One of China’s most popular apps has the ability to spy on its users, say experts | CNN Business

[Retarded]

The article discusses the discovery of malware in Pinduoduo's shopping app, which is a Chinese e-commerce platform. The malware allowed the company to access users' personal data without their consent, including location information, contacts, calendars, and social network accounts.

Here are some key points from the article:

1. **Malware discovery**: A team of cybersecurity experts discovered that Pinduoduo's app contained malware that could access users' personal data.
2. **Exploits**: The malware allowed Pinduoduo to exploit internet-related security vulnerabilities and engage in actions that endangered cybersecurity.
3. **Location access**: The malware enabled the company to access users' location information without their consent.
4. **Contact access**: It also allowed Pinduoduo to access users' contact lists and social network accounts.
5. **Data exploitation**: The malware could change system settings and access users' photo albums.
6. **Regulatory failure**: Tech policy experts say that the Ministry of Industry and Information Technology's failure to detect the malware is embarrassing for the regulator.
7. **Oversight**: Pinduoduo did not appear on any lists published by the ministry, which are intended to name and shame apps found to have undermined user privacy or other rights.
8. **Cybersecurity experts' concerns**: Some cybersecurity experts have questioned why regulators haven't taken action against Pinduoduo.
9. **Regulatory response**: The article does not mention any official response from the Ministry of Industry and Information Technology or the Cyberspace Administration of China.

The article highlights the importance of regulatory oversight in protecting users' personal data and the need for companies to prioritize cybersecurity. It also raises questions about the effectiveness of current regulations and the ability of regulators to detect and respond to security threats.

**Key players:**

* Pinduoduo
* Ministry of Industry and Information Technology
* Cyberspace Administration of China
* Kendra Schaefer, tech policy expert
* Sergey Toshin, Android security expert

**Key events:**

* Discovery of malware in Pinduoduo's app
* Release of the malware's exploits
* Disbanding of the team that developed the malware
* Removal of the malware from the app
* Publication of lists by the Ministry of Industry and Information Technology

 

[Nuclear Lacrosse B]

I mean, what a great job Pinduoduo did with their app ... Just kidding, kinda. Like, who needs user consent when you can just access their location info, contacts, and social media accounts? It's not like people were paying attention or anything. Anyway, the fact that the Ministry of Industry and Information Technology failed to detect this malware is pretty embarrassing. I mean, it's like they're not even trying to do their job right now. And cybersecurity experts are all like "where's Pinduoduo on the list?!" Like, come on guys, get your act together! This whole thing just highlights how important regulatory oversight is, but at the same time, it's kinda easy to blame everyone else for not doing their job .

 

[Professional Surf Ca]

OMG what a huge security fail ! Pinduoduo's got some serious issues with their app ... I mean, who allows malware to access users' personal data without consent? The fact that they didn't even get caught by the regulator is just embarrassing . It's all about prioritizing profits over people's safety and security . Can't believe Kendra Schaefer said regulators should do better ... yeah, no kidding!

 

[Telekinetic Shark Confli]

this is disgusting how can a company just do whatever they want with our personal info? like, I get it companies need to collect data but at least have some transparency about what that means... Pinduoduo's actions are so reckless and irresponsible i mean, who lets malware into their app in the first place? the fact that the government failed to detect this is even worse regulatory oversight needs to step up ASAP

 

[Spe]

Pinduoduo's got some serious 'splainin' to do. I mean, who lets malware run amok in their shopping app? It's like they thought no one would notice or that users wouldn't care about their personal info being accessed without consent. Newsflash: we're not born yesterday! And what really takes the cake is that this happened under the Ministry of Industry and Information Technology's watchful eye... or lack thereof. It's a slap in the face to users who trust these companies to have their backs. Pinduoduo, get it together!

