Is it true that the Chinese mail order app Temu is too dangerous and should not be installed?

Grizzly Research , a market research company, has sounded the alarm, claiming that the official app provided by Temu , a Chinese mail order service, is spyware that has full access to smartphone data and extracts large amounts of information without the user's knowledge. However, this claim by Grizzly Research has been criticized as ``It is an exaggeration to say that the app is spyware.''

We believe PDD is a Dying Fraudulent Company and its Shopping App TEMU is Cleverly Hidden Spyware that Poses an Urgent Security Threat to US National Interests – Grizzly Research LLC
https://grizzlyreports.com/we-believe-pdd-is-a-dying-fraudulent-company-and-its-shopping-app-temu-is-cleverly-hidden-spyware-that-poses-an-urgent- security-threat-to-us-national-interests/

Temu is an online marketplace operated by Pinduoduo, a Chinese e-commerce company, where various products are sold at low prices. However, in the past, Pinduoduo's official app was flagged as malware by Google and discontinued because it was equipped with a function that exploited Android vulnerabilities to monitor users. there is.

Google suspends distribution of major mail-order app due to suspicion that malware to monitor users was installed - GIGAZINE

According to a report from American news media CNN, the team that developed Temu's official app includes the engineers who developed Pinduoduo's official app. Grizzly Reseach worked with data security experts to decompile and analyze the Temu official app's code, and found that the Temu official app contains 'parts that have been removed from the Pinduoduo official app due to suspension by Google. '' was found to be being used exactly as it was.

Although there was an entry requesting permissions for CAMERA, RECORD_AUDIO, WRITE_EXTERNAL_STORAGE, INSTALL_PACKAGES, and ACCESS_FINE_LOCATION in the application's source code, this entry was not written in the manifest file that describes important information about the Android application. Grizzly Research says, ``The app is secretly equipped with a feature that can extract large amounts of data without the user's knowledge, potentially giving malicious parties complete access to almost all data on the user's mobile device.'' There is a gender,” he said.

Grizzly Reseach also allows the app to compile programs locally based on information from Temu's server, secretly acquire location information, create and save screenshots, and use the camera's camera while the app is running. It has been pointed out that there are many suspicious points for an app for a mail-order service, such as accessing the app and microphone, and obfuscating the app's code and behavior.

'We strongly suspect that Temu is attempting to, or has already, illegally sold data stolen from Western customers in order to sustain an already failing business model,' Grizzly Reseach said in a statement. I doubt it.' According to the American technology media Wired , it is estimated that Temu suffers a loss of $30 (approximately 4,200 yen) for each order, and if you include advertising and shipping costs, it is impossible to maintain the business model. The only thing I can think of is that. Therefore, Grizzly Reseach claims that it may be compensating for business losses by selling personal information obtained through the app.

However, on the social news site Hacker News, there are many skeptical opinions about Grizzly Research's claim that ``Temu's official app is the most dangerous app.''

TEMU Is Cleverly Hidden Spyware That Poses an Urgent Security Threat to US | Hacker News
https://news.ycombinator.com/item?id=37427008

duskwuff specifically pointed out that some of the evidence cited by Grizzly Reseach was wrong or exaggerated, and questioned the authenticity of the article's content, adding, ``The app is not clearly dangerous. ” states. klik99 said that Temu is losing $30 per order, saying, ``This is literally just like every startup for the last 15 years, when you come in, you start aggressively trying to acquire users.'' They run a deficit and start making money after defeating competing services.However, since there is no external funding in sight, they are either using Pinduoduo's funds or secretly raising the budget. , and takes a negative view of Grizzly Reseach's claims that it makes profits by reselling personal information.

Furthermore, since Grizzly Research is a market research company, some comments were posted on Hacker News that made us suspect that the article was intended to manipulate the market for the purpose of shorting stocks. daft_pink said, ``It's clear that Temu is losing money trying to gain a foothold in America. I don't think anyone would argue with that, and Pinduoduo is clearly a Chinese company, 'All the big companies have ties to the government. Still, the claims that it's spyware are overblown.'