Arkansas Attorney General Tim Griffin made sweeping claims against e-commerce app Temu in a lawsuit on Tuesday, accusing the company of violating state law against deceptive trade practices.
Technology
Arkansas AG lawsuit claims the number one mobile shopping app is ‘dangerous malware’
Arkansas Attorney General Tim Griffin is suing Chinese-owned shopping app Temu for allegedly violating state law by misleading consumers about its security practices.
âTemu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to virtually all data on a userâs cell phone,â Griffin alleges.
Temu is the number one free shopping app on the Apple App Store and Google Play Store and is owned by PDD Holdings, which also runs a popular app called Pinduoduo. PDD was based in China until last year, when it moved its headquarters to Ireland. The lawsuit tees up its allegations against Temu with a description of those against Pinduoduo, which researchers believed could spy on users, according to CNN, and which the Google Play Store suspended at one point in 2023 due to security concerns with âOff-Play versions of the app.â
Arkansas alleges that Temu, which was heavily marketed in the US, was modeled off of Pinduoduo.
âTemuâs conduct came to light following the removal of the Pinduoduo app from Googleâs Play Store due to the presence of malware that exploited vulnerabilities in usersâ phone operating systems and allowed the app not only to gain undetected access to virtually all data stored on the phones, but also to recompile itself and potentially change its properties once installed, in a manner designed to avoid detection,â the lawsuit claims, pointing to concerns from Apple about Temuâs compliance with data security transparency standards. Apple told Politico last year the app was available on its app store after resolving the concerns.
The lawsuit alleges that Temuâs app may be even more dangerous than Pinduoduoâs. It cites an article from Grizzly Research, a firm âfocused on producing differentiated research insights on publicly traded companies through in-depth due diligence.â The lawsuit cites findings in the report that âthe Temu app has the capability to hack usersâ phones and override data privacy settings that users have purposely set to prevent their data from being accessed.â
The AG claims that Temu collects far more data than necessary to run a shopping app, including sensitive or personally identifiable information. For example, the suit alleges that Temu misleads users in its requests to access information, such as location, when uploading a photo. âA reasonable consumer would assume that the location permission is confined to the use of photo uploads. The permission, however, extends to any time the user engages with the Temu app,â the suit claims. It also alleges that Temu âsneaksâ permissions to access audio and visual recording and storage on a device.
Temu, Google, and Apple did not immediately respond to requests for comment.