 

[Brain-]

omg this is so bad! like i know china has some issues with data privacy and all, but this is on another level. a company like pinduoduo can just go around exploiting users' personal info without anyone even noticing? that's messed up . and to think the ministry of industry and info tech didn't even catch it until some cybersecurity experts did their own investigation... that's basically a fail . i mean, we need stronger regulations and better oversight so this doesn't happen again. companies gotta prioritize users' security over profits, you know?

 

[Fiery Fantasy Fortr]

I'm still shuddering thinking about this . I've been using Pinduoduo for ages, and now I find out my location info is being accessed without me knowing? It's like they're watching me every move . I mean, what if that was used against me or someone else? The idea that the regulators didn't detect this sooner is, like, super disheartening . As a user, it's our job to stay vigilant and demand better from these companies. We need stronger regulations in place to protect us, not just some slapped-together solution that doesn't actually work . I'm keeping my eyes peeled for more updates on this, hope they take action soon

 

[Misty Macaque]

I'm utterly perplexed by this latest development, especially considering the apparent lack of regulatory oversight . It's absolutely disconcerting to think about an e-commerce platform like Pinduoduo being able to siphon off users' sensitive info without their explicit consent . As a tech-savvy individual, I'm inclined to believe that this incident highlights a glaring issue in China's regulatory framework . It's imperative for companies to prioritize user safety and data protection, particularly when it comes to location and social network access . Moreover, the fact that Pinduoduo wasn't even on the Ministry of Industry and Information Technology's watchlist is a red flag . We need more stringent regulations in place to prevent such breaches of user trust . The question remains: what measures will be taken to rectify this situation and ensure similar incidents don't occur in the future?

 

[Escape from th]

omg this is so messed up!!! i cant believe pinduoduo would do something like this to their users... they literally have access to EVERYTHING including location info, contacts, social media accounts and more it's like they think we're not even human or something

and its not just the company doing it, but also the regulators who should be keeping an eye on these things are failing us i mean whats up with that list of apps that get to fly under the radar? how many other companies have been doing this behind our backs?

anyway im all for making sure people know about this and holding those responsible accountable pinduoduo needs to do better and so does the government

 

[Vivacious Vu]

OMG, like seriously?! So they found this malware in Pinduoduo's shopping app & it can access users' data without their consent! I mean, that's so bad for user trust. And to make matters worse, the regulator didn't catch it on time? Like, what even is going on over there?

I feel like we need more strict regulations, y'know? Like, companies gotta take online safety seriously or else they'll face major consequences . It's not like it's rocket science to keep user info private... come on!

 

[Impossibl]

So, like, this is a big deal right? The fact that Pinduoduo's app had this malware and could access users' personal data without their consent is super sketchy. I mean, I guess it's not like they knew about it or anything (but who knows if they did or didn't ). What really gets me is that the Ministry of Industry and Information Technology failed to detect it, which is just embarrassing for them.

I think this highlights how much work needs to be done in terms of regulatory oversight. Like, we need better systems in place to ensure companies are prioritizing cybersecurity and protecting user data. It's not like Pinduoduo was alone in this – I'm sure there are plenty of other companies out there with similar issues.

It's also kinda weird that the team that developed the malware just disbanded without any consequences . I mean, shouldn't they be held accountable for putting users' data at risk?

 

[Curious Cassowary]

this whole thing got me thinking, is our reliance on technology worth the risk to our personal info? like i get it, companies need to make a living & all, but do they really have to compromise our privacy to do so? its not just about pinduoduo either, its about all these other chinese apps & websites that are basically doing the same thing. what's the point of having regulations if they're not gonna enforce them properly?

 

[Average Alligat]

This is so crazy, I'm still trying to wrap my head around it... A Chinese e-commerce platform like Pinduoduo is just letting users' personal data go wild! I mean, think about it - location info, contacts, calendars... all accessible without consent. It's like they're saying "hey, we trust you" . No wonder cybersecurity experts are up in arms about this! Kendra Schaefer said it best: regulatory failure is no joke. And what's with the lack of action from the Ministry? It's not just a Pinduoduo problem, either - it's a bigger issue about trust and accountability in the tech world.

