A cybersecurity research team found potential malware embedded in versions of PDD Holdings Inc.'s Chinese shopping app Pinduoduo. The findings were shared with Bloomberg News, which reported that the malware found in the app could elevate its privileges to undermine user privacy and data security. The report came days after Google suspended the app from its Android app store and warned those with the app installed on their device to uninstall it.
The results, after testing a version of the app distributed through a local app store in China, show that an early version of the Pinduoduo app contains malware that exploits system software vulnerabilities to install backdoors and gain unauthorized access to user data and notifications.
The security researcher, confirmed the report, saying, "Some versions of the Pinduoduo app contained malicious code that exploited known Android vulnerabilities to escalate privileges, download and execute additional malicious modules, some of which also gained access to users' notifications and files."
PDD Holding denied claims that its app contained malicious code as it vies for market share in China's hotly contested e-commerce sector, led by Alibaba Group Holding Ltd. and JC.com Inc. There is speculation that PDD's other app, Temu, which sells everything from clothes to kitchenware, could face scrutiny in the United States, where it operates its services. The US security agency has already warned security officials, government employees and others who hold important government positions to uninstall TikTok, another well-known social platform from China that was found to have security threats. Unfortunately, Google's warning was visible to users of its mobile service, which does not operate in China.