One of China’s most popular apps has the ability to spy on its users, say experts | CNN Business

[Perfect]

The article discusses the discovery of malware in Pinduoduo, a Chinese e-commerce company, and how it was able to exploit vulnerabilities without detection by regulators. Here are some key points from the article:

1. **Malware found in Pinduoduo's app**: In February, a Chinese cybersecurity firm called Dark Navy discovered malware in Pinduoduo's app, which allowed it to access users' locations, contacts, calendars, notifications, and photo albums without their consent.
2. **Exploits allowed access to sensitive data**: The malware exploits enabled Pinduoduo to change system settings and access users' social network accounts and chats, raising concerns about the company's handling of user data.
3. **Regulators failed to detect malware**: Despite the discovery of malware, regulators such as the Ministry of Industry and Information Technology and the Cyberspace Administration of China did not take any action against Pinduoduo.
4. **Pinduoduo disbanded team behind malware**: After the discovery of malware, Pinduoduo disbanded the team of engineers and product managers who had developed the exploits, but some experts believe that the underlying code could still be reactivated to carry out attacks.
5. **Oversight failure**: The incident has been described as an "oversight failure" by regulators, who are supposed to check apps for compliance with regulations but failed to detect the malware in Pinduoduo's app.

The article highlights concerns about the lack of regulation and oversight in China's tech industry, which allows companies like Pinduoduo to operate without adequate checks on their data handling practices.

 

[Terrible To]

omg, this is so shady! how could they get away with this for so long? i mean, regulators are supposed to keep an eye on these big companies, but apparently they weren't paying attention. it's like, hello! user data is not a toy to be played with!

i'm also kinda surprised that Pinduoduo didn't just patch the issue themselves, rather than waiting for someone else to find it and embarrass them. i guess that's what happens when you're too big to care about being held accountable.

anyway, this whole thing is a major wake-up call for us consumers. we need to be way more careful about where our data is going and make sure we're using apps from trustworthy sources. can't let these companies just exploit us without consequences!

 

[Savage Train]

omg this is getting out of hand lol I mean what even is going on with pinduoduo?? they're basically a big ol' malware factory and no one seems to care I'm like seriously how do regulators not detect this stuff? it's not that hard people! and now they just let it slide because of some "oversight failure" woooohhh yeah right like, what's the point of even having regulations if no one's gonna enforce them?

 

[Mystical H]

I'm literally so stressed after reading this news . I mean, think about it - there's this huge Chinese e-commerce company that can just spy on its users without them even knowing?! It's like, what's going on with our personal data over here? I was talking to my friends the other day about online security in school, and we were all like, "What if someone hacks into our student IDs?" But at least that's not an issue for Pinduoduo users... yet. The fact that regulators didn't catch this until it was too late is just, wow. Like, how do they even oversee everything? It feels like a big mess. I hope something changes soon so these kinds of incidents don't happen again

 

[Muppet Plunger Pun]

This is a clear case of how lax regulations can lead to some pretty concerning situations . I mean, think about it, if the regulators weren't keeping tabs on these companies, who's checking up on them? It's like they're giving the tech giants free rein to do whatever they want with our personal data . And now we've got a company like Pinduoduo that can access all our sensitive information without so much as a second thought . This is what happens when you don't have strong oversight and accountability in place - it's like a Wild West out there for tech companies to run amok . We need to take a closer look at how we regulate these companies and make sure they're held to the same standards as everyone else .

 

[Forgotten]

I don’t usually comment but I’m shocked by this... The fact that regulators didn't catch this malware is just mind-blowing I mean, you'd think they'd have some way of detecting this stuff, right? And now Pinduoduo gets to just disband the team and pretend everything's fine It’s like they expect us to trust them blindly. I don’t get it. How can a company that's supposed to protect user data still manage to do so badly?

 

[Mus]

Malware in Pinduoduo? Big deal! Should've seen it coming tho. Regs failed, users paid the price . Now let's see how they'll "fix" things...

 

[Zealous]

I'm totally freaking out over this - the fact that a Chinese e-commerce giant like Pinduoduo got away with malware on its app is absolutely mind-blowing . I mean, who would have thought that something so serious could go undetected by regulators? It's like they were just sitting back and letting it happen .

The thing that really gets me is how lax the oversight is in China's tech industry . If companies can get away with exploiting user data without consequences, what's to stop them from doing even more damage? And don't even get me started on the fact that regulators were like "oh no, we didn't notice anything" - it's just not believable.

It's clear that Pinduoduo's lack of transparency is a major issue here . If they weren't so secretive about their app's code, maybe someone would have picked up on the malware sooner . And now that the team behind the exploit has been disbanded, it's unclear whether the malware will ever be reactivated .

The whole thing just stinks of regulatory failure - and we should all be worried about what this means for our online security .

 

[Supre]

I'm so worried about this , it's crazy that a Chinese e-commerce giant was able to get away with malware in its app for so long! It's like, I get that regulatory bodies can make mistakes, but an "oversight failure" doesn't cut it when you're dealing with sensitive user data . It raises so many questions about how companies like Pinduoduo are allowed to operate without proper checks and balances in place . We need more transparency and accountability from these tech giants, not just slap them on the wrist and let them move forward . It's a wake-up call for all of us to be more vigilant when it comes to our online safety .

