One of China’s most popular apps has the ability to spy on its users, say experts | CNN Business

H

HexaSpark

A Chinese e-commerce company, Pinduoduo, has been accused of having malware in its app that could access users' personal information without their consent. The malware was discovered by cybersecurity experts who found that the app was requesting excessive permissions and had the ability to exploit vulnerabilities in the Android operating system.

Pinduoduo has denied any wrongdoing and has since removed the malicious code from its app, but some experts are questioning why regulators did not take action sooner.

The incident raises concerns about the company's compliance with China's data protection laws and regulations. The Personal Information Protection Law, which was passed in 2021, prohibits companies from collecting, processing or transmitting personal information without consent and also bans them from exploiting internet-related security vulnerabilities.

The Ministry of Industry and Information Technology and the Cyberspace Administration of China have been criticized for not taking action against Pinduoduo sooner. Some cybersecurity experts have expressed frustration that regulators do not understand technology and are unable to detect malicious code.

The incident highlights the challenges faced by Chinese regulators in policing the tech industry, particularly when it comes to issues related to data protection and security.

In response to the incident, some Chinese social media users have called for greater oversight of the tech industry and more action to be taken against companies that fail to comply with regulations. Others have expressed concern about the lack of transparency from regulators and the potential risks to consumers.

Pinduoduo has since disbanded a team of engineers who had developed the malware, but some experts are concerned that this may not address all of the issues related to data protection and security.
 
I'm so worried about Pinduoduo's actions 🤕 it just goes to show how lax regulators are in China when it comes to tech companies. I mean, come on, they knew about this malware since who knows when and still didn't do anything about it 🙄. It's like they're more interested in letting big business run wild than protecting consumers. And now the engineers who made the malware are free to roam again? 🚫 that just doesn't sit right with me. We need to hold these companies accountable for their actions and make sure they're playing by the rules. Otherwise, it's going to be a never-ending nightmare for people like us who care about online security 💻.
 
This whole thing is super worrying 🤔... I mean, think about it - an entire company's app is infected with malware, potentially putting millions of people's personal info at risk? And what really takes the cake is that regulators didn't catch this sooner 🕰️. It's like they're not even doing their job properly.

I get why Pinduoduo would want to dispute these claims, but come on - how can you blame them for not knowing about it if no one's checking in on their app regularly? 🤷‍♂️ I mean, this is the 21st century we're living in; tech companies are supposed to be held accountable.

The thing that really bothers me is that these cybersecurity experts were only able to find out about the malware because they were doing their job. What if a regular user had stumbled upon it? They wouldn't know what was going on and would probably end up being victimized 🚨. So yeah, this whole situation stinks and needs to be looked into ASAP 💯
 
🤦‍♂️ I remember when my sister used to use Pinduoduo app, she would always get these annoying ads on her phone... now it seems like those ads were actually a backdoor for malware 🚨! Anyway, what really got me is why the regulators didn't act sooner. I mean, if they knew about this issue, they should have cracked down on Pinduoduo years ago... or at least when the Personal Information Protection Law was passed in 2021 🤯.

I'm also kinda surprised that some people are still using Pinduoduo after this incident... don't they know their personal info is being put at risk? 😒 I think we need to hold tech companies accountable for their actions and make sure they comply with regulations. Maybe then we can have some peace of mind when we're shopping online 🛍️.
 
Ugh 😬 I mean, come on! Regulators should've been all over this like a bad rash 🤢 ASAP. It's one thing to make mistakes, but it's another thing entirely when you're dealing with potentially serious security breaches and people's personal info is at risk 💸. Pinduoduo's gotta be really careful what they're asking for permissions on - I mean, who gives an app access to their location, camera, and mic all the time? 🤔 It's just not right.

And don't even get me started on the regulators... I mean, come on! How hard is it to keep up with these new tech things? 😂 They're basically saying "oh no, we didn't know that" - like it's their job to stay informed about these kinds of issues. And what about all those users who are already vulnerable because they don't speak English or don't know what's going on? 🤷‍♀️ It's just not good enough.

We need more transparency and accountability from companies like Pinduoduo, and we need regulators who actually understand the tech industry to step up their game. Otherwise, this is gonna keep happening and people are gonna get hurt 💔.
 
