Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Chinese Apps. Show all posts
User Privacy
Chinese Apps Data Safety Mobile Security Online App United States User Privacy

China's Temu App Pose a Security Threat to Online Shoppers

 

Apps rule the contemporary era. Each aspect of our lives, from communication to e-commerce, appears to be dependent on digital platforms that promise convenience at the push of a button.

A newbie among these apps has recently attracted a lot of attention. Temu, a Chinese-affiliated discount shopping site, has experienced tremendous growth in the United States. 

However, this level of popularity has generated a lot of scrutiny and worries regarding the platform's potential data security vulnerabilities. This blog post will look at the Temu data risks, the Temu app's potential concerns, and if it is safe to shop on Temu. 

What exactly is Temu? 

Temu (pronounced "tee-moo") is an e-commerce platform operated by PDD Holdings, a Nasdaq-listed Chinese business that also owns Pinduoduo, a shopping app that sells anything from groceries to clothing. PDD is headquartered in Shanghai, whereas Temu has its base in Boston. Temu, dubbed a clone of the fast-fashion label Shein, has had a staggering rise in the US market, overtaking heavyweights such as Instagram, WhatsApp, Snapchat, and Shein on the Apple App Store only 17 days after its launch. 

Temu has been downloaded by nearly 80 million Americans since its inception in September 2022, according to Apptopia data. You may recall seeing their expensive Super Bowl advertising promising users the ability to "shop like a billionaire." It's also worth mentioning that Temu's global reach extends beyond the United States; the company started in the United Kingdom in March, just weeks after entering Australia and New Zealand. While its popularity cannot be ignored, critical issues remain: is Temu safe, and is it safe to shop on Temu? 

Data threats and controversies 

Temu's meteoric rise has not been without controversy. The United States has accused Temu of posing potential data dangers, especially after its sister app Pinduoduo was removed from Google's app store due to the presence of malware on the Pinduoduo app that exploited vulnerabilities in Android operating systems.

According to company insiders, the exploits were utilized to spy on consumers and competitors in order to boost sales. Pinduoduo requested up to 83 permissions, including biometric, Bluetooth, and Wi-Fi network information access. 

Temu's data requests are not as intrusive as Pinduoduo, but the fact that Temu wants 24 permissions, including access to Bluetooth and Wi-Fi network information, is cause for alarm. 

These permissions may appear innocuous at first glance, but cybersecurity experts warn that an e-commerce app does not need to keep biometric data, and any request to do so should be viewed with suspicion. Biometric data, unlike passwords, cannot be updated, making them an attractive target for criminals. 

Users should also question the need for e-commerce apps to acquire Wi-Fi data. If a user connects to a workplace Wi-Fi network, the data could provide a conduit for thieves to infiltrate potentially sensitive information. The question then becomes, why does an e-commerce app require such access? 

The bigger China picture 

There are other cases like Temu's, too. E-commerce platform data concerns are a subset of a more widespread systemic issue. Because of security concerns, Chinese-owned apps are closely inspected in the United States. Temu and Shein were cited as potential data threats by the U.S.-China Economic and Security Review Commission. 

For these platforms to curate and deliver products, U.S. laws, regulations, and market principles face serious risks and obstacles due to the reliance on American users installing and using their apps. Although there isn't any concrete evidence that these companies share info with the Chinese government, the possibility still exists. We have already talked about these issues in relation to the popular app TikTok. 

The Critical Information Infrastructure (CII) operators are required under China's Cybersecurity Law, which was introduced in 2016 and came into effect in June 2017, to grant the government unrestricted access to their data and to require that it only be stored on the country's mainland. 

In addition, the Communist Party of China's 2012 Constitution mandates that top CCP members must be given the chance to hold leadership roles within both public and private businesses functioning in China. By 2017, these government representatives had positions in over 1.86 million privately owned companies in China.

