Is Temu Shopping App a Communist China-Based Scam That Spies on Users?

3 months ago 3

Ads for what look to beryllium unrealistically inexpensive products sold by the app and website Temu person go progressively ubiquitous online. Temu, launched successful September 2022, made waves with a pricey Super Bowl advertisement bargain successful February 2023 that promoted the institution slogan "shop similar a billionaire." At the clip of this reporting, the Temu app was the 2nd most popular escaped app successful Apple's App Store. 

As described successful an April 2023 report by the U.S.-China Economic and Security Review Commission (USCC), "Temu's occurrence raises flags astir its concern practices." The information that the prices offered are truthful debased has led imaginable users to wonderment if the deals are existent oregon if they are portion of a scam operation. The company's Chinese ownership and opaque firm operation person besides raised cybersecurity, privacy, and nationalist information concerns. 

Many of these concerns were articulated successful an April 2023 USA Today column by cybersecurity writer Kim Komando, which has since been shared widely successful the signifier of copypasta — repeatedly copy-and-pasted substance shared without root connected societal media. That nonfiction makes respective assertions astir the app Temu, advising users to delete the app immediately. These assertions include:

Prices are debased due to the fact that the goods are cheap.

The pictures of what you spot advertised whitethorn not beryllium what you really get.

Temu is simply a Communist China-based app and site.

As you shop, Temu monitors your enactment connected different apps, tracks your notifications and determination and changes settings.

Temu gains afloat entree to each your contacts, calendars and photograph albums, positive each your societal media accounts, chats and texts. In different words, virtually everything connected your phone.

The USA Today file and akin claims, portion rooted successful fact, are imprecise and, successful immoderate cases, incorrect. Here, Snopes explains the root and veracity of each of these assertions.

Temu's genitor institution — PDD Holdings — did not instantly respond to a petition for comment. Snopes volition update this nonfiction if we person a response. 

Prices are debased due to the fact that the goods are cheap.

Komando's nonfiction suggests that the suspiciously debased prices offered by Temu are the effect of inexpensive accumulation and manufacturing. Temu itself claims that its debased prices are enabled by a "deep web of merchants, logistic partners," and the genitor company's "established ecosystem built implicit the years." 

Neither explanation, however, genuinely captures the concern exemplary of Temu's genitor institution — PDD Holdings. PDD Holdings, traded connected the New York Stock Exchange, is the firm entity down Pinduoduo, China's 2nd astir fashionable eCommerce app. At the clip of this reporting, PDD Holdings was worthy about $92 billion

Pinduoduo, founded by Chinese billionaire and erstwhile Google worker Colin Huang successful 2015, was primitively designed to straight link farmers with buyers, thereby cutting retired the costs associated with selling to distributors. As described successful PDD Holding's 2022 Annual Report to the United States' Securities and Exchange Commission (SEC), its concern exemplary relies connected having a monolithic fig of buyers to connection to its manufacturing partners: 

The quality to aggregate request and make ample volumes of orders [on the Pinduoduo platform] helps make economies of standard for husbandman merchants. Farmers tin merchantability straight to consumers done the level and go little babelike connected wholesale distributors.

Pinduoduo's purchaser basal helps pull merchants to the platform, portion the standard of the platform's income measurement encourages merchants to connection much competitory prices and customized products and services to buyers, frankincense forming a virtuous cycle. 

In 2022, nearly 80% of PDD Holdings' gross successful 2022 came from selling advertizing services to its web of merchants, not from selling products. Pinduoduo and Temu some harvest ample amounts of Google and different idiosyncratic information to supply highly targeted advertizing services to their merchants. That accusation is besides utilized to predict, among different things, marketplace trends.

This exemplary would illness if not for the monolithic basal of progressive users it is capable to supply its merchants entree to. As such, some Pinduoduo and Temu usage assertive advertizing techniques and different incentives to pull customers and sometimes merchantability items astatine a loss. 

A large portion of this formula, for some Temu and Pinduoduo, is thing PDD Holdings presumption "team buying." A signifier of inexpensive oregon escaped advertizing for its platforms, the feature, the 2022 SEC study stated, encourages buyers "to stock merchandise accusation connected societal networks, and invitation their friends, household and societal contacts to signifier buying teams." As reported by Time, these incentives tin sometime trim the terms of a merchandise to astir nothing: 

While Temu's prices are cheap, galore caller customers really aren't paying thing astatine all. That's due to the fact that Temu has launched a run connected societal media successful which the much you person others to motion up, the much recognition you earn. This has enabled immoderate radical who person earned capable recognition to person location goods without adjacent giving Temu their recognition paper information.  

