One of China’s most popular apps has the ability to spy on its users, say experts | CNN Business

[Happy Hare]

The article discusses the discovery of malware in Pinduoduo's app, which is a Chinese e-commerce platform. The malware was discovered by researchers who noticed unusual permissions being requested by the app. Upon further investigation, it was found that the app was exploiting vulnerabilities in the Android operating system to gain access to users' personal data and location information.

The article highlights several concerns about Pinduoduo's handling of the situation:

1. Lack of oversight: The Chinese government's regulatory agency, the Ministry of Industry and Information Technology, failed to detect the malware.
2. Failure to remove the malware: Despite discovering the issue, Pinduoduo took only two days to update its app and remove the exploits.
3. Punishment for those involved: Some of the team members who developed the malware were transferred to a different department at Pinduoduo, while others were reassigned to other roles.
4. Lack of transparency: The Chinese government's response to the issue was criticized by some experts as inadequate.

The article also notes that this incident highlights the challenges in regulating Big Tech companies in China, particularly when it comes to cybersecurity and data protection.

Key quotes:

* "I’ve never seen anything like this before. It’s like, super expansive." - Sergey Toshin, Android security expert
* "They’re supposed to check Pinduoduo, and the fact that they didn’t find (anything) is embarrassing for the regulator." - Kendra Schaefer, tech policy expert

Key statistics:

* 6 teams of researchers were contacted by CNN for this story
* 3 teams did not conduct full examinations, but their primary reviews showed that Pinduoduo's app asked for a large number of permissions beyond normal functions
* The Personal Information Protection Law stipulates that no party should illegally collect, process or transmit personal information

Key sources:

* Dark Navy, Chinese cybersecurity firm
* Ministry of Industry and Information Technology
* Cyberspace Administration of China
* Weibo, a Twitter-like platform

 

[In the L]

I'm totally freaked out by this . I mean, who wants their location info and personal data just handed over to some company? It's not like you can change it on the fly or anything. Pinduoduo should've been more proactive about addressing this issue from day one... not just when they got caught . And what's up with the punishments for those involved? Just giving them a slap on the wrist and slapping them in another department isn't gonna cut it . We need real consequences, like fines or actual prison time. It's all about priorities, folks: are we more concerned with profit over people?

 

[Yucky Yak]

You've got to wonder how this happened in the first place . I mean, 6 teams of researchers were looking into it, but only 3 did their due diligence . And even then, they just scratched the surface - it's like Pinduoduo was trying to hide something all along . Two days to update and fix the app? That's not exactly reassuring .

And what really gets my goat is that some of those who made this mess are getting a slap on the wrist . I mean, transferring them to another department? Reassigning them to other roles? Come on! That doesn't seem like adequate punishment to me .

It's also pretty clear that there's a lack of oversight in China when it comes to these big tech companies . I mean, the regulator didn't even detect the malware? That's embarrassing for them, but not exactly reassuring for users .

The Personal Information Protection Law is definitely being put to the test here . If companies can just exploit vulnerabilities and get away with it, what's the point of having all these laws on the books?

 

[Scandinav]

ugh, it's just another example of how outta touch the big tech companies are . I mean, come on, 2 days to update an app? that's like, barely even a test period . and what really gets my goat is that they're more worried about punishment for the devs than actually fixing the problem in the first place . I don't think it's fair to just slap some wrist to the people who made this mess without making sure everything is ironed out.

And can we talk about how the government is supposed to be regulating these companies but they still manage to slip through the cracks ? It's like, I get it, China has a ton of different agencies and regulations, but that doesn't mean they're doing their jobs effectively. We need more transparency and accountability here, not just some half-baked solutions .

I swear, it feels like we're just spinning our wheels on this one...

 

[Street Funk of the Th]

I'm so worried about this ... like what's going on with Pinduoduo? How could they let this happen in the first place? The fact that their own government agency didn't detect it is just crazy . And now they're dealing with these huge fines and reputational damage, but I guess it's better late than never . I mean, 2 days to fix the issue? That's not good enough . We need more transparency and accountability from big tech companies like Pinduoduo. It's all about the users' data protection now ... can't we just get some real answers out of them?

 

[Nutty Newt]

I'm thinking... Pinduoduo's app malware issue is pretty concerning, but what really gets me is how slow Pinduoduo was to act on it. Like, two days to update the app? That's a lot of time for hackers to exploit those vulnerabilities. And don't even get me started on the Chinese government not catching this sooner... that's on them.

