Dorm Room
  • Communities
  • Create Post
  • Create Community
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
Nemeski@lemm.ee to Technology@lemmy.worldEnglish · 1 year ago

Shopping app Temu is “dangerous malware,” spying on your texts, lawsuit claims

arstechnica.com

external-link
message-square
235
fedilink
857
external-link

Shopping app Temu is “dangerous malware,” spying on your texts, lawsuit claims

arstechnica.com

Nemeski@lemm.ee to Technology@lemmy.worldEnglish · 1 year ago
message-square
235
fedilink
Temu "surprised" by the lawsuit, plans to "vigorously defend" itself.
  • kibiz0r@midwest.social
    link
    fedilink
    English
    arrow-up
    26
    arrow-down
    2
    ·
    edit-2
    1 year ago

    Comments here: “Yeah right, I’ll believe it when they explain how.”

    Article: literally has a section explaining how

    Edit:

    Replies: “Yeah, but that’s just a summary. I’ll believe it when they explain in full detail.”

    Article: literally has a link to the detailed explanation

    • AProfessional@lemmy.world
      link
      fedilink
      English
      arrow-up
      16
      arrow-down
      2
      ·
      edit-2
      1 year ago

      The claim is they completely bypass all Android and iOS security is pretty unbelievable.

      If so then the real discussion is how these zero day exploits are just sitting around.

      EDIT: It seems the focus is on Android but all the information is nonsensical, like AI generated buzzword bingo.

      • aodhsishaj@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        I’m not seeing too many buzzwords here

        https://grizzlyreports.com/we-believe-pdd-is-a-dying-fraudulent-company-and-its-shopping-app-temu-is-cleverly-hidden-spyware-that-poses-an-urgent-security-threat-to-u-s-national-interests/

        • AProfessional@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          edit-2
          1 year ago

          That source looks better indeed.

          Ars quotes nonsense like “bypasses the security” and “exploit the user”.

          Those terms have meaning and they aren’t applicable here.

          At the end though they do say things like

          is able to hack your phone from the moment you install the app

          Without any credible evidence.

    • TORFdot0@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      1
      ·
      1 year ago

      It states that it’s somehow breaking the permissions sandbox by dynamically recompiling code after the app is opened. Unless there is some undisclosed exploit that it’s using to break the sandbox, it’s outside most people’s understanding of how these platforms work

      • MoonRaven@feddit.nl
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        It only explains how it would pass (automatic) reviews. Not how it would bypass the sandbox. So yeah, you’re right, not enough info sadly.

        • TORFdot0@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          Someone else posted this report in this thread which does a good job of the deceptive practices and API calls the app uses to trick the user into giving permissions up willingly and otherwise collect data it shouldn’t.

Technology@lemmy.world

technology@lemmy.world

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


  • @[email protected]
  • @[email protected]
  • @[email protected]
  • @[email protected]
Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 1.19K users / day
  • 7.73K users / week
  • 14.2K users / month
  • 33.5K users / 6 months
  • 1 local subscriber
  • 76.3K subscribers
  • 16.3K Posts
  • 696K Comments
  • Modlog
  • mods:
  • L3s@lemmy.world
  • enu@lemmy.world
  • Technopagan@lemmy.world
  • L4sBot@lemmy.world
  • L3s@hackingne.ws
  • L4s@hackingne.ws
  • BE: 0.19.10
  • Modlog
  • Instances
  • Docs
  • Code
  • join-lemmy.org