Some observers fishy that PDD Holdings is subsidizing the losses incurred by Temu's debased prices with revenues from Pinduoduo arsenic a strategy to summation marketplace share. "It seems similar they're being subsidized to beryllium a nonaccomplishment person successful bid to summation marketplace share, which is not dissimilar what Amazon did for a agelong time," Douglas Schmidt, a prof of machine subject astatine Vanderbilt University, told Time. 

"There's perfectly nary mode Temu runs a profitable retail business," Juozas Kaziukenas, laminitis of e-commerce probe institution Marketplace Pulse, told the Los Angeles Times successful May 2023. "They are efficaciously buying marketplace stock and hoping successful the years to travel that marketplace stock volition stick."

The pictures of what you spot advertised whitethorn not beryllium what you really get.

As described successful the 2023 USCC report, "Temu's deficiency of affiliation with established brands has brought concerns of merchandise prime arsenic good arsenic accusations of copyright infringement." PDD Holdings, that study stated, has been taxable to myriad customer-service complaints relating to shipments from Temu that ne'er arrived oregon shipments that bash not incorporate the merchandise advertised: 

As of April 2023, Temu has received 235 complaints successful the past twelvemonth with the Better Business Bureau, earning a 2.1 retired of 5 stars lawsuit rating." The bulk of these claims respect the mediocre prime of the point received, the agelong shipping times and related problems, and misleading merchandise ads.

PDD Holdings (then named Pinduoduo) was included successful the U.S. Trade Representative's 2021 database of "Notorious Markets for Counterfeiting and Piracy." Per that report:

The ample volumes of counterfeit goods that stubbornly stay connected the level evinces the request to amended the effectiveness of the tools oregon adjacent the gaps successful their implementation. This year, close holders conveyed that Pinduoduo appears to beryllium moving successful the incorrect direction, with delays successful takedowns, deficiency of transparency with takedown procedures, much burdensome and costly processes, little effectual seller vetting, and reduced practice with brands

The second study concerns a clip anterior to PDD's motorboat of Temu. 

Temu is simply a Communist China-based app and site.

Temu's genitor company, PDD Holdings, is simply a Cayman Islands institution with subsidiaries chiefly registered successful China and that are truthful taxable to regularisation by Chinese authorities. Despite a Chinese instrumentality banning citizens from investing successful this benignant of overseas exertion company, PDD Holdings is publically traded connected the New York Stock Exchange. 

Such a listing is imaginable done an statement known arsenic a Variable Interest Entity (VIE) — a firm operation that involves a analyzable web of ammunition companies and contractual agreements allowing Chinese citizens to bypass that law. Many large Chinese corporations traded successful the United States bash truthful done a VIE. 

That the underlying companies down PDD Holdings are owned by Chinese nationals does not marque the institution oregon their products an limb of the Chinese Communist Party. But U.S lawmakers person expressed concern astir Chinese authorities' power over, and quality to regulate, information derived by companies nether the umbrella of PDD Holdings. 

As reported by the Los Angeles Times, 2 wide areas of interest exist, according to Sky Canaves, a elder expert for retail and e-commerce astatine Insider Intelligence:

There are besides 2 main concerns from a U.S. regulatory perspective: companies with ties to China having entree to immense amounts of user data, and broader user privateness and information information issues, Canaves said.

The question is "whether that information could past beryllium accessed by Chinese authorities oregon utilized someway to harm U.S. interests," Canaves said.

There is no evidence that Temu's information are, oregon person been, shared with Chinese authorities, but PDD Holdings' Pindoudou level has had a history, to accidental the least, of malfeasance erstwhile it comes to broader "consumer privateness and information information issues."

As you shop, Temu monitors your enactment connected different apps, tracks your notifications and location, and changes settings.

Temu collects a large amount of data, overmuch similar galore different eCommerce apps. As stated successful its privateness policy, Temu collects information from your sessions and hunt past and monitors your enactment and clip connected pages. If you log successful utilizing societal media, it collects accusation contained successful your societal media profile, arsenic well. 

This information, the argumentation states, whitethorn beryllium combined with different sources of information provided to, oregon paid for, by Temu oregon PDD Holdings. The information are used, among different things, for probe and development, and for selling advertizing services to merchants. 