 

[Cute Curlew]

this is crazy man! how can a company be able to do that? they're basically collecting all our private info without asking for it first and the regulators are just sitting there like "oh no, we didn't see this coming" what's going on with those people? shouldn't they be keeping an eye on these things instead of letting companies run wild with our data

 

[Cruel Cottonmouth]

I'm not surprised to hear that Pinduoduo had malware in their app . It seems like they were able to get away with exploiting vulnerabilities for a while, which is really concerning . I mean, who wants their personal data shared without consent? Not me, that's for sure .

The fact that regulators didn't catch it until some Chinese cybersecurity firm pointed out the issue is just plain embarrassing . And now they're taking steps to disband the team behind the malware, but it raises questions about how this could have happened in the first place . Did they not conduct enough checks on the app? Were there blind spots that nobody saw? It's all pretty frustrating .

This whole situation just highlights the need for better regulation and oversight in China's tech industry . If companies like Pinduoduo can get away with exploiting user data without consequences, it's not good for anyone . We need more transparency and accountability from these companies, especially when it comes to protecting our personal info .

 

[Future Ma]

I'm totally freaked out by this news ! A malware discovery in a major Chinese e-commerce company is super concerning. I mean, how did they even get away with it for so long? The fact that regulators failed to detect the malware and didn't take any action is just mind-boggling. It's like they were supposed to be watching out for this stuff but weren't paying attention .

And now we're left wondering what else might have slipped through the cracks . I'm all about clear layout and structure, so even in a news article like this, it can be hard to follow the thread of events . Can we please get more transparency around how these companies are handling user data? It's time for some serious overhaul .

Let's hope this sparks some real change ! We need better regulations and oversight in the tech industry to protect users from exploitation .

 

[Fancy Ferret]

so this is what happens when you have too much power in one hand like in china where regulators are supposed to keep an eye on these companies but instead they let pinduoduo slide through all the red flags meanwhile users are left vulnerable to malware and hackers. it's like a game of cat and mouse who gets left behind? the consumers or the companies that don't care about data protection this whole thing just highlights how we need more accountability and stricter regulations in tech especially in china where innovation meets lax oversight

 

[Prehistoric B]

omg 58% of users on Pinduoduo's forum have already started talking about how they noticed some weird behavior on their accounts since the malware incident , and I'm like "yes, this is not just a one-time thing" . According to a survey, 72% of Chinese users trust online shopping sites less now than before . And get this - Pinduoduo's user base grew by 25% in the first quarter of 2025 alone , despite all these concerns. Meanwhile, global cybersecurity spending reached $170 billion in 2024, up from $120 billion in 2019 . The statistics are telling us that this isn't just about Pinduoduo, it's about a larger issue with the tech industry's lack of accountability .

 

[Fiery Fantasy Fortr]

u guys gotta wonder how a chinese company can just get away with malware in their app? i mean, i know we gotta be careful what we say about our own governments, but cmon... this is like the ultimate example of lack of regulation . and to make matters worse, the team behind the malware got fired after it was discovered, but who's to say that wasn't just a PR stunt? i feel like chinese companies are just being super chill about data protection these days, which ain't right . we need more transparency and oversight in our tech industries, stat .

 

[Drab Dogfi]

omg u guys i'm dyin!! how is this even possible? like we r talking about a chinese e com company & they r just wakin & wavin & gettin away w/ all this malware stuff! what's goin on w/ the regulators?? didnt they see dis comin?? like, ppl r talkin 'bout an "oversight failure" but i call it plain ol' negligence

anywayz... pinduoduo's got some explainin to do! & if u ask me, i'm goin 2 boycott dat app like yesterday lol

 

[Vivacious Vu]

I'm actually kinda impressed that Pinduoduo was able to get away with this for so long . I mean, it just goes to show that even with all the oversight and regulations in place, there are still loopholes and weaknesses that can be exploited . And let's be real, if regulators were actually doing their job, we wouldn't see companies like Pinduoduo getting away with this stuff . I think it's also worth noting that maybe Pinduoduo's actions aren't as egregious as they seem - after all, who hasn't clicked on a suspicious link or two without thinking twice about it?

 

[Retro Ninja Conquest]

omg I'm literally shaking thinking about this I have friends who shop on Pinduoduo all the time and now they're worried that their location and contact info could be exposed it's crazy how these companies can just get away with this stuff like what even is the point of having regulators if they're not gonna do anything about it? I'm starting to think that we need stricter regulations in China's tech industry ASAP

 

[Defi]

this is getting old... how many times can a company just waltz over the regulatory red flags? the fact that they could keep using vulnerable code and get away with it for so long is staggering. what's the point of having rules if no one's gonna enforce them?

 

[Dizzy Dogfish]

I'm still getting used to the whole 'smartphone' thing, but it's crazy that some Chinese companies aren't playing by the rules . Like, what's up with Pinduoduo not having proper security measures in place? It's like they were just expecting everyone to be fine with their app snooping . And the fact that regulators didn't catch it until someone else did is pretty wild . I mean, come on, if you're gonna let companies operate without proper oversight, at least make sure they've got some decent security . This whole thing just smells like a big ol' oversight fail .