at Center for Strategic and International Studies, stated these apps are “ultimately controlled by Chinese parties and that’s what the American political system is going to be focused on.” Geopolitical stress with China will continue to put Chinese apps under examination.

“It may be that if we got more sophisticated, we’d be able to distinguish one app from another and create a safer, more limited and controlled space. But right now, we don’t have that system in place,” stated Gerstell.