The Chinese government is propagating its objective of establishing world economic dominance with these legislative measures now in place. As a result, there is worry in the U.S. that Temu and other apps connected to Chinese companies could potentially be assisting in this goal by sharing our data with the Chinese government, posing a threat to our economy and the privacy of our citizens.
Read more »
Unauthorized access
ByteDance Chinese Apps Chinese Hackers Data Breach Data Privacy Laws Personal Data TikTok Unauthorized access

China's Access to TikTok User Data Raises Privacy Concerns

A former executive of ByteDance, the parent company of the popular social media platform TikTok, has made shocking claims that China has access to user data from TikTok even in the United States. These allegations have raised concerns about the privacy and security of TikTok users' personal information.

The ex-employees claims come at a time when TikTok is already under scrutiny due to its ties to China and concerns over data privacy. The United States and other countries have expressed concerns that user data collected by TikTok could be accessed and potentially misused by the Chinese government.

According to the former executive, Chinese Communist Party (CCP) officials have direct access to TikTok's backend systems, which allows them to obtain user data from anywhere in the world, including the US. This access allegedly enables the Chinese government to monitor and potentially exploit user data for various purposes.

These claims have significant implications for the millions of TikTok users worldwide. It raises questions about how their personal information is secure and protected from unauthorized access or potential misuse. Furthermore, it adds to the ongoing debate surrounding the relationship between Chinese tech companies and the Chinese government, and the potential risks associated with data sharing and surveillance.

ByteDance has previously denied allegations that TikTok shares user data with the Chinese government. The company has implemented measures to address privacy concerns, such as establishing data centers outside of China and hiring independent auditors to assess its data security practices.

However, these latest claims by a former executive fuel the skepticism and reinforce the need for transparency and independent verification of TikTok's data handling practices. It also underscores the importance of robust data protection regulations and international cooperation in addressing the challenges posed by global technology platforms.

Regulators and policymakers in various countries have examined TikTok's data privacy practices and explored potential restrictions or bans. These claims may add further impetus to those efforts, potentially leading to stricter regulations and increased scrutiny of TikTok's operations.

The allegations made by the ex-ByteDance executive regarding China's access to TikTok user data in the US have sparked fresh concerns about data privacy and security. As the popularity of TikTok continues to grow, it is crucial for the company to address these claims transparently and take additional steps to reassure users that their data is protected. Meanwhile, governments and regulatory bodies must continue to evaluate and enforce robust privacy regulations to safeguard user information in the era of global technology platforms.
Read more »
malware
Chinese Apps Chinese Hackers Google Playstore Malicious actor malware

Pinduoduo App Malware: A Security Warning

Pinduoduo, a popular Chinese e-commerce app, has come under scrutiny from cybersecurity experts after multiple reports of malware surfaced. According to CNN, a recent analysis found that the app contained a 'sophisticated and complex' malware strain that allowed attackers to steal personal data and spy on users' activities.

In a report by Bloomberg, cybersecurity researchers noted that the malware was able to "hijack user accounts, steal payment information, and even take control of users' phones." The report also highlighted that the app had been downloaded over one billion times, making it a significant threat to users' security and privacy.

In response to these reports, Google Play has suspended the app from its platform. The South China Morning Post notes that this is not the first time that Pinduoduo has come under fire for suspected malware. In 2021, the app was accused of selling counterfeit goods and allowing the sale of illegal and fake products.

Brian Krebs, a cybersecurity expert, notes that the Pinduoduo case highlights the risks of using apps from untrusted sources. He emphasizes that "users should always be wary of downloading apps from unfamiliar sources, as they may contain malicious code that can compromise their security and privacy."

The Pinduoduo case also underscores the importance of regularly updating software and using trusted security solutions to protect against malware and other cyber threats. As the threat landscape continues to evolve, it is essential that individuals and organizations remain vigilant and proactive in protecting their digital assets.

