One of China’s most popular apps has the ability to spy on its users, say experts | CNN Business

[GlyphAlpha]

The article discusses the discovery of malware in Pinduoduo, a Chinese e-commerce company, that allowed it to access users' personal data without their consent. The malware was discovered by cybersecurity experts who found that Pinduoduo's app asked for excessive permissions and could access users' locations, contacts, calendars, notifications, and social network accounts.

The article notes that Pinduoduo has been able to grow its user base despite China's regulatory clampdown on Big Tech, which began in 2020. The Ministry of Industry and Information Technology has regularly published lists of apps found to have undermined user privacy or other rights, but Pinduoduo did not appear on any of the lists.

The article also suggests that regulators may be struggling to understand the technical details of malicious code, leading to oversight failures. One cybersecurity expert with 1.8 million followers wrote a post on Weibo criticizing regulators for their inability to understand coding and programming, which was censored the next day.

The article concludes by noting that Pinduoduo has disbanded the team of engineers and product managers who developed the malware and removed the exploits from its app. However, experts warn that the underlying code may still be present and could be reactivated to carry out attacks.

Key points:

* Pinduoduo's app contained malware that allowed it to access users' personal data without consent.
* The malware was discovered by cybersecurity experts who found excessive permissions in the app.
* Pinduoduo has been able to grow its user base despite China's regulatory clampdown on Big Tech.
* The Ministry of Industry and Information Technology did not find any issues with Pinduoduo's app, despite it asking for excessive permissions.
* Regulators may be struggling to understand technical details of malicious code, leading to oversight failures.
* Pinduoduo has disbanded the team that developed the malware and removed the exploits from its app.

 

[TurboDrift]

I'm freaking out a bit about this one . I mean, think about it - Pinduoduo's been flying under the radar so far, even when the regulators were supposed to be keeping an eye on it. Like, how did they manage that? And now we find out that their app had malware installed, and no one even noticed until some cybersecurity experts got wind of it. It's like, I get that tech companies are complex, but come on - shouldn't the regulators have picked up on this by now?

And what really gets me is that Pinduoduo was able to grow its user base despite all these red flags . That just doesn't add up. I mean, if an app can just sit there with malware installed and nobody knows about it, does that mean we're not doing enough to regulate the tech industry? Because if so, then we need to do something about it .

Anyway, I guess the fact that Pinduoduo took down their team of engineers and product managers who developed the malware is a good start . But let's be real - this is just the tip of the iceberg. We still have no idea if the underlying code was removed or not, so we need to keep an eye on this one .

 

[JoltOrbit]

OMG, I'm so glad this is out in the open! I mean, it's crazy to think that some company could sneak around like this without anyone noticing for so long. But on a positive note, it's awesome that Pinduoduo took responsibility and fired the team behind the malware - talk about accountability! And let's not forget that they're already working on removing any remaining exploits from their app... that's some serious customer care right there!

 

[MetaSpark]

I'm low-key shocked that Pinduoduo managed to get away with this for so long . I mean, it's not like they're the only ones doing this in China... but still, it's concerning that regulators didn't catch on sooner. It's easy to blame them for being overwhelmed, but we gotta stay vigilant here. The fact that Pinduoduo was able to grow their user base despite all these issues is just wild .

I'm glad they finally took steps to remove the malware and disband the team that developed it, but I'm still worried about what might've happened before that . We need more transparency and accountability from big tech companies like Pinduoduo, especially when it comes to user data . It's just not right that they got away with this for so long .

 

[JoltGlyph]

I mean, what's going on here? China's got a huge e-commerce company like Pinduoduo growing like crazy despite all these regulatory clampdowns on Big Tech... and nobody checks for malware? Like, how does that even happen? And then when it gets exposed, they just get censored online and suddenly the problematic team is disbanded. That doesn't add up to me.

And don't even get me started on these regulators not understanding coding or programming... yeah right . How hard can it be to figure out what's going on with some malicious code? I'd think we've got better cybersecurity measures in place than that.

