The app for China-based TikTok isn’t the only one to avoid if you worry about cybersecurity and whether any of your personal data might end up on the servers of the Chinese Communist Party.
Any app made by a company based in China and thus answerable to the party-state is suspect. But take Temu, in the news because concerns are mounting “Over Temu Marketplace App’s Alleged Data Practices” (CityNewsOKC, July 7, 2024).
Arkansas Attorney General Tim Griffin warns that the app is more than a shopping platform. It is also a “data theft business” that is “actively using malware and spyware to infiltrate devices and extract complex user data.” In a way that is designed to evade detection.
Griffin’s office has sued Shanghai-based Pinduoduo Inc., Temu’s parent company, seeking “a permanent injunction against Temu’s data collection practices under Arkansas’s Deceptive Practices Act.”
Central to the legal action are allegations supported by research from Grizzly Research, a firm specializing in the analysis of publicly traded companies. Their investigation alleges that Temu deliberately accesses users’ phone operating systems, potentially compromising everything from camera feeds to text messages and location data.
Moreover, Grizzly Research suspects that Temu may be involved in illicitly selling stolen data from Western customers to sustain its operations.
Griffin’s warnings echo similar concerns voiced by other entities, including the Texas Public Policy Foundation, which recently highlighted Temu’s capabilities to access extensive user data, posing severe risks of surveillance and privacy breaches.
Temu denies the allegations.
Even if the lawsuit succeeds, Arkansas probably won’t be collecting the “substantial penalties for each violation” that the state is seeking. But the litigation at least calls attention to the problem.
The nature of Temu’s products is another question. In June 2023, a congressional investigation found “an extremely high risk that Temu’s supply chains are contaminated with forced labor.“
Buyer and downloader beware.
