Temu—the Chinese shopping app that has rapidly grown so popular in the US that even Amazon is reportedly trying to copy it—is “dangerous malware” that’s secretly monetizing a broad swath of unauthorized user data, Arkansas Attorney General Tim Griffin alleged in a lawsuit filed Tuesday.

Griffin cited research and media reports exposing Temu’s allegedly nefarious design, which “purposely” allows Temu to “gain unrestricted access to a user’s phone operating system, including, but not limited to, a user’s camera, specific location, contacts, text messages, documents, and other applications.”

“Temu is designed to make this expansive access undetected, even by sophisticated users,” Griffin’s complaint said. “Once installed, Temu can recompile itself and change properties, including overriding the data privacy settings users believe they have in place.”

  • onlinepersona@programming.dev
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    5 months ago

    More about the part about stealing information. Most people barely look at permissions.

    A flashlight app needs access to my calls, microphone, clipboard, filesystem, and network? Sure, I’ll install it.

    or

    Facebook needs access to all permissions? Oh is that what the popup said when I installed it?

    All Temu had to do was ask and people would grant it.

    Anti Commercial-AI license

    • jarfil@beehaw.org
      link
      fedilink
      arrow-up
      10
      ·
      edit-2
      5 months ago

      On modern Android, apps need to ask for each permission when they’re about to use it for the first time. Not sure about Apple.

      Google Play will also periodically revoque permissions to apps that haven’t used them for some time.