'%20x='0'%20y='0'%20height='100%25'%20width='100%25'%20%0A%20%20%20%20%20%20%20%20%20%20xlink%3Ahref='data:image/jpg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAMDAwMDAwQEBAQFBQUFBQcHBgYHBwsICQgJCAsRCwwLCwwLEQ8SDw4PEg8bFRMTFRsfGhkaHyYiIiYwLTA+PlQBAwMDAwMDBAQEBAUFBQUFBwcGBgcHCwgJCAkICxELDAsLDAsRDxIPDg8SDxsVExMVGx8aGRofJiIiJjAtMD4+VP/AABEIAAUACgMBIgACEQEDEQH/xABhAAEBAQAAAAAAAAAAAAAAAAAABgkQAAEEAgIDAAAAAAAAAAAAAAMBAgQFAAYRUQgVIgEBAAAAAAAAAAAAAAAAAAAABhEAAgIBBQEAAAAAAAAAAAAAAQIDBCEABQYTMUH/2gAMAwEAAhEDEQA/AI3x0DZ7zr19s19d2hTBZIPDBFkLEDGdG4XlrGfCuXtyZofo+tXd/peuWx7iMhbCngyiJ6wK8OOFr167xjC3HLE1i/vPa5YRWzGg+KqkgADTDlJMFDZ1THZVSVz6zO6KSSxzknX/2Q=='%3E%3C/image%3E%3C/svg%3E)
Chinese online retailer Pinduoduo is reportedly posing a threat to millions of its users in terms of security. On April 3, CNN published a report that revealed that the app can penetrate a person's mobile security and spy on them.
The news comes after Google removed a version of the retailer's app from its Play Store in February 2023 due to security reasons.
In a statement issued to news outlets, a company representative said that malware problems were detected on many variants of the app that were beyond Google's app store.
“The Off-Play versions of the e-commerce app that have been found to contain malware have been enforced on via Google Play Protect.”
As per the report, the app regularly scans all Android apps for harmful software. While speaking to CNN about the app, the chief research officer at cyber security company WithSecure, Mikko Hyppönen, said:
“We haven’t seen a mainstream app like this trying to escalate their privileges to gain access to things that they’re not supposed to gain access to. This is highly unusual, and it is pretty damning for Pinduoduo.”
Pinduoduo is difficult to delete once its installed
Pinduoduo, which was founded in 2015 by Colin Huang, began as an agribusiness online store before moving to a third-party platform strategy that connects retailers and customers across multiple product categories.
As per the report published by CNN, an investigation into the matter has revealed that the Pinduoduo app can penetrate a user's mobile security and monitor its activities.
It can also monitor notifications, access confidential messages, and alter settings. Pinduoduo has the ability to spy on individuals as they use other applications.
CNN reports that once installed, the app is difficult to remove and also asks for more access than it requires.
While speaking to news outlet Bloomberg, Kaspersky Lab's security researchers said that the app is able to raise its own authority to compromise user privacy and data security.
They also found proof that some versions of the app could leverage system software flaws to install backdoors and obtain unauthorized access to user data and alerts. Kaspersky security researcher Igor Golovin said:
“Some versions of the Pinduoduo app contained malicious code, which exploited known Android vulnerabilities to escalate privileges, download and execute additional malicious modules, some of which also gained access to users’ notifications and files.”
As of writing, there is no evidence that the app has leaked the data to the Chinese government, but Beijing has the authority to make companies reveal the collected data under national security laws.
With the retailer app under the radar, its sister app, Temu, is also raising eyebrows about its security, especially since it's widely used in the US.
PDD, a global corporation traded on the Nasdaq Composite, owns both applications and has rubbished the rumors that their app carries malicious software.
This comes after Chinese apps have been scrutinized for leaking information to the government. India and Australia have already banned ByteDance's popular app, TikTok due to security concerns.
