Arkansas Attorney General Tim Griffin made sweeping claims against e-commerce app Temu successful a suit connected Tuesday, accusing nan institution of violating authorities rule against deceptive waste and acquisition practices.
“Temu purports to beryllium an online shopping platform, but it is vulnerable malware, surreptitiously granting itself entree to virtually each information connected a user’s compartment phone,” Griffin alleges.
Screenshot: App Store / Google Play
Temu is nan number 1 free shopping app connected nan Apple App Store and Google Play Store and is owned by PDD Holdings, which besides runs a celebrated app called Pinduoduo. PDD was based successful China until past year, when it moved its office to Ireland. The suit tees up its allegations against Temu pinch a explanation of those against Pinduoduo, which researchers believed could spy connected users, according to CNN, and which nan Google Play Store suspended astatine 1 point successful 2023 owed to information concerns pinch “Off-Play versions of nan app.”
Arkansas alleges that Temu, which was heavily marketed successful nan US, was modeled disconnected of Pinduoduo.
“Temu’s behaviour came to ray pursuing nan removal of nan Pinduoduo app from Google’s Play Store owed to nan beingness of malware that exploited vulnerabilities successful users’ telephone operating systems and allowed nan app not only to summation undetected entree to virtually each information stored connected nan phones, but besides to recompile itself and perchance alteration its properties erstwhile installed, successful a mode designed to debar detection,” nan suit claims, pointing to concerns from Apple astir Temu’s compliance pinch information information transparency standards. Apple told Politico past twelvemonth nan app was disposable connected its app shop aft resolving nan concerns.
The suit alleges that Temu’s app whitethorn beryllium moreover much vulnerable than Pinduoduo’s. It cites an article from Grizzly Research, a patient “focused connected producing differentiated investigation insights connected publically traded companies done in-depth owed diligence.” The suit cites findings successful nan study that “the Temu app has nan capacity to hack users’ phones and override information privateness settings that users person purposely group to forestall their information from being accessed.”
The AG claims that Temu collects acold much information than basal to tally a shopping app, including delicate aliases personally identifiable information. For example, nan suit alleges that Temu misleads users successful its requests to entree information, specified arsenic location, erstwhile uploading a photo. “A reasonable user would presume that nan location support is confined to nan usage of photograph uploads. The permission, however, extends to immoderate clip nan personification engages pinch nan Temu app,” nan suit claims. It besides alleges that Temu “sneaks” permissions to entree audio and ocular signaling and retention connected a device.
Temu, Google, and Apple did not instantly respond to requests for comment.