Application Security , Cybercrime as-a-service , Cyberwarfare / Nation-State Attacks

Chinese E-Commerce Giant Pinduoduo Allegedly Spies on Users

Popular Budget App Was Suspended From Play Store in March
Chinese E-Commerce Giant Pinduoduo Allegedly Spies on Users

Days after Google suspended the popular budget e-commerce application Pinduoduo from its Play Store, researchers are alleging that the Chinese app can bypass phones' security and monitor activities of other apps, including accessing private messages and changing settings.

See Also: Splunk Named a 10-Time Leader in Gartner® Magic Quadrant™ for SIEM

The app was suspended from Play Store for malware presence on the versions of the Chinese app downloadable from other online stores in March. The app, which is impossible to remove once installed, collects user data without consent, according to a report from CNN.

"E-commerce giant Pinduoduo has taken violations of privacy and data security to the next level," CNN reported, citing multiple cybersecurity experts from Asia, Europe and the United States.

A spokesperson for Pinduoduo did not immediately respond to Information Security Media Group's request for comment.

Pinduoduo parent company PDD Holdings recently announced its fourth-quarter revenue of $5.79 billion, a figure below expectations. The company said it has 800 million monthly active users across the globe. Google's suspension did not appear to affect Temu, Pinduoduo's app for the U.S. market.

Mikko Hyppönen, chief research officer at Finnish cybersecurity firm WithSecure, told CNN that he has not before seen "a mainstream app like this trying to escalate their privileges to gain access to things that they’re not supposed to gain access to."

"The methods used by the Pinduoduo app in China are highly unusual," Hyppönen said in a tweet. "There are a couple of scenarios of what might have happened here, and all of them are bad: Pinduoduo is hacked, Pinduoduo has a malicious insider, Pinduoduo lost their signing key, Pinduoduo hacked their own users.

TechCrunch also reported that multiple Chinese security researchers had flagged malicious code designed to monitor users within Pinduoduo versions.

About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.