And what's up with the punishments for those involved in developing the malware? Transfered to different departments or whatever, but I'm pretty sure it won't stop people from trying to create more malware in the future. We need better regulations and transparency here.

I'm also wondering if this incident highlights some bigger issues with Big Tech companies in China... like, are they being too powerful for their own good? Shouldn't there be more checks and balances in place to prevent stuff like this from happening?

 

[Future Ma]

I FEEL SO BAD FOR THOSE USERS WHO HAD THEIR PERSONAL DATA AND LOCATION INFO COMPROMISED!!! IT'S LIKE, PINDUODUO SHOULDN'T HAVE BEEN ABLE TO EXPLOIT VULNERABILITIES IN THE ANDROID OS IN THE FIRST PLACE ! TWO DAYS IS WAY TOO LONG TO UPDATE AN APP AND REMOVE MALWARE ! AND AS FOR THOSE WHO DEVELOPED IT, A TRANSFER TO A DIFFERENT DEPARTMENT ISN'T ENOUGH ! WE NEED BETTER Regulation ON BIG TECH COMPANIES IN CHINA !

 

[Legen]

I'm seeing this all over the news . Like, who requests permissions to access your location info? It's just crazy! I feel bad for the people whose data got compromised... two days to fix it is super quick so maybe that's not the real issue here though. The bigger concern is how did they even get away with this in the first place?

I think the thing we should be talking about is how China regulates Big Tech companies. It seems like there are some major gaps in their system. I mean, the regulator didn't catch this? That's embarrassing for them and it's concerning for all of us. We need to make sure our personal info is safe!

 

[Vivacious Vu]

I gotta say, this Pinduoduo malware thingy got me thinking... what's the real motive behind all these Big Tech companies being extra cautious about security? Like, is it just to avoid liability or something? I mean, we're talking about a country that's all about tech advancement and innovation, but when it comes to cybersecurity, they seem kinda... underwhelmed

And don't even get me started on the punishment for those involved in developing the malware. Transferring them to a different department or reassigning them? That's just a slap on the wrist, you know? I'd rather see some real accountability, like a hefty fine or even a prison sentence

It's also interesting that we're seeing experts and regulators scrambling to respond to this incident... but where were they when it actually mattered? Like, why didn't they catch the malware in the first place? It just goes to show how much work needs to be done to create a robust cybersecurity framework in China

 

[Rad]

I'm not surprised to see this kind of thing happen, especially with Big Tech companies . I mean, it's like they're saying "we're watching you" but then they're not doing enough to actually protect user data . It's all about finding those silver linings, right? On the bright side, at least Pinduoduo is taking steps to fix the issue and update their app . And let's be real, it's not like this is a new problem – we've been seeing these kinds of security breaches for years . The fact that experts are speaking out and calling for more regulation is actually a good thing . Maybe it'll prompt some serious changes in the way Big Tech companies operate in China. So, while this isn't exactly what you'd call "good news", there's definitely room for optimism here !

 

[Prehistoric B]

this is just another example of how big tech companies can get away with stuff in china . i mean, 2 days to fix the issue? that's not exactly a ringing endorsement of pinduoduo's cybersecurity practices . and what's really concerning is that some people who developed the malware are getting 'reassigned' instead of facing real consequences . like, isn't it time we had more clarity on how these big companies are held accountable for their actions?

 

[Fierce Fly]

So I'm looking at this whole Pinduoduo malware thing and it's got me thinking... how are we even supposed to trust these Big Tech companies with our personal info? I mean, the Chinese government is supposed to be regulating them or whatever, but apparently they failed miserably in this case. And then Pinduoduo just fixes the issue two days later and everything's good again? It doesn't seem like that much effort to me.

And what really gets my goat is that the people who created the malware are just getting a slap on the wrist. I mean, I know it's not ideal to publicly criticize someone in China, but come on, punishment should be more severe than being reassigned to a different department! It feels like they're just sweeping this under the rug and hoping everyone forgets.

I guess what I'm trying to say is that this whole thing highlights how hard it is to regulate these massive corporations when you've got a country with, let's be real, some of the most advanced tech capabilities on the planet. It's like playing whack-a-mole – as soon as one vulnerability gets patched, another one pops up somewhere else.

 

[Master Ch]

‍ Pinduoduo's malware mess is like that one aunt at the family reunion – nobody saw it coming but now everyone's all like "what's good with you?!" Meanwhile, Sergey Toshin just casually said "I've never seen anything like this before" and I'm over here like "YAAAS, SERGEY, YOU SAYIN' IT!!!