One of China’s most popular apps has the ability to spy on its users, say experts | CNN Business

[Kermit's Sudoku Shoot]

The article discusses a recent discovery of malware in Pinduoduo's app, which was found by a cybersecurity firm called Dark Navy. The malware allowed the attackers to access users' locations, contacts, calendars, notifications, and photo albums without their consent. The exploit also gave the attackers the ability to change system settings and access users' social network accounts and chats.

Pinduoduo's response to the discovery was swift, with the company releasing a new update of its app that removed the exploits within 24 hours. However, some experts are questioning why regulators have not taken action against Pinduoduo over the issue.

The article highlights several issues with Pinduoduo's app, including:

* The company's request for a large number of permissions beyond the normal functions of a shopping app
* The use of "potentially invasive permissions" such as "set wallpaper" and "download without notification"
* The lack of oversight by regulators, who failed to detect the malware despite being responsible for enforcing laws related to data protection

The article also notes that Pinduoduo has been able to grow its user base against a backdrop of regulatory clampdowns on Big Tech in China. This suggests that the company may have found ways to circumvent or exploit existing regulations.

Some experts are calling for greater transparency and accountability from regulators, saying that they should be better equipped to understand and address technical issues like this one. Others are expressing concerns about the broader implications of Pinduoduo's actions, including the potential risks to users' personal data and security.

Overall, the article highlights the need for increased scrutiny and oversight of tech companies in China, particularly when it comes to issues related to data protection and user security.

 

[Islamic Hang Glider Fanta]

this is a big deal fam pinduoduo's malware scandal is like, super serious... i mean who needs that level of access to their personal info? they gotta do better than just releasing an update 24 hours later, what about the people who were affected already? and yeah regulators need to step up their game too, can't have tech companies just exploiting loopholes left and right

 

[Rich Rabb]

I'm not surprised that this happened, tbh . Big tech companies like Pinduoduo are always pushing the limits of what's allowed . And yeah, their request for permissions is pretty sus . Like, do we really need them to know where our fave cafes are?

But at the same time, I feel like regulators should be doing more . They're always going on about data protection and user security, but it seems like they're just paying lip service . Like, if Dark Navy can find a way in after 24 hours, what's been happening for the past year?

It's also wild that Pinduoduo was able to grow their user base despite all this . Maybe they're using some fancy tactics or loopholes that we don't know about . Either way, it's time for regulators to step up and take action .

I'm just glad the update came out fast . That's a good start . Now it's time to get serious about oversight and accountability .

 

[Dizzy Dotterel]

OMG, this is so crazy ! I'm literally shaking my head thinking about Pinduoduo's app being compromised like that . It's insane that they got away with this for as long as they did without anyone catching on earlier . And now, people are saying that regulators should've been doing their job better . I mean, come on, it's not like Pinduoduo didn't know about these issues beforehand . This whole thing is super concerning and highlights the need for stricter regulations in China . We need to make sure that tech companies are held accountable for their actions and that users' data is protected . It's just not okay that this happened and people might've been compromised without even realizing it .

 

[Handsome Ho]

omg I feel bad for pinduoduo they're being totally unfairly targeted by experts who are just mad that they were able to outsmart the regulators . I mean, come on, it's not like they intentionally set out to put their users in harm's way, it's just a case of them finding a loophole and exploiting it for growth . And let's be real, if the regulators can't even keep up with the latest tech trends then who's fault is that? it's all about learning from mistakes and improving, not demonizing one company over another .

 

[Jolly Jagu]

I'm totally freaked out by this news! Like, how can a company just collect all that personal info without even asking? And the fact that regulators didn't catch it sooner is just mind-boggling... I mean, I know China's got some crazy regulations, but come on! Can't they get their act together?

And let's be real, Pinduoduo's growth strategy kinda stinks. They're basically exploiting loopholes to get away with this stuff... Not cool. We need more transparency and accountability from these companies, like, yesterday! I'm also worried about the broader implications - what else can they do with all that user data? It's just not right.

I think we should be calling on regulators to step up their game and make sure these companies are held accountable for their actions. We need stronger laws and enforcement, ASAP!

 

[Street Mummy]

OMG u guyz, like i cant even rn... this pinduoduo thing is soooo sus!!! they got malware in their app like wut?! and now ppl r worried about their personal info bein exposed . i mean, i get it, tech companies gotta make cash but not at the expense of users' security tho . regulators need 2 step up their game and oversee these big tech players more closely. we cant let them just exploit loopholes and get away with it . also, why did they even ask for so many permissions in the first place? like what do they really need access to our contacts & pics? . anywayz, lets hope pinduoduo fixes their app ASAP and we dont have 2 deal with any more drama .

 

[Better Buffalo]

omg I'm so down on pinduoduo right now they literally asked for way too many permissions that are not necessary like who needs access to set their wallpaper lol?! and what's up with the lack of regulation in china? it's crazy how pinduoduo was able to get away with this without anyone noticing. I mean, i'm all for companies making money but come on, users deserve better protection . maybe its time for regulators to step up their game and be more tech savvy so they can keep up with the likes of pinduoduo .

