A giant e-commerce app where Chinese people can purchase a variety of low-cost items has the ability to spy on its users, according to a CNN investigation published Monday.
Pinduoduo can overcome users’ mobile phone protections to track behavior on other apps, view notifications, read private messages and change settings, according to cybersecurity researchers in a CNN investigation. While there are other apps that collect information, this is an unprecedented level of privacy and data violation, the experts told CNN.
Company insiders at Pinduoduo stated this exploitation was designed to surveil users and rivals, allegedly to augment sales, according to CNN. Pinduduo’s international sister app, Temu, is at the top of both the Apple App Store and Google Play Store charts in the U.S., according to apptopia.
Both apps are owned by PDD Holdings Inc., which is tied to China and was founded in 2015 by Hua Lin Cai and Zheng Huang in Shanghai, according to Forbes. (RELATED: Top Biden Adviser Anita Dunn Promoted TikTok After It Hired Her Old Lobbying Firm: REPORT)
Although Temu was not part of the CNN investigation, as a China-owned application through PDD, the Chinese government could access its data as their law permits them to collect information from companies based there for national security purposes, according to CNBC.
Google suspended Pinduoduo from its app store in March due to surveillance concerns, according to CNN. It is still on the Apple App Store, but it has a 2.4-out-of-5-star rating.
In a statement, Pinduoduo reportedly said it highly disagrees with “the speculation and accusation that Pinduoduo app is malicious just from a generic and non-conclusive response from Google,” according to CNN.
Suspicions were initially raised about Pinduoduo in February following a report by a Chinese cybersecurity firm called Dark Navy, according to CNN.
On March 5, Pinduoduo released a new app update, which undid the privacy violations, according to two experts CNN spoke to. Then on March 7, the company dissolved the group of engineers and managers who developed them, according to the Pinduoduo source who spoke to CNN.
Sergey Toshin, the founder of Oversecured, a mobile security company, examined the update and observed the exploits were removed but the code was still present and able to be reactivated to launch attacks, according to CNN.
The majority of the team was transferred to work at Temu in different departments such as marketing or crafting push notifications, according to the source.
PDD Holdings Inc. and Temu did not immediately respond to Daily Caller News Foundation’s request for comment.
Pinduoduo could not be reached for comment.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.