TEMU Slapped with Lawsuit Claiming Shopping App is “Dangerous Malware”

According to an ArsTechnica report, Arkansas Attorney General Tim Griffen alleges in a lawsuit filed at the end of June that popular shopping app Temu is “dangerous malware” that uses access to a user’s phone to access data, including the phone’s camera, location, contacts, text messages, documents, pictures, and installed apps.

Griffen cites an investigation by Grizzly Research – a company that analyzes publicly traded companies for investors – that reported PPD Holdings, Temu’s parent company, is a fraudulent company.

Griffen alleges that Temu, the app, is designed in such a way as to lure users into downloading the app with cheap prices while the primary goal is to capture the user data to sell highly targeted advertising to vendors.

On the other side, hundreds of complaints to the Better Business Bureau show that with the cheap prices come extremely cheap or misleadingly advertized goods.

Temu is one of the most popular shopping apps in the world with over 52 million downloads to date.

On Android phones, Temu allegedly uses a high-risk permission set, according to Google, that can potentially allow the app to bypass security and read messages and notifications.

Both Google and Apple have flagged Temu’s data privacy terms as misleading.  A similar app by PPD Holdings, Pinduoduo was suspended by Google and Apple from their respective app stores. Investigators noted that Pinduoduo was able to spy on competitors’  apps, run in the background, and prevent itself from being uninstalled.

PPD Holdings, the parent company of Temu has said “The allegations in the lawsuit are based on misinformation circulated online, primarily from a short-seller, and are totally unfounded. We categorically deny the allegations and will vigorously defend ourselves.”

Temu was originally founded in China by former Google employee Colin Huang back in 2015. After scrutiny surrounding Pinduoduo’s suspension from the app stores, the company headquarters was moved to Ireland with New York as the U.S. base of operations. However, the majority of Temu’s business operations remain in China.

The lawsuit, filed under the Arkansas Deceptive Trade Practices Act and Arkansas Personal Information Protection Act could cost Temu $10,000 per violation plus the loss of profits from any sales of user data and deceptive sales.

While you should always be careful about what apps you install, and all apps collect some data, do you really need a 99-cent pair of shorts in exchange for your text messages, photos, and purchases at other retailers?

We recommend that you close your Temu account and uninstall the app. If you need help or think your data has been compromised, please contact us.