Temu app considered malicious malware in new US lawsuit [Updated]
A September 2023 report by Grizzly Research supports these allegations, detailing how Temu exhibits aggressive data access and functions that violate user privacy.
Concerns are that Temu shares codebase elements with another suspended app from parent company PDD Holdings, Pinduoduo which was removed for exploiting Android vulnerabilities.
Grizzly Research mentioned that the US Congress is scrutinising apps like Temu due to data security concerns, with proposed legislation (HR 1153) targeting foreign influence and data misuse.
It also detailed how Temu's app employs invasive permissions, dynamic code execution and data exfiltration techniques.
Lawsuit seeks civil penalties
The lawsuit, filed in the Cleburne County Circuit Court under the Arkansas Deceptive Trade Practices Act and the Arkansas Personal Information Protection Act, seeks to stop Temu's alleged practices and impose civil penalties.
“Temu is not an online marketplace like Amazon or Walmart. It is a data-theft business that sells goods online as a means to an end. Today I have filed a first-of-its-kind state lawsuit against the parent companies of Temu – PDD Holdings Inc and WhaleCo Inc – for violating the ADTPA and PIPA,” said Attorney General Tim Griffin in a statement.
“Though it is known as an e-commerce platform, Temu is functionally malware and spyware. It is purposefully designed to gain unrestricted access to a user’s phone operating system.”
It can override data privacy settings on users’ devices, and it monetises this unauthorised collection of data
Griffin referenced Apple’s previous suspension of Temu from its App Store in 2023, where concerns were raised around the platform’s lack of vulnerability disclosure.
'Temu lead by CCP cadre'
“Temu is led by a cadre of former Chinese Communist Party officials, which raises significant security risks to our country and our citizens,” Griffin continued.
“For my part, I will aggressively fight Temu’s efforts to profit at the expense of Arkansans’ privacy rights.”
The lawsuit comes in the same week when over 18,000 South Africans signed a petition calling for Sars and the government to scrap the 45% VAT increase on Temu and Shein shipments under R500 that will be implemented from 1 July.
[Update: 21:00, 27/06/2024]
A Temu spokesperson responded to Bizcommunity via email:
We are surprised and disappointed by the Arkansas Attorney General's Office for filing the lawsuit without any independent fact-finding.The allegations in the lawsuit are based on misinformation circulated online, primarily from a short-seller, and are totally unfounded.
We categorically deny the allegations and will vigorously defend ourselves.
We understand that as a new company with an innovative supply chain model, some may misunderstand us at first glance and not welcome us.
We are committed to the long-term and believe that scrutiny will ultimately benefit our development.
We are confident that our actions and contributions to the community will speak for themselves over time.