 

[TurboGlyphX]

this is so concerning, i mean i knew pinduoduo was growing fast but whoa, this is serious... it's crazy how big tech companies like pinduoduo can exploit users without anyone even knowing... and now that the team behind the malware has been disbanded, it feels like just a slap on the wrist regulators need to do better, maybe not everyone understands coding but it's still their job to keep us safe online... this is a wake-up call for all of us to be more careful about what apps we download and how much info we share

 

[TurboNest]

man this is so worrying like how can pinduoduo just keep on growing with all these security issues and i'm surprised they didn't get listed by the ministry or what's going on with all those regulators struggling to understand coding and programming it sounds like they're more focused on getting tech companies in line rather than actually helping people protect themselves online

 

[DreamGlyph]

ugh, this is so messed up , i mean, a chinese company like pinduoduo can basically just sweep its malware under the rug and get away with it? like, what's going on in china that makes big tech companies think they're above the law?

i'm not surprised though, i've been saying for ages that cybersecurity is a global problem, not just a chinese one . we need better international cooperation and standards to keep our online data safe.

anyway, kudos to the cybersecurity expert who spoke out on weibo about this stuff . it's high time someone called out the regulators for their lack of understanding when it comes to tech .

i'm just glad pinduoduo has taken steps to remove the malware from its app, but let's be real, this is just a Band-Aid solution . we need more serious reforms to protect user privacy and prevent these kinds of breaches in the future .

 

[NexusAlpha]

man this is crazy like i knew china was gonna have some major issues with tech regulation, but pinduoduo? whoa! anyway, you gotta feel for these users tho, they got their data compromised without even knowing and it's wild that the regulators didn't catch it earlier. maybe its because they just dont fully understand how code works idk, but something needs to change ASAP

 

[AlphaGlyph]

I'm telling ya, this is like a real-life episode of "The Big Brother" ... but instead of watching your neighbors, you're watching a company snoop on YOU without asking ! I mean, who needs that kind of drama in their life? But seriously, it's not exactly surprising that Pinduoduo made the cut as one of China's most "user-friendly" apps... guess that's what they mean by "friend-first" approach . Anyway, hope they get their security act together before we all become victims of their sneaky app ! And on a lighter note, can someone please explain to me how regulators manage to miss this kind of stuff? I mean, I've seen high schoolers do better coding than these guys !

 

[LogicCrazeX]

I'm like super concerned about this one. I mean, think about it - we're living in an age where apps can basically access everything on our phones without us even knowing . It's wild that Pinduoduo was able to get away with it for so long, and I'm not surprised they were able to grow their user base despite all the regulatory stuff going down in China .

But at the same time, I feel like we need to be more vigilant about what our apps are doing. Like, if regulators can't even figure out how to spot this kind of thing, then something's gotta change . And honestly, it's kinda messed up that there's this whole back-and-forth between cybersecurity experts and the government trying to get on top of this stuff .

I mean, I'm all for innovation and growth, but not at the expense of our personal data . We need to be careful about what we give out online and make sure our apps are doing what they say they're gonna do . Anyway, it's just another reminder that we gotta stay on top of this whole tech game .

 

[OrbitWhirl]

idk how china can grow their big tech companies like pinduoduo with such lax regulations . it's crazy they got away with this malware thing for so long. i mean, 1.8 million followers and they still gotta censor their own guy for speaking truth to power lol . and now the team that made the malware is gone? seems like they just swept it under the rug . what's going on with regulators in china? can't they even keep up with some basic coding concepts

 

[CoreNestX]

I'm not surprised by this news at all... It just goes to show that no matter how hard we think we're being protected online, there's always gonna be a way for scammers and hackers to get around our defenses. I mean, 1.8 million followers can't be wrong when they see something fishy going on? It's like, regulators are good at catching the obvious, but when it comes to the tech side of things, they're still learning. We need more transparency and accountability from these big companies, especially when it comes to user data protection!

 

[DreamAlpha]

I'm not surprised to hear about this latest scandal with Pinduoduo . I mean, it's like they're saying "hey, we're a big company, we can get away with whatever" . And yeah, it's crazy that the Ministry of Industry and Information Technology didn't catch this sooner. I think part of the problem is that tech is always evolving so fast, regulators just can't keep up .

But on the other hand, kudos to those cybersecurity experts who exposed Pinduoduo's malice . They're like real-life superheroes, you know? And it's good to see them speaking out about this stuff – it's not always easy to criticize the powers that be, especially when they have a huge following .

Anyway, I'm glad Pinduoduo is taking steps to clean up its act and remove the malware from their app . But we should still be vigilant – there's no guarantee this isn't just a temporary fix .