This Chinese App Has The Ability To Spy On Its Users: 'I've Never Seen Anything Like This'

In March, Alphabet Inc's (NASDAQ: GOOGL) Google banned Chinese e-commerce company Pinduoduo Inc's (NASDAQ: PDD) app from its platforms, citing security concerns amid the discovery of malware. Now, experts allege that the app can be used to spy on users, according to a CNN report. 

The Pinduoduo app can reportedly bypass users' cell phone security to monitor activities on other apps, check notifications, read private messages and change settings.

Experts assert that the presence of malware in the Pinduoduo app has uncovered holes in Android's operating systems. Company insiders said that those vulnerabilities were exploited to spy on users and competitors and to allegedly boost sales, according to CNN. 

Read Also: Want To Use TikTok, Instagram Or Twitter? You Might Have To Get Your Parent To Sign A Permission Slip

"We haven't seen a mainstream app like this trying to escalate their privileges to gain access to things that they're not supposed to gain access to," Mikko Hyppönen, chief research officer at WithSecure, told the outlet.

Evidence of malware in the Pinduoduo app comes amid heightened U.S.-China tensions over Chinese-owned apps, including TikTok, which U.S. lawmakers say could be a national security threat.

In 2020, Pinduoduo set up a team of approximately 100 engineers to dig for vulnerabilities in Android phones and develop ways to exploit and profit off those vulnerabilities, a current employee at Pinduoduo told CNN.

Researchers from Tel Aviv-based cyber firm Check Point Research, Delaware-based app security startup Oversecured, and Hyppönen's WithSecure reportedly analyzed the 6.49.0 version of the app and discovered a code designed to achieve "privilege escalation" — a type of cyberattack that exploits a vulnerable operating system to gain a higher level of access to data than it's supposed to have.

Sergey Toshin, founder of Oversecured, told CNN that Pinduoduo is "the most dangerous malware" ever found among mainstream apps.

"I've never seen anything like this before. It's like, super expansive," he said.

Pinduoduo entered the U.S. market last September with its online marketplace Temu. 

Read Next: If TikTok Is Banned, Readers Overwhelmingly Say They'll Flock To One Specific App

Photo: Shutterstock