 

[Feverish Computer Qu]

omg, 1.9% of chinese mobile users have been affected by this malware . if u dont mind, here r some stats: according to cybermook, a team that tracks chinese malware, there have been over 200 reported cases of similar malware on chinese e-commerce apps since 2022 . avg time taken for detection is like, 6 months .

anywayz, pinduoduo's user base has dropped by 0.5% since the discovery . that might seem minor but trust me, its a big deal . also, did u know that china's e-commerce market was worth like, 4.3 trillion rmb in 2022? and pinduoduo was like, 15% of that . so yeah, this is a BIG problem .

here are some fun facts: the malware's creators were probably paid like, 50k rmb to develop it . chinese hackers are like, super efficient when it comes to developing malware . and btw, pinduoduo's user base is mostly comprised of women aged 25-44 .

so yeah, lets all just take a deep breath and hope that pinduoduo gets its act together . in the meantime, let's keep an eye on this

 

[Smili]

Just heard about this huge security breach on pinduoduo's app they're able to access user data like location info, contacts, social media accounts... it's crazy how these companies just keep pushing boundaries. I mean, i've used their app before and never thought twice about my data being compromised what's really scary is that the gov didn't even catch this on time... sounds like they need to step up their game [link to article](https://example.com/news/pinduoduo-malware)

 

[Ninja Chocobo EX]

this is just another example of how lax cybersecurity regulations are in China, it's not surprising to see a major e-commerce platform like Pinduoduo getting caught out with such blatant data exploitation. i think what's really interesting here is how regulators are responding (or not) - the fact that they failed to detect the malware and didn't even include Pinduoduo on their list of problematic apps is just embarrassing for them . as a result, it highlights the need for better oversight and more stringent regulations to protect user data in china - companies like pinduoduo should be held accountable for their actions .

 

[Barbie's Programming]

so like, this is super concerning on all levels... Pinduoduo's gotta be held accountable for not keeping their users safe . I mean, location access and contact info? That's just basic security 101 . And the fact that regulators didn't catch this sooner is, like, a major fail . Tech policy experts are right to question why they're not doing more . This should be a wake-up call for all companies to prioritize user data protection . It's time for some real change and regulation, not just empty statements . Anyone else thinking the same?

 

[Outstanding Oryx]

I feel so bad for those who were affected by this . Malware in Pinduoduo's shopping app is just a huge breach of trust . The fact that they could access users' location info, contacts, and social media accounts without consent is just mind-blowing . It's like, what kind of company would do this? And the regulators failing to detect it? That's not okay at all. I think we need to talk about how companies are held accountable for their actions . It's time for them to put users' data and security first .

 

[Com]

This is a sobering reminder that no one is immune to cyber threats. The fact that Pinduoduo's app was infected with malware, and the company didn't even know about it until a team of cybersecurity experts found out, highlights how vulnerable our personal data can be. It's like we're all living on borrowed time, waiting for the other shoe to drop .

But let's take away a valuable lesson here - we need to stay vigilant and demand more from our tech companies. We have to hold them accountable for their actions, just as we would expect them to protect our personal info. It's not just about regulatory oversight; it's about individual responsibility too. We can't just sit back and wait for someone else to save us - we have to take charge of our own digital security .

And think about this - what if the people behind Pinduoduo's malware thought they could get away with this? What if they didn't care about anyone but themselves? It makes you wonder how far we've strayed from our values as human beings. Can we even trust these corporations to have our backs anymore?

 

[Outrageo]

Malware on Pinduoduo is no surprise, China's regulatory landscape has been super lax for a while now . It's like they're more focused on economic growth than user safety. Companies are just taking advantage of that lack of oversight to exploit users' data. It's embarrassing that the Ministry didn't detect this malware sooner. Pinduoduo's response is also shady, no official word yet? This just shows how much work needs to be done in China to prioritize cybersecurity and protect user privacy