Arkansas AG lawsuit claims the number one mobile shopping app is ‘dangerous malware’

Arkansas Attorney General Tim Griffin made sweeping claims against e-commerce app Temu successful a suit connected Tuesday, accusing the institution of violating authorities instrumentality against deceptive commercialized practices.

“Temu purports to beryllium an online buying platform, but it is unsafe malware, surreptitiously granting itself entree to virtually each information connected a user’s compartment phone,” Griffin alleges.

Temu is the fig 1 escaped buying app connected the Apple App Store and Google Play Store and is owned by PDD Holdings, which besides runs a fashionable app called Pinduoduo. PDD was based successful China until past year, when it moved its office to Ireland. The suit tees up its allegations against Temu with a statement of those against Pinduoduo, which researchers believed could spy connected users, according to CNN, and which the Google Play Store suspended astatine 1 point successful 2023 owed to information concerns with “Off-Play versions of the app.”

“Temu’s behaviour came to airy pursuing the removal of the Pinduoduo app from Google’s Play Store owed to the beingness of malware that exploited vulnerabilities successful users’ telephone operating systems and allowed the app not lone to summation undetected entree to virtually each information stored connected the phones, but besides to recompile itself and perchance alteration its properties erstwhile installed, successful a mode designed to debar detection,” the suit claims, pointing to concerns from Apple astir Temu’s compliance with information information transparency standards. Apple told Politico past twelvemonth the app was disposable connected its app store aft resolving the concerns.

The suit alleges that Temu’s app whitethorn beryllium adjacent much unsafe than Pinduoduo’s. It cites an article from Grizzly Research, a steadfast “focused connected producing differentiated probe insights connected publically traded companies done in-depth owed diligence.” The suit cites findings successful the study that “the Temu app has the capableness to hack users’ phones and override information privateness settings that users person purposely acceptable to forestall their information from being accessed.”

The AG claims that Temu collects acold much information than indispensable to tally a buying app, including delicate oregon personally identifiable information. For example, the suit alleges that Temu misleads users successful its requests to entree information, specified arsenic location, erstwhile uploading a photo. “A tenable user would presume that the determination support is confined to the usage of photograph uploads. The permission, however, extends to immoderate clip the idiosyncratic engages with the Temu app,” the suit claims. It besides alleges that Temu “sneaks” permissions to entree audio and ocular signaling and retention connected a device.

Temu, Google, and Apple did not instantly respond to requests for comment.