This Chinese App Has The Ability To Spy On Its Users: 'I've Never Seen Anything Like This'

by Bibhu Pattnaik, Benzinga Staff Writer
April 2, 2023 4:21 PM | 2 min read |
Zinger Key Points
  • The Pinduoduo app can reportedly bypass users' cell phone security.
  • Pinduoduo entered the U.S. market last September with its online marketplace Temu. 

In March, Alphabet Inc's GOOGL Google banned Chinese e-commerce company Pinduoduo Inc's PDD app from its platforms, citing security concerns amid the discovery of malware. Now, experts allege that the app can be used to spy on users, according to a CNN report

The Pinduoduo app can reportedly bypass users' cell phone security to monitor activities on other apps, check notifications, read private messages and change settings.

Experts assert that the presence of malware in the Pinduoduo app has uncovered holes in Android's operating systems. Company insiders said that those vulnerabilities were exploited to spy on users and competitors and to allegedly boost sales, according to CNN. 

Read Also: Want To Use TikTok, Instagram Or Twitter? You Might Have To Get Your Parent To Sign A Permission Slip

"We haven't seen a mainstream app like this trying to escalate their privileges to gain access to things that they're not supposed to gain access to," Mikko Hyppönen, chief research officer at WithSecure, told the outlet.

Evidence of malware in the Pinduoduo app comes amid heightened U.S.-China tensions over Chinese-owned apps, including TikTok, which U.S. lawmakers say could be a national security threat.

In 2020, Pinduoduo set up a team of approximately 100 engineers to dig for vulnerabilities in Android phones and develop ways to exploit and profit off those vulnerabilities, a current employee at Pinduoduo told CNN.

Researchers from Tel Aviv-based cyber firm Check Point Research, Delaware-based app security startup Oversecured, and Hyppönen's WithSecure reportedly analyzed the 6.49.0 version of the app and discovered a code designed to achieve "privilege escalation" — a type of cyberattack that exploits a vulnerable operating system to gain a higher level of access to data than it's supposed to have.

Sergey Toshin, founder of Oversecured, told CNN that Pinduoduo is "the most dangerous malware" ever found among mainstream apps.

"I've never seen anything like this before. It's like, super expansive," he said.

Pinduoduo entered the U.S. market last September with its online marketplace Temu. 

Read Next: If TikTok Is Banned, Readers Overwhelmingly Say They'll Flock To One Specific App

Photo: Shutterstock

Market News and Data brought to you by Benzinga APIs

© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.

Comments
Posted In: NewsSocial MediaTechGeneralChinaPinduoduospying
Benzinga simplifies the market for smarter investing

Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.

Join Now: Free!