The Pinduoduo incident serves as a sobering reminder of the dangers presented by unreliable apps and the significance of cybersecurity in the current digital era. Users must take the necessary precautions to protect themselves and their data as cyber threats continue to grow in sophistication and complexity. Individuals and organizations can reduce the dangers of cyber assaults and secure their online safety by remaining educated, upgrading software on a regular basis, and employing reputable security solutions.

Read more »
US Government
Canada Government Chinese App Ban Chinese Apps Cyber Security Data Security Tiktok TikTok TikTok Ban US Government

Here are the Countries That Have Imposed TikTok Ban


This week, the U.S. and Canada have issued orders to ban the use of TikTok on state-issued gadgets, following the raising cybersecurity concerns over the video-sharing app. 

Bytedance, the Chinese company that owns TikTok, has long insisted that it does not exchange data with the Chinese government and that it does not store any of its data there. 

The company alleges that the app is independently managed and refutes claims that it collects more user data than other social media sites. However, many countries tend to have erred on the side of caution when it comes to the platform and their ties to China. 

We are listing the countries and regions that have either imposed a partial or a complete ban on TikTok: 

INDIA 

India imposed a ban on TikTok along with several other Chinese apps like messaging app WeChat in 2020, following concerns over user privacy and cybersecurity. 

The ban was implemented shortly after a clash between Indian and Chinese troops in a military dispute on the Himalayan border, which resulted in the death of 20 Indian soldiers and injured dozens. The corporations were given the chance to respond to inquiries about privacy and security requirements, but the ban was rendered permanent in January 2021. 

TAIWAN 

Following a warning issued by the FBI that TikTok presented a threat to national security, Taiwan banned the app from the public sector in December 2022. Chinese-made software, including apps like TikTok, its Chinese version Douyin, or Xiaohongshu, a Chinese lifestyle content app, is not permitted to be used on government equipment, including smartphones, tablets, and desktop computers. 

UNITED STATES 

This week, the US announced that the government authorities have 30 days to delete TikTok from federal devices and systems. The ban is applicable only to state-owned devices. China reacted angrily to the American decision to block TikTok, accusing the United States of abusing its power and stifling foreign companies. 

Also, the software is prohibited from being used on official devices in more than half of the 50 U.S. states. 

CANADA 

Following the announcement made by the US, Canada announced that the government-issued devices must not use TikTok on Monday, noting that the app could put the devices’ privacy and security at stake. In the future, the employees may as well be restricted to download the application. 

EUROPEAN UNION 

TikTok has been banned on employee devices by the European Parliament, European Commission, and EU Council, three of the major EU organizations. The embargo imposed by the European Parliament becomes effective on March 20. It has been advised to lawmakers and staff to uninstall the app from their personal devices. 

PAKISTAN 

Since October 2020, Pakistani authorities have briefly banned TikTok at least four times due to worries that the app encourages immoral content. 

AFGHANISTAN 

In 2022, the Taliban leadership in Afghanistan outlawed TikTok and the Chinese game PUBG, citing the need to prevent children from "being misled."  

Read more »
Payment Gateway Firm
Chinese Actors Chinese Apps Cyber Crime Loans Payment Apps Payment Gateway Firm

Chinese Loan App Case: ED Freezes Rs 46.67 Crore Worth Funds Of Payment Gateway Apps

 

The Enforcement Directorate has carried out raids against Chinese “controlled” loan apps and investment tokens. The ED froze Rs. 46.67 cr. worth funds kept at the Bengaluru premise of payment gateways accounts of Easybuzz, Razorpay, Cashfree, and Paytm in connection with the HPZ token case over alleged irregularities in the operation of instant app-based loan-giving companies that are controlled by Chinese personals. The funds have been frozen and seized under the Prevention of Money Laundering Act (PMLA).

The investigation was carried out on September 14th at various business and residential premises in Delhi, Ghaziabad, Mumbai, Lucknow, and Gaya over the money laundering case probed against an app-based token named HPZ and related entities. The case is based on an FIR filed in October 2021, registered by the Kohima police’s cybercrime unit in Nagaland.

