Experts have uncovered evidence that Pinduoduo, a Chinese shopping app poses a risk to the security of its users.

Pinduoduo has up to 800 million monthly users – Credit: Reuters

Many eyes have come down on the popular Chinese shopping app Pinduoduo; with various experts coming forward to claim that it contains dangerous malware.

A number of issues are becoming a topic of contention. For example, Google is suspending several versions of the app due to the location of malware.

Malware is malicious software, made with the intent to harm, disrupt or gain illegal access to someone else’s network.

Pinduoduo can monitor activity on phones without the user’s consent or knowledge, according to investigators. The red flags don’t just stop there, however. It can also get into private messaging, check notifications and alter settings.

And good luck deleting it. It’s rather hard to get rid of.

PDD CEO Colin Huang | Credit: South China Morning Post

It can spy on people while they are using other apps.

With all the spotlight focused on Pinduoduo, scrutiny is also falling on fellow app Temu. Both Pinduoduo and Temu’s owners are from the same multinational company, PDD, wit founder Colin Huang at the helm.

There have been attempts made by CNN to contact PDD for an interview, but the Chinese retailer has not offered a reply, except to deny the claims. 

Pinduoduo is not the only Chinese app to come under fire. TikTok is also under suspicion as of late, regarding its relations with China. CEO Shou Chew was even questioned by Congress recently.

Pinduoduo can also give itself further access to meddle with data security and user privacy. This information comes from security investigators at Kaspersky Lab.

“Some versions of the Pinduoduo app contained malicious code, which exploited known Android vulnerabilities to escalate privileges, download and execute additional malicious modules, some of which also gained access to users’ notifications and files.”

A statement made by Kaspersky staff member Igor Golovin.

Pinduoduo’s app icon | Credit: Marketing Interactive

“We haven’t seen a mainstream app like this trying to escalate their privileges to gain access to things that they’re not supposed to gain access to,” Finnish cybersecurity firm WithSecure chief research officer Mikko Hyppönen states.

“This is highly unusual, and it is pretty damning for Pinduoduo”.

Sergey Toshin, founder of the security app Oversecured, claims that Pinduoduo’s malware targets Android-based operating systems. This includes those in use by Samsung, Huawei, Xiaomi and Oppo.

Toshin states that the app is “the most dangerous malware” he has ever encountered amongst mainstream apps.

He goes on to say that Pinduoduo is capable of accessing users’ locations, contacts, calendars, notifications and photo albums without their knowledge. And that they were also able to change system settings and access users’ social network accounts and chats.

This comes as Beijing passed it’s data privacy legislation.

The creation of legislation to protect private information is currently underway. Despite this, no visible effort is in progress to check Pinduoduo.

Subscribe to FIB’s Weekly Breaking News Report for your weekly dose of music, fashion and pop culture news!