In simply 17 days after launch, Temu surpassed Instagram, WhatsApp, Snapchat and Shein on the Apple App Store within the U.S., in keeping with Apptopia knowledge shared with CNBC.
Stefani Reynolds | Afp | Getty Images
The U.S. has accused low cost purchasing web site Temu of doable knowledge dangers after its Chinese sister app was pulled from Google’s app retailer over “malware” — however analysts say they are not that nervous.
Compared to Pinduoduo, which was suspended by Google in March after variations supplied exterior Google’s Play retailer have been discovered to include malware, Temu is “not as aggressive,” one analyst stated.
The malware in Pinduoduo was discovered to leverage particular vulnerabilities for Android telephones, permitting the app to bypass person safety permissions, entry personal messages, modify settings, view knowledge from different apps and stop uninstallation.
Google referred to as it an “identified malicious app” and urged customers to uninstall the Pinduoduo app, however the Chinese on-line retailer denied these claims.
According to evaluation by Kevin Reed, chief info safety officer at cybersecurity agency Acronis, Pinduoduo requests for as many as 83 permissions — together with entry to biometrics, Bluetooth and details about Wi-Fi networks.
“Some of these permissions Pinduoduo is asking seems to be unexpected for an e-commerce app,” stated Reed, who shared his evaluation of each apps with CNBC.
“But Temu is not as aggressive as Pinduoduo that is requesting all kinds of privileges,” stated Reed.
Pinduoduo is a China-based e-commerce app that sells the whole lot from groceries to clothes. It is the flagship product of Nasdaq-listed Chinese firm PDD Holdings which additionally owns Temu. Temu’s headquarters are situated in Boston.
Pinduoduo is far more aggressive in gathering customers’ info and clearly switch it again to the corporate.
Kevin Reed
chief info safety officer, Acronis
“There should be no need for biometric data to be stored on an e-commerce website or app. I personally wouldn’t want my biometric data to be stored anywhere else other than my device,” stated Sean Duca, vice chairman and regional chief safety officer for Asia Pacific and Japan at cybersecurity agency Palo Alto Networks.
“Biometrics have a lot greater value than anything else, because I can’t simply change my fingerprint at all, unlike passwords,” stated Duca.
He additionally questioned why entry to Wi-Fi info was mandatory. If it’s company Wi-Fi that the person is linked to, it can “become a very lucrative target for cyber criminals where they start to actually gain access to this information,” cautioned Duca. “But why does an e-commerce provider actually need that?”
What does Temu do?
Temu, dubbed a copycat of fast-fashion label Shein, is taking the U.S. market by storm.
Just 17 days after its launch in September, the app surpassed Instagram, WhatsApp, Snapchat and Shein on the Apple App Store within the U.S., in keeping with Apptopia knowledge shared with CNBC. It launched within the U.Ok. in March, simply weeks after coming into Australia and New Zealand.
The undeniable fact that Pinduoduo “has requested even more permissions than Temu app even though they seem to be a similar kind of applications seems over-intrusive to me,” stated Reed.
“Pinduoduo is much more aggressive in collecting users’ information,” stated Reed who claimed the info was “obviously [transferred] back to the company.”
PDD Holdings didn’t reply to CNBC’s request for remark relating to these permissions.
In comparability, the Temu app requests for twenty-four permissions, stated Reed. Some of those permissions embrace entry to Bluetooth and details about Wi-Fi networks.
I’m much less nervous in regards to the purchasing apps than social media platforms like TikTok and Lemon8.
Lindsay Gorman
Senior fellow for rising tech, German Marshall Fund
“There have been no reports of the malicious functionality present in official Play, App Store or third-party versions of Temu. The keys used to sign the Pinduoduo malware are not the same keys used to sign the Temu app,” stated Daniel Thanos, vice chairman and head of Arctic Wolf Labs, the menace intelligence arm of cybersecurity agency Arctic Wolf.
“Based on our analysis, it appears that this malware is targeting Chinese users primarily, as it appears to target devices usually sold and used in China such as Xiaomi, Vivo, Oppo, Samsung, etc, and their corresponding applications,” stated Thanos. PDD Holdings didn’t instantly reply to CNBC’s request for remark.
Data dangers
In a report on Chinese “fast fashion” platforms revealed in April, the U.S.-China Economic and Security Review Commission accused Temu and Shein of posing doable knowledge dangers.
Shein and Temu “primarily rely on U.S. consumers downloading and using Chinese apps to curate and deliver products,” stated the report.
“These firms’ commercial success has encouraged both established Chinese e-commerce platforms and startups to copy its model, posing risks and challenges to U.S. regulations, laws, and principles of market access,” it stated.
Chinese-owned apps face intense scrutiny within the U.S. over safety issues. U.S. lawmakers have cautioned that any Chinese-owned apps could possibly be weak to knowledge privateness breaches or interference from the Chinese authorities.
While politicians typically accuse Chinese firms of handing knowledge over to the Chinese authorities, there isn’t a proof to help such claims.
“But there’s also a larger play here, which is many other apps that are not talked about are also collecting information and have been doing so for such a very long time,” stated Duca, noting it’s extra of a systemic downside.
One analyst stated she was much less nervous about purchasing apps than social media platforms reminiscent of TikTok and its sister app Lemon8.
“From a national security standpoint, in addition to creating user profiles with all these data, social media platforms also have the ability to select, promote and demote content based on opaque metrics that ultimately, we don’t really have an insight into,” stated Lindsay Gorman, senior fellow for rising tech on the German Marshall Fund.
For purchasing apps, the “real sort of content influence” could also be Chinese firms selling their merchandise which “feels less of a threat to democracy,” stated Gorman. Instead, social media apps might promote content material about political subjects that are a lot tougher to trace, she stated.
TikTok faces a doable ban within the U.S. after its CEO Shou Zi Chew’s testimony earlier than Congress, which did not quell lawmakers’ issues in regards to the app’s ties to China or the adequacy of Project Texas, its plan to retailer U.S. knowledge on American soil.
“ByteDance is not owned or controlled by the Chinese government. It’s a private company,” Chew stated in the course of the listening to.
In his first public interview because the congressional listening to, Chew stated on the TED2023 convention final week: “We are building all the tools to prevent any of [Chinese government interference in U.S. elections] from happening.”
He stated he was “very confident” the danger might be diminished to as shut as zero with the corporate being “very, very far along” with Project Texas.
Another analyst, Glenn Gerstell, senior advisor at Center for Strategic and International Studies, stated these apps are “ultimately controlled by Chinese parties and that’s what the American political system is going to be focused on.” Geopolitical tensions with China will proceed to place Chinese apps underneath scrutiny.
“It may be that if we got more sophisticated, we’d be able to distinguish one app from another and create a safer, more limited and controlled space. But right now, we don’t have that system in place,” stated Gerstell.
Source: www.cnbc.com”