Pinduoduo, the most popular app in China, has bypassed phone security systems and spied on users. It even had access to private conversations. As a result, experts are concerned: “Most dangerous malware ever found in an app.”
Pinduoduo is a Chinese app where you can buy almost anything. It started with only food, but now clothing, electronics and furniture can also be purchased in the app. With more than 750 million monthly users, it is even the most popular app in China. Of course, it can only be used in China, but owner PDD Holdings also sells stuff in the US, Canada, Australia and New Zealand with the Temu app.
The app is by no means unspoken. In February, the Chinese cybersecurity company Dark Navy suspected Pinduoduo of using malware, and in March, Google removed the app from its Play store. Pinduoduo denied spying on its users, but CNN decided to investigate the matter further. The channel approached six investigative teams worldwide, three of which have thoroughly studied the case. And the experts are shocked by what they discovered. “This is the most dangerous malware ever found in a major app,” said Sergey Toshin, founder of the cybersecurity app Oversecured. “I’ve never seen anything like it. It’s pervasive.”
According to the researchers, the app can use malware to bypass security systems to see what someone is doing on other apps, view notifications and private messages, and even change the phone’s settings. She would do that to create a profile of the users so that the app sells more. However, there is no evidence that the app has shared that data with the Chinese government.
An employee of Pinduoduo tells CNN that in 2020 the app put together a team of 100 people to look for vulnerabilities in the security system of Android phones and how to exploit them. In this way, the company would have wanted to make more profit. The employee says that this enabled Pinduoduo to create a profile of users’ habits, interests and preferences, allowing it to place personalized push notifications and advertisements.
According to the employee, that team was disbanded in March. Two experts tell CNN that the app was also updated, removing the malware. However, according to cybersecurity expert Toshin, the underlying code is still in the app, so espionage can be started again.