Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Online App. Show all posts

China's Temu App Pose a Security Threat to Online Shoppers

 

Apps rule the contemporary era. Each aspect of our lives, from communication to e-commerce, appears to be dependent on digital platforms that promise convenience at the push of a button.

A newbie among these apps has recently attracted a lot of attention. Temu, a Chinese-affiliated discount shopping site, has experienced tremendous growth in the United States. 

However, this level of popularity has generated a lot of scrutiny and worries regarding the platform's potential data security vulnerabilities. This blog post will look at the Temu data risks, the Temu app's potential concerns, and if it is safe to shop on Temu. 

What exactly is Temu? 

Temu (pronounced "tee-moo") is an e-commerce platform operated by PDD Holdings, a Nasdaq-listed Chinese business that also owns Pinduoduo, a shopping app that sells anything from groceries to clothing. PDD is headquartered in Shanghai, whereas Temu has its base in Boston. Temu, dubbed a clone of the fast-fashion label Shein, has had a staggering rise in the US market, overtaking heavyweights such as Instagram, WhatsApp, Snapchat, and Shein on the Apple App Store only 17 days after its launch. 

Temu has been downloaded by nearly 80 million Americans since its inception in September 2022, according to Apptopia data. You may recall seeing their expensive Super Bowl advertising promising users the ability to "shop like a billionaire." It's also worth mentioning that Temu's global reach extends beyond the United States; the company started in the United Kingdom in March, just weeks after entering Australia and New Zealand. While its popularity cannot be ignored, critical issues remain: is Temu safe, and is it safe to shop on Temu? 

Data threats and controversies 

Temu's meteoric rise has not been without controversy. The United States has accused Temu of posing potential data dangers, especially after its sister app Pinduoduo was removed from Google's app store due to the presence of malware on the Pinduoduo app that exploited vulnerabilities in Android operating systems.

According to company insiders, the exploits were utilized to spy on consumers and competitors in order to boost sales. Pinduoduo requested up to 83 permissions, including biometric, Bluetooth, and Wi-Fi network information access. 

Temu's data requests are not as intrusive as Pinduoduo, but the fact that Temu wants 24 permissions, including access to Bluetooth and Wi-Fi network information, is cause for alarm. 

These permissions may appear innocuous at first glance, but cybersecurity experts warn that an e-commerce app does not need to keep biometric data, and any request to do so should be viewed with suspicion. Biometric data, unlike passwords, cannot be updated, making them an attractive target for criminals. 

Users should also question the need for e-commerce apps to acquire Wi-Fi data. If a user connects to a workplace Wi-Fi network, the data could provide a conduit for thieves to infiltrate potentially sensitive information. The question then becomes, why does an e-commerce app require such access? 

The bigger China picture 

There are other cases like Temu's, too. E-commerce platform data concerns are a subset of a more widespread systemic issue. Because of security concerns, Chinese-owned apps are closely inspected in the United States. Temu and Shein were cited as potential data threats by the U.S.-China Economic and Security Review Commission. 

For these platforms to curate and deliver products, U.S. laws, regulations, and market principles face serious risks and obstacles due to the reliance on American users installing and using their apps. Although there isn't any concrete evidence that these companies share info with the Chinese government, the possibility still exists. We have already talked about these issues in relation to the popular app TikTok. 

The Critical Information Infrastructure (CII) operators are required under China's Cybersecurity Law, which was introduced in 2016 and came into effect in June 2017, to grant the government unrestricted access to their data and to require that it only be stored on the country's mainland. 

In addition, the Communist Party of China's 2012 Constitution mandates that top CCP members must be given the chance to hold leadership roles within both public and private businesses functioning in China. By 2017, these government representatives had positions in over 1.86 million privately owned companies in China.

The Chinese government is propagating its objective of establishing world economic dominance with these legislative measures now in place. As a result, there is worry in the U.S. that Temu and other apps connected to Chinese companies could potentially be assisting in this goal by sharing our data with the Chinese government, posing a threat to our economy and the privacy of our citizens.