According to the ED, the HPZ token was an app-based token that lured victims to invest in the company, promising a doubling of their investments and large gains to the customers against investments by investing in mining machines in bitcoins and other cryptocurrencies.

“Payments were received from users through UPIs and other payment gateways/ nodal gateways/ individuals. Part amount was paid back to the investors and remaining amount was diverted to various individuals and company accounts through various payment gateways/ banks from where partly it was siphoned off in digital/virtual currencies. After that, the fraudsters stopped the payments and the website became inaccessible” states the ED.

Allegedly, the companies sourced the personal data of the victims at the time of downloading the loan apps even when their interest rates were “unsurious”. ED thus initiated a probe under the criminal sections of the PMLA after many debtors reportedly ended their lives. The debtors were being harassed and threatened by these loan app companies over the personal data available on their phones. The ED claims, that one such Loan app entity, labeled M/s Mad- Elephant Network Technology Private Limited in an agreement with X10 Financial Services Limited was operating several loan apps, namely Yo-Yo cash, Tufan Rupees, Coco cash, etc.) Similarly, Su Hui Technology Private Limited, in agreement with M/s Nimisha Finance India Private Limited, had operated loan apps.

In a meeting held on September 8, Finance Minister Nirmala Sitaraman reviewed the issues pertaining to the illegal loan apps. The meeting was attended by top officials from the ministry and RBI officials. It is being decided that appropriate measures shall be taken to check the operations of such apps. 
Read more »
WeChat
Account Hack Australia China Chinese Apps Cyber Security Mobile Apps Security WeChat

How Australia’s Leader Lost Control of His Chinese Social Media Account

 

After Prime Minister Scott Morrison's WeChat account was hacked, a Liberal member of parliament accused the Chinese government of foreign intervention. 

"It is a matter of record that the platform has stopped the Prime Minister's access, while Anthony Albanese's account is still active featuring posts criticising the government," Liberal representative Gladys Liu stated

"In an election year especially, this sort of interference in our political processes is unacceptable, and this matter should be taken extremely seriously by all Australian politicians." 

Liu stated she would stop utilizing her professional and personal WeChat accounts until the platform presented an explanation for the incident as part of her accusations against the Chinese government. 

Several Coalition members have supported Liu's charges and boycott, with Liberal Senator James Paterson, chair of the Parliamentary Joint Committee on Intelligence and Security, asking for Opposition Leader Anthony Albanese to boycott WeChat as well. 

The Prime Minister's office is attempting to contact the Chinese government regarding the account hijacking, according to Stuart Robert, the Minister responsible for digital transformation, who told The Today Show on Monday morning. 

"It is odd, and of course, the Prime Minister's office is seeking to connect through to them to work out and get it resolved," Robert said. 

Morrison's WeChat account was apparently changed and he had accessibility issues months ago, according to NewsCorp Australia, with the Prime Minister being unable to access the account at all.

Morrison's account is linked to a Chinese national based in Fujian, according to Australian Strategic Policy Institute senior analyst Fergus Ryan, because WeChat's policies at the time mandated accounts to be linked to the ID of a Chinese national or a business registered in China. 

A Tencent spokesman confirmed to ZDNet on Monday evening that the account was originally registered by a PRC individual, but that it is currently being managed by a technology services organisation. 

"Based on our information, this appears to be a dispute over account ownership -- the account in question was originally registered by a PRC individual and was subsequently transferred to its current operator, a technology services company -- and it will be handled in accordance with our platform rules," the Tencent spokesperson said. 

"Tencent is committed to upholding the integrity of our platform and the security of all users accounts, and we will continue to look into this matter." 

According to ABC News, Morrison's WeChat account was sold to Fuzhou 985 Information Technology in November of last year by the registered owner. 

The Chinese corporation allegedly purchased the social media account since it had roughly 75,000 followers and had no idea it was owned by Morrison. 

