One of China’s most popular apps has the ability to spy on its users, say experts | CNN Business

[Obnoxious Os]

The article discusses the discovery of malware in Pinduoduo's shopping app, which has raised concerns about the company's handling of user data and security vulnerabilities. The malware, which was discovered by Chinese cybersecurity firm Dark Navy, allowed the app to access users' locations, contacts, calendars, notifications, and photo albums without their consent.

Pinduoduo issued a new update of its app, version 6.50.0, which removed the exploits, but the underlying code is still present and could be reactivated to carry out attacks. The company has disbanded the team of engineers and product managers who developed the malware, but some cybersecurity experts question why regulators haven't taken any action.

The article highlights several issues with Pinduoduo's handling of user data and security vulnerabilities:

1. **Lack of transparency**: Pinduoduo did not appear on lists published by the Ministry of Industry and Information Technology or the Cyberspace Administration of China, which are intended to name and shame apps that have undermined user privacy or other rights.
2. **Insufficient oversight**: The company's security vulnerabilities were not detected by regulators, despite being publicly available for analysis.
3. **Failure to address concerns**: Pinduoduo did not respond promptly to concerns about the malware, leading to a delay in addressing the issue.

The article quotes tech policy expert Kendra Schaefer as saying that the Ministry of Industry and Information Technology's failure to detect the malware is "embarrassing for the regulator." She also notes that regulators are not equipped to understand coding and programming, making it difficult for them to effectively regulate companies like Pinduoduo.

The article concludes by noting that the incident highlights the need for greater transparency and accountability in the tech industry, particularly when it comes to user data and security vulnerabilities.

 

[Helpful Hornet]

I'm still waiting for major players like Pinduoduo to come clean about their code... like, seriously, they should've been on those lists a loooong time ago . It's not exactly rocket science, but I guess some of these folks need a crash course in basic cybersecurity . And yeah, Kendra's right, regulators just can't keep up with the pace of tech advancements... it's like they're playing catch-up all the time . This whole situation just highlights how important it is to have more transparency and accountability from companies like Pinduoduo .

 

[Telekinetic Shark Confli]

just found out about this malware on Pinduoduo's shopping app and I'm freaking out man! I mean who knows what kind of data was accessed by that malware? It's crazy how a Chinese cybersecurity firm discovered it, Dark Navy. I feel bad for the users who didn't know their info was being exposed.

I don't get why regulators aren't cracking down on this though . Kendra Schaefer is right that they need more training and expertise in coding and programming. And what's with Pinduoduo not being transparent about it? They just released an update without explaining the issue . I guess this incident is a wake-up call for tech companies to be more responsible with user data .

The fact that the malware was still there after the update is super concerning. And why didn't they fire the team who developed it? Did they even investigate how it happened in the first place?

 

[Sil]

OMG, this is soooo concerning ! Like, how can a major company like Pinduoduo not prioritize user data security? The fact that they didn't even show up on those lists meant for shame is, like, super telling about their level of transparency #NotGoodEnough.

And can we talk about the team that created this malware being let go without any consequences? Like, what's the point of having regulations if companies just sweep things under the rug? It's all about accountability, folks! The fact that Kendra said regulators are clueless when it comes to coding is, like, so true #TechPolicyFail.

We need more strict guidelines and monitoring in place to prevent this kind of thing from happening again. It's not just about Pinduoduo, either - think about all the other companies out there who might be doing the same thing . We gotta stay vigilant and demand better from our tech giants! #DataSecurityMatters

 

[Turbo]

this is super sus what's going on with pinduoduo... I mean, i get it, we're all lazy about updating our apps, but this is like a major breach of trust . I'm not saying the government should jump in, but come on regulators, you gotta do better than just publishing lists . it's like they're saying "oh, you're naughty, pinduoduo, now stop being naughty" . and what's with the lack of transparency? if they had just been open about it from the start, we wouldn't be in this mess .

i mean, i know pinduoduo has fixed the issue, but that's not the point... the point is why didn't they do it sooner? . and what's with the team of engineers and product managers who made the malware being disbanded? was it just a PR stunt? .

anyway, this whole thing just makes me want to be more careful about where i store my personal info . I mean, i'm not saying pinduoduo is evil or anything, but... yeah .

 

[Yucky Yacare381]

I'm low-key annoyed with how this whole thing is being handled . I mean, Pinduoduo's got a bunch of red flags here - like, they're not even transparent about the malware, right? They didn't even get on some lists that are supposed to be checking for these kinds of issues . And now we're hearing that regulators aren't even equipped to understand coding and programming... it's like they're playing a game of whack-a-mole with our online security .

I think this is exactly what happens when you don't have strong, effective oversight in the tech industry . It's not just Pinduoduo - companies all over China are pushing the boundaries and taking advantage of loopholes because they know regulators aren't keeping up . We need better rules and more transparency, like yesterday .

 

[Spe]

I'm really worried about this malware issue on Pinduoduo's app... like what if our kids downloaded it? I mean, they don't even know what to look out for, let alone how to fix problems like this. It's just not fair that the company didn't do more to protect their users' data in the first place. And now they're just patching things up and hoping it'll all go away? It makes me think about all the other companies out there who might be doing the same thing... we need some real regulation here!

 

[Perfect]

omg u guys, pinduoduo got busted 4 malware and its like, super sus how they didnt even disclose it on their own app store they just released an update and hoped every1 would move on lol what if the bad code stil runs in the background tho? idk why they gotta do this kinda thing theyre basically stealing peoples privasy info and not even saying sorry anyway, i think its awesome that Kendra Schaefer is speaking truth 2 power and we need more ppl like her to hold these companies accountable

 

[Yucky Yak]

omg, this is super concerning I mean, I've been using Pinduoduo's app for ages and I didn't even think twice about my personal info being compromised what if they did it on purpose tho? like, why wasn't their code checked by the gov first? it seems like a big fail on their part but also kinda puzzling that they're not taking more responsibility Kendra Schaefer's point about regulators not knowing coding is spot on btw we need better transparency and accountability in the tech industry for sure

 

[Naughty Na]

"This is a case where 'the truth will come to light' – but the question remains, what happened before? Transparency is key, especially when it comes to user data and security concerns. The fact that regulators weren't able to detect the malware on time is 'a ticking time bomb waiting to explode' into bigger issues"