The app in question is Temu, a Chinese e-commerce app whose use is booming across the Western world. It is made by one of China's biggest e-commerce platforms, Pinduoduo, and sells heavily discounted products like sneakers, kids' toys and even appliances like surveillance cameras. Most of the products sold on Temu are manufactured and shipped from China to Western markets. (Related: Chinese hackers exploit Microsoft cloud bug to raid US government email accounts, including the Commerce Secretary's.)
Temu began operating in the United States in the fall of 2022 and then to over a dozen countries in the European Union (EU) in April, including Belgium, France and Germany. To aid in Temu's Western expansion, the app's parent company, PDD Holdings, moved its office for international operations from Shanghai to Dublin, Ireland in May.
Temu has already been downloaded over 50 million times on Google. It ranked as the most downloaded app on the Apple App Store in Belgium, France, Germany, Italy and Portugal in July and was the second most downloaded app on the App Store in the Netherlands, Poland, Sweden and the United Kingdom. It was also the most downloaded app on Google's Play Store in Belgium, Ireland, Portugal and Sweden.
But the app's rapid rise in the West has set off the alarm bells of cybersecurity analysts concerned about Chinese tech's infiltration in the Western world. They pointed out how the app's shadowy privacy and cybersecurity practices and the suspension of its Chinese sister app over malware as well as the CCP's potential access to the data Temu has collected is sparking significant unease.
"Apps collect reams and reams of data on all of us, and what happens when that data falls into the hands of an authoritarian government whose national security and economic interests often conflict with those of the West?" warned Lindsay Gorman, senior fellow for emerging technologies and head of geopolitics at the German Marshall Fund think tank.
As part of its use agreement with customers, Temu automatically tracks and collects user information, such as location data, and combines it with other information available from other sources such as government agencies, social network sites and marketing companies and then shares it with its parent company and potentially with other affiliates.
Apple previously suspended Temu for misleading language about what data it can access and not providing users with the option to refuse to allow themselves to be tracked across the internet. Temu claims to have resolved its problems in early July and was reinstated in the App Store.
"There's a heightened data privacy concern as to whether [Temu] in particular can access data from the rest of your phone," noted Gorman.
"It looks to me like they don't have a form of reporting vulnerabilities," said Laurie Mercer, a cybersecurity engineer with cybersecurity company HackerOne. "They don't have any transparency over their security testing and those would all raise red flags for me."
Mercer noted that other large e-commerce platforms operating in the EU have programs for disclosing vulnerabilities, known as "bug bounties."
"The app was quite complex to look into and has obfuscations, making the code difficult to analyze, which could indicate that they have something to hide," warned Jeroen Becker, an analyst for cybersecurity company NVISO.
Learn more about China's latest actions against the United States at CommunistChina.news.
Watch this clip from Fox Business featuring Florida Republican Rep. Carlos Gimenez discussing how China is stealing American secrets.