Malware in the app of Pinduoduo is like a mirror reflecting our own lack of awareness about online safety... We need to be careful what we allow others access to in our digital lives, just like how Pinduoduo needed to reevaluate its permissions to protect user data 🤔💻. Regulators may not always understand the tech landscape, but that's no excuse for complacency – it's a reminder that we all need to stay vigilant and educate ourselves on how to protect our online identities 💡🚫.
 
🤔 I'm really disappointed in how slow the Chinese regulators were to take action against Pinduoduo. It's not like they didn't have a chance to review their app before it was publicly available 📊 The fact that they're only now addressing the issue, after the fact, just shows how out of touch they are with tech trends 💻 I mean, come on, this is 2025 and we still can't trust our apps without doing our own security checks 🔍 It's like they're trying to cover up their lack of understanding about the tech industry 🤷‍♂️
 
🤔 I'm not buying it that Pinduoduo was "completely unaware" of the issue. I mean, come on, a team of engineers gets caught with their hands in the cookie jar? It sounds like a pretty big mistake to me. 🙄 They claim they removed the malware ASAP, but what about all the people who downloaded and used the app while it was infected? Do they not get any protection or support?

And let's be real, this is just another example of how lax Chinese regulations are when it comes to tech companies. I'm not saying Pinduoduo did anything wrong on purpose, but it's clear that there's a lot of room for improvement here. 🚀 What needs to happen is more transparency from regulators and better oversight of these companies. We need to see some real action taken against Pinduoduo and other companies that are compromising user data. 💻
 
🤦‍♂️ just saw that Pinduoduo's malware was removed from their app... 7.5 billion Android users worldwide 🌎, can you believe that? 🙄 avg. user installs apps like 200 times a day 📊, and only 1 in 10 million gets infected with malware 😳. China's Personal Information Protection Law has been in effect since 2021 📆, so how did Pinduoduo slip through the cracks? 🤔

stats: 📊
- 77% of mobile users have downloaded apps from untrusted sources 📈
- 42% of mobile devices are vulnerable to Android malware 🚨
- $120 billion lost to cybercrime in 2024 alone 💸, and we're just getting started... 🤯

Pinduoduo's removal of the malicious code is a good start, but more needs to be done 🙌. I'm not buying that they were unaware of the issue 🚫... cybersecurity experts should've caught this sooner 🔍!
 
I'm still in shock over this whole thing 🤯... how can a company like Pinduoduo get away with putting malware in its app for so long? It's just common sense, folks! If you're gonna collect personal info from users, make sure you've got the permissions and the security measures to protect it. It's not rocket science.

I feel for the cybersecurity experts who had to dig through all that code to find this stuff... they must be exhausted 😴. And what really gets me is that regulators took their sweet time to step in. I mean, come on! This is basic tech stuff. Can't we just get it right for once? 🙄

It's like they say: "if you don't know, ask" 🤓... and the question is, where was this kind of oversight when Pinduoduo first launched? It's a wake-up call, that's for sure. Time to take action and make some real changes in this industry! 👊
 
I'm low-key shocked they didn't catch this sooner 🤯... like, how hard is it to detect malware when you've got resources? 🤑 The fact that Pinduoduo can just dismiss it as a " technical issue" and remove the code without taking responsibility is really sketchy 😒. And what's up with all these "regulatory agencies" not doing their jobs? I mean, they're supposed to protect us from companies like this, but instead they're just enabling them 🙄...
 
OMG, I'm so glad someone is finally calling out Pinduoduo for this 🤯! I mean, I know they're a huge company and all, but come on, who do they think they are? Accessing users' personal info without consent? It's just basic security 101, fam 😒. And yeah, the regulators need to step up their game too - it's not like this is a new issue or anything 🙄. I've been saying it for ages that China needs to get its tech industry in check and these laws need to be enforced ASAP! 💪
 
😒 I'm low-key surprised it took so long for regulators to catch wind of this. Like, Pinduoduo is one of those big players in China now... you'd think they'd be extra careful with user data, especially considering how strict the Personal Information Protection Law is 🤦‍♀️. But maybe that's just what I'm thinking as a netizen who's seen all this drama play out on social media 😂.

The thing that really gets me is how Pinduoduo just kinda... removed the code and moved on, like it was no big deal 💁‍♀️. And now they're talking about disbanded their team of engineers? It feels like a PR stunt to me 🚮. I'd love to see some real action taken against them for this... but at the same time, I get that regulators have got to balance all these competing interests 💼.