WeChat has been subjected to increasing restrictions in China, after being placed on notice last year for gathering more user data than was considered essential while providing services.
Read more »
User Security
Android Applications Android games Chinese Apps Data Breach EskyFun User Data User Data Leak User Privacy User Security

Chinese Android Game Developer Exposes Data of Over 1 Million Gamers

 

The Chinese developers of famous Android gaming applications exposed user information via an unprotected server. As per the report shared by vpnMentor's cybersecurity team, headed by Noam Rotem and Ran Locar, identified EskyFun as the owner of a 134GB server exposed and made public online.

Rainbow Story: Fantasy MMORPG, Adventure Story, The Legend of the Three Kingdoms, and Metamorph M are among the Android games developed by EskyFun. 

According to the team on Thursday, the users of the following games were included in the data leak and altogether they have over 1.6 million downloads combined: 
-Rainbow Story: Fantasy MMORPG
-Metamorph M
-Dynasty Heroes: Legends of Samkok u 

According to the researchers, the supposed 365,630,387 records included data from June 2021 onwards, exposing user data gathered on a seven-day rolling basis. 

As per the team, when their software is downloaded and installed, the developers impose aggressive and highly troubling monitoring, analytics, and permissions settings, and as a consequence, the variety of data gathered was considerably more than one would imagine mobile games to need. 

The records constituted IP and IMEI data, device information, phone numbers, the operating system in use, mobile device event logs, whether or not a smartphone was rooted; game purchase and transaction reports, email addresses, EskyFun account passwords, and support requests. 

vpnMentor estimates that up to or more than, one million users' information may have been compromised. 

On July 5, the unprotected server was detected, and EskyFun was approached two days later. However, after receiving no answer, vpnMentor tried again on July 27. 

Due to the continued inaction, the team was forced to contact Hong Kong CERT, and the server was safeguarded on July 28. 

The researchers commented, "Much of this data was incredibly sensitive, and there was no need for a video game company to be keeping such detailed files on its users. Furthermore, by not securing the data, EskyFun potentially exposed over one million people to fraud, hacking, and much worse."
Read more »
VPN
Ban Chinese Apps Cyber Security TikTok VPN

Indians to use VPN as a way to evade ban on Chinese Apps


It seems like people have found a way to circumvent government's ban on 59 Chinese Apps including favorites like TikTok, Share it, Shien, Clash of Kings, and many more and have moved on to use VPN (Virtual Private Network) to access these apps.


Right after the ban announcement by government companies like SatoshiVPNS put an advert on their social media stating, Ann investment in a VPN is an investment that always pays for itself — many times over.” There have been articles on blabberpost and others recommending how and which VPN to use to access the banned applications.

And it's not the first time Indians have turned to VPN to dodge regulations, in fact, we are quite notorious when it comes to VPN. After Reliance Jio, Bharti Airtel and Vodafone Idea - the largest telecom providers in the country- took down porn websites from their network, India fell only three steps from 12 to 15 in terms of visitors to Pornhub. A 2019 report from Pornhub revealed that 91% of Indian users access the site via mobile phone.

 Since February, India has seen a growth of 15% in VPN usage, according to a report by ExpressVPN; the global average stands at 21%. 

By the books, using VPN is not illegal in India for as much as it's not used for any illegal activity. The most common use of a VPN in the country is either to watch pornography or to access torrents and both of these do not summon legal actions.

Since the suspension of Internet service from August 2019 till March 2020 in the Kashmir Valley and the aftermath of weak 2g and 3g networks, many citizens turned to VPN in order to reach blocked content Facebook, Twitter, and other social media sites. The government even arrested some for using VPN to promote unlawful activities.
after the ban, Google and Apple App Store removed TikTok and Helo for Indian users but other banned apps like Browsers, Club Factory, Shein, ShareIT, and Clash of Kings are still listed on both the stores.
Read more »
Subscribe to: Posts (Atom)