The conception that Temu tin alteration settings without your consent — thing that would beryllium achievable lone done illicit means — is presently unsubstantiated, however. These and more superior claims interest PDD Holdings' Chinese work Pindoudou.

Temu gains afloat entree to each your contacts, calendars and photograph albums, positive each of your societal media accounts, chats and texts. In different words, virtually everything connected your phone.

While Temu does cod information related to your contacts via societal media, the conception that Temu tin summation entree to "literally everything connected your phone" stems from the find of assertive malware successful Pindoudou. Beginning successful February 2023, respective reports revealed unambiguous efforts that Pindoudou contained unsafe and amerciable spyware. As reported by CNN successful April 2023:

CNN spoke to fractional a twelve cybersecurity teams from Asia, Europe and the United States — arsenic good arsenic aggregate erstwhile and existent Pinduoduo employees — aft receiving a tipoff.

Multiple experts identified the beingness of malware connected the Pinduoduo app that exploited vulnerabilities successful Android operating systems. Company insiders said the exploits were utilized to spy connected users and competitors, allegedly to boost sales.

The malware identified by researchers gave the app privileges and visibility into different apps without the user's cognition oregon consent:

The researchers recovered codification designed to execute "privilege escalation": a benignant of cyberattack that exploits a susceptible operating strategy to summation a higher level of entree to information than it's expected to have, according to experts.

"Our squad has reverse engineered that codification and we tin corroborate that it tries to escalate rights, tries to summation entree to things mean apps wouldn't beryllium capable to bash connected Android phones," said [Cybersecurity adept Mikko] Hyppönen.

The app was capable to proceed moving successful the inheritance and forestall itself from being uninstalled, which allowed it to boost its monthly progressive idiosyncratic rates, Hyppönen said. It besides had the quality to spy connected competitors by tracking enactment connected different buying apps and getting accusation from them, helium added.

These elevated privileges allowed the app entree to chats and photos. Cybersecurity adept Sergey Toshin told CNN that "the exploits allowed Pinduoduo entree to users' locations, contacts, calendars, notifications and photograph albums without their consent. They were besides capable to alteration strategy settings and entree users' societal web accounts and chats, helium said.

The malware was recovered lone connected an "off store" mentation of the app designed for Android users. China blocks some the Apple Store and the Google Play store, and mobile apps are downloaded from different "off-store" 3rd enactment websites. 

"By collecting expansive information connected idiosyncratic activities," CNN reported, "the institution was capable to make a broad representation of users' habits, interests and preferences," which "allowed [Pindoudou] to amended its instrumentality learning exemplary to connection much personalized propulsion notifications and ads, attracting users to unfastened the app and spot order."

According to a root acquainted with Pingdoudou's operations who spoke to CNN, the institution targeted agrarian areas successful China with the malware successful an effort to support a debased profile: 

It was successful 2020, according to a existent Pinduoduo employee, that the institution acceptable up a squad of astir 100 engineers and merchandise managers to excavation for vulnerabilities successful Android phones, make ways to exploit them — and crook that into profit.

According to the source, who requested anonymity for fearfulness of reprisals, the institution lone targeted users successful agrarian areas and smaller towns initially, portion avoiding users successful megacities specified arsenic Beijing and Shanghai.

"The extremity was to trim the hazard of being exposed," they said.

In response, Google Play removed Pindoudou from its store and flagged the bundle arsenic dangerous. Following nationalist vulnerability of these actions successful March 2023, Pingdoudou fired the squad of researchers liable for exploiting Android vulnerabilities for Pingdoudou's benefit. 

While information experts person not identified immoderate specified Malware successful Temu, valid concerns beryllium astir the methods employed by different companies nether the umbrella of PDD Holdings. As CNN reported, Temu present employs galore of those fired programmers. 

The Bottom Line

The question "is Temu legit" is presently ubiquitous connected the net acknowledgment to Temu's assertive advertisement buys, its evident comfortableness astatine operating astatine a loss, and its flashy debased prices. On the 1 hand, you volition apt beryllium capable to bargain and yet person inexpensive products that are akin to the products advertised connected its site. In that sense, the website is "legit."

On the different hand, the methods Temu's genitor institution uses, including its unfastened disregard for privateness regularisation and its tendency to cheat its contention and harvest idiosyncratic information for profit, are highly concerning to U.S. information regulators. While determination is presently nary grounds that Temu itself is malware, the firm past and concern morals of PDD Holdings makes these concerns legitimate, arsenic well. 

Read Entire Article