It's just frustrating when you think back to all those times you've seen Chinese companies getting all cozy with the government and then... BAM! They're caught red-handed 🔴. It feels like there's a whole lot of smoke and mirrors going on here 🎩.
 
🤖 this is so sickening I mean like pinduoduo's got this huge app with millions of users and they're just letting them walk into a trap with malware 🚫💻. it's like regulators are asleep at the wheel or something. i get that tech is moving fast but come on we need better oversight here. China's got some of the most advanced tech companies in the world and yet they can't even get their own security act together? 🤦‍♂️ what's next?
 
🚨 this is so worrying! I mean, Pinduoduo's been accused of having malware in its app that can access users' personal info without their consent 🤯. And now regulators are questioning why they didn't take action sooner... like, shouldn't they have been on top of this? 🤔 the thing is, China's got some pretty strict data protection laws, but apparently, not everyone's taking them seriously 😒.

And it's not just Pinduoduo - this raises some big questions about how the government's handling tech companies and their compliance with regulations 🤝. I mean, we've all heard of the saying "regulation is key", but when does it actually happen? 💼

It's kinda refreshing to see Chinese social media users calling out for greater oversight and more action from regulators 👊... and some are even demanding more transparency from them 📊. Maybe this is a wake-up call for the government to step up their game? 🔔
 
omg 🤯 this is so not good for china's rep 😬 pinduoduo needs to do way better than just removing the code from their app 👎 i mean, how could they even think it was okay to collect people's info without asking? 😳 and yeah, the regulators need to step up their game too 🚨 like, how can you not detect malware in an app that's out there for everyone to use? 🤔 gotta do better than just blaming experts for not being tech-savvy 🙅‍♂️
 
🚨 Pinduoduo's got some serious explainin' to do 🤔. Malware in their app? That's like askin' if a leaky faucet is just an accident 🚽. It's about time those regulators stepped up their game, especially since we're talkin' about personal info here 💻. Disbandin' the team that made the malware isn't exactly reassuring 👎. I mean, how can you trust someone who can develop malware in the first place? 🔒
 
🤔 I mean, think about it... we're living in an era where our personal info is being used against us without even realizing it. It's like, we're trading our freedom for convenience, you know? And now, Pinduoduo's malware incident has exposed the dark side of that trade-off. 🤖

The fact that regulators didn't catch this sooner raises some serious questions about their understanding of tech and its implications on society. I mean, it's not just about the company; it's about the broader ecosystem we're building here. We need to think critically about what kind of tech we want to develop and use in our lives.

And while Pinduoduo's taken steps to remove the malware, the fact that they had to do so at all highlights the need for greater transparency from companies like theirs. It's time for them to be more open about their data collection practices and how they're using our info. 💻
 
🤔 I'm so worried about our digital lives right now... like what if Pinduoduo just covered up the issue or made it harder to detect next time? 🤦‍♀️ And yeah, I think regulators need to step up their tech game - they can't just rely on word of mouth from companies. We need clear guidelines and stricter penalties for non-compliance. 💯 Also, what's the point of having laws if no one enforces them? It's like, we're all stuck in this grey area where no one knows who's safe or not... 🤯 And another thing - I'm all for holding companies accountable, but let's not forget that Pinduoduo is just a symptom of a bigger problem. We need to look at the entire ecosystem and figure out how to make it safer and more transparent from top to bottom. 💻👍
 
I'm so worried about Pinduoduo's whole situation 🤯🚨. I mean, how can they just be so reckless with people's personal info? It's like, basic human rights stuff right there... The fact that regulators didn't step in sooner is super concerning - what kind of oversight are we talking about here? 😒

And it raises some valid questions about the whole tech industry in China. Like, how can companies just ignore data protection laws and security vulnerabilities if they think no one will catch on? 🤷‍♂️ The fact that Pinduoduo has already taken down the malicious code is good, but what about the bigger picture? Shouldn't we be seeing more action from regulators to protect consumers?

It's also interesting how some Chinese social media users are pushing for greater oversight of the tech industry. Maybe they're right - maybe it's time for some serious reform in the way that regulations are handled. 💡
 
You must log in or register to reply here.
Back
Top