In keeping with Apptopia data shared with CNBC, in only 17 days of release, Temu has overtaken Instagram, WhatsApp, Snapchat and Shein within the Apple App Store within the US.
Stefani Reynolds | AFP | Getty’s paintings
The US has accused discount website Temu of possible data loss after its Chinese sister app was faraway from the Google App Store because of “malware” – but analysts say they are not nervous about it.
In comparison with Pinduoduo, which was suspended by Google in March after versions offered outside the Google Play store contained malware, Temu “is not as aggressive,” said one analyst.
The malware in Pinduoduo was found to use specific vulnerabilities in Android phones, letting the app bypass user security permissions, access private messages, modify settings, view data from other apps and stop uninstallation.
Google called it an “identified malicious app” and urged users to uninstall the Pinduoduo app, however the Chinese online retailer denied these claims.
In keeping with an evaluation by Kevin Reed, director of information security at cybersecurity firm Acronis, Pinduoduo asks for as many as 83 permissions, including access to biometrics, Bluetooth, and Wi-Fi information.
“Some of these permissions that Pinduoduo is asking for seem unexpected for e-commerce apps,” said Reed, who shared his evaluation of each apps with CNBC.
“But Temu is just not as aggressive as Pinduoduo, who demands all types of privileges,” Reed said.
Pinduoduo is a Chinese e-commerce app that sells the whole lot from groceries to clothing. That is the flagship product of the Nasdaq-listed Chinese company PDD holdings who also owns Temu. Temu is headquartered in Boston.
Pinduoduo is way more aggressive in collecting details about users and of course passing it back to the corporate.
Kevin Reed
Chief Information Security Officer, Acronis
“There ought to be no have to store biometrics on an e-commerce website or app. Personally, I would not want my biometrics stored anywhere apart from my device,” said Sean Duca, vp and regional head of security for Asia-Pacific and Japan at cybersecurity firm Palo Alto Networks.
“Biometrics has rather a lot more value than the rest because I am unable to just change my fingerprint, unlike passwords,” said Duca.
He also asked why access to Wi-Fi information is essential. If it’s a company Wi-Fi network that the user is connected to, “it would develop into a really lucrative goal for cybercriminals who will start actually accessing this information,” warned Duca. “But why does an e-commerce provider actually need it?”
What’s Tem doing?
Called the imitator of the fast fashion brand Shein, Temu is taking the American market by storm.
Just 17 days after launching in September, the app surpassed Instagram, WhatsApp, Snapchat and Shein within the US Apple App Store, in line with Apptopia data shared with CNBC. It launched within the UK in March, just weeks after entering Australia and Latest Zealand.
The incontrovertible fact that Pinduoduo “requested much more permissions than the Temu app, although they look like similar apps, seems too intrusive to me,” Reed said.
“Pinduoduo is way more aggressive in collecting user information,” said Reed, who claimed the data was “obviously [transferred] back to the corporate.”
PDD Holdings didn’t reply to CNBC’s request for comment on these permits.
Compared, the Temu app requests 24 permissions, Reed said. Some of these permissions include access to Bluetooth and knowledge about Wi-Fi networks.
I worry less about shopping apps than about social media platforms like TikTok and Lemon8.
Lindsay Gorman
Senior Emerging Technologies Specialist, German Marshall Fund
“There have been no reports of malicious features present in official Temu Play, App Store or third-party versions. The keys used to sign the Pinduoduo malware usually are not the identical keys used to sign the Temu app,” said Daniel Thanos, vp and head of Arctic Wolf Labs, the threat intelligence arm of Arctic Wolf cybersecurity company.
“Based on our evaluation, this malware appears to be primarily targeting Chinese users because it appears to focus on devices typically sold and utilized in China, reminiscent of Xiaomi, Vivo, Oppo, Samsung, etc., and their corresponding apps. Thanos said. PDD Holdings didn’t immediately reply to CNBC’s request for comment.
Data risks
IN report on Chinese “fast fashion” platforms. published in April, the US-China Economic and Security Review Commission accused Temu and Shein of posing a possible data risk.
Shein and Temu “rely primarily on US consumers to download and use Chinese apps to pick and deliver products,” the report said.
“The business success of these firms has encouraged each established Chinese e-commerce platforms and startups to repeat their model, posing risks and challenges to US regulations, laws and market access rules,” it said.
Chinese-owned apps are under intense scrutiny within the US because of security concerns. US lawmakers have warned that any Chinese-owned apps might be vulnerable to data privacy breaches or interference from the Chinese government.
While politicians often accuse Chinese firms of giving data to the Chinese government, there is no such thing as a evidence to support such claims.
“But there’s also a much bigger game here, which is that many other apps that are not talked about are also collecting information and have been doing it for a really very long time,” Duca said, noting that it’s more of a systemic issue.
One analyst said yes less nervous about shopping apps than social media platforms like TikTok and its sister app Lemon8.
“From a national security point of view, along with creating user profiles with all this data, social media platforms even have the flexibility to pick, promote and demote content based on opaque metrics that we ultimately don’t really see,” said Lindsay Gorman, senior security officer. emerging technologies on the German Marshall Fund.
For shopping apps, the “real kind of content impact” might be Chinese firms promoting their products, which “senses less of a threat to democracy,” Gorman said. As a substitute, social media apps can promote politically-themed content, which is far harder to trace, she said.
TikTok is facing a possible ban within the US after its CEO Shou Zi Chew’s testimony before Congress didn’t allay lawmakers’ concerns in regards to the app’s ties to China or the adequacy of Project Texas, its plan to store US data on American soil.
“ByteDance is just not owned or controlled by the Chinese government. It’s a non-public company,” Chew said in the course of the hearing.
![I don't think shutting down or banning TikTok is needed, the analyst says](https://image.cnbcfm.com/api/v1/image/107214478-16796238941679623891-28711403880-1080pnbcnews.jpg?v=1679632131&w=750&h=422&vtcrop=y)
In his first public interview for the reason that congressional hearingChew told TED2023 last week, “We’re constructing all of the tools to forestall any [Chinese government interference in U.S. elections] from the event.”
He said he was “very confident” that the risk might be reduced to close zero because the corporate was “very, very distant” from Project Texas.
One other analyst, Glenn Gerstell, a senior adviser on the Center for Strategic and International Studies, said these apps are “ultimately controlled by Chinese parties and that is what the American political system will focus on.” Geopolitical tensions with China will proceed to bring Chinese apps under scrutiny.
“It might be that if we became more sophisticated, we’d find a way to differentiate one application from one other and create a safer, more confined and controlled space. But in the mean time we haven’t got such a system,” Gerstell said.