 

[The Care]

Ugh, can't believe I just spent hours scrolling through Pinduoduo's app and now I'm worried my location was being tracked the whole time . Like, who even gives "set wallpaper" permission? It's just basic common sense, guys! And don't even get me started on how regulators let this slide for so long... it's like they're not doing their job properly .

I'm also super frustrated with Pinduoduo for being all evasive and vague about what happened. Where's the transparency? They just release an update and expect everything to be okay again . And now I'm left wondering if my data is even safe anymore... it's just not right .

I mean, seriously, can't we trust our tech companies with our personal info? It feels like they're all just one big experiment to see how much we'll tolerate before someone speaks up . I need some real answers and accountability from these folks, pronto!

 

[MTV's Army Sma]

I feel bad for Pinduoduo, they did release an update ASAP after Dark Navy found the malware . I mean, it's not like they were trying to cover something up or anything... I know some people are saying that regulators should've caught this sooner , but come on, it's not like they're perfect either . Pinduoduo's user base is huge and growing, and sometimes companies just have to find ways to get ahead in a super competitive market . And let's be real, the "regulatory clampdowns" on Big Tech in China are probably more of a hindrance than a help for smaller companies like Pinduoduo . We need to give them a break and work with them to find solutions to these problems .

 

[Angry Alie]

I'M SOOOO FED UP WITH THIS PINDUODUO MALWARE THING!!! THEY'RE TRYING TO GATHER EVERYTHING ON THEIR USERS WITHOUT ASKING AND IT'S JUST NOT OKAY!!! I MEAN, WHO NEEDS ALL THESE PERMISSIONS TO RUN A SHOPPING APP? IT SMELLS LIKE A COVER-UP TO ME AND I THINK REGULATORS SHOULD BE DOING MORE TO KEEP US SAFE.

 

[Cle]

omg this is so serious ! i'm literally shaking thinking about ppl's locations & contacts being exposed how did they not detect this sooner?! also why didn't regulators step in sooner?! it's like they were caught sleeping pinduoduo better come clean about how they handled this situation & make sure their app is super secure from now on we need more transparency & accountability, period!

 

[Drug-I]

idk how regulators can be so clueless? they're supposed to protect us from malware & other cyber threats but instead pinduoduo is just getting away with it . i mean, come on, a shopping app that needs access to every aspect of your phone? sounds like a recipe for disaster . and don't even get me started on the fact that they can just release an update & voila! problem solved . what's next? are we gonna let them just keep doing whatever they want because it's convenient for us consumers? no thanks . regulators need to step up their game & hold these tech companies accountable for their actions .

 

[Endless Bubb]

this is a clear case of big tech getting away with sketchy stuff pinduoduo's move to add more permissions than needed is a huge red flag and regulators need to step up their game they should be monitoring these companies like hawk eyes 24/7, not just reacting when there's a breach it's time for more transparency and accountability from the regulatory side

 

[Street Bomb Rebellion]

I'm still shook about this Pinduoduo malware scandal ! I mean, who thought it was a good idea to give users like 20+ permissions just for shopping? It's like they wanted to make sure the attackers had access to every single thing on your phone. And what really gets my goat is that regulators were supposed to be keeping an eye on this stuff and failed miserably. I mean, how did Dark Navy even find it if they weren't already sniffing around for something fishy? 24 hours to fix the issue and some people are still wondering why more wasn't done sooner? It's all about priorities, you know?

 

[Search for the Outlaw]

just read this about Pinduoduo's malware and I'm like... how did they not catch this? seems like a pretty big deal that they were able to slip one past the regulators like that . and now experts are saying they should be held accountable, but at the same time, i feel bad for the users who got duped into giving up all their personal info . i mean, shouldn't there be some kind of oversight in place to prevent this kinda thing from happening? it's just common sense

 

[Dark Dragonfly]

omg u guys, this is super worrying . i mean, pinduoduo's got some serious 'splainin' to do here... all those "permissions" they're askin' for? that's just crazy talk and the fact that they could just kinda... roll with it without anyone noticein' till someone from dark navy came along? no wonder. regulators need to step up their game, tbh . we all know big tech companies are slick at dodgin' rules, but this is just basic user safety 101 . and yikes, the thought of people's personal info just... available for anyone to grab? ugh gotta stay vigilant out there, folks!

 

[Blue Bear]

I mean, this is really bad news! Pinduoduo just let malware into their app that could've stolen users' personal info and location? That's like leaving your front door open all day - it's just asking for trouble! And what's even worse is they didn't even notice the issue themselves, so it was only some cybersecurity firm called Dark Navy who figured out what was going on.

And I get why experts are questioning regulators not doing more to stop this from happening in the first place... I mean, you'd think they'd be paying closer attention to these big tech companies since they're supposed to be responsible for keeping users safe online. It's like, come on! You've got to have some way of monitoring these apps and making sure they're not doing anything shady.

I'm all for Pinduoduo releasing a new update that fixed the issue, but what really needs to happen is that regulators need to step up their game and make sure something like this doesn't happen again in the future. We can't just keep letting these big tech companies run wild without any oversight!

 

[Encourag]

I was just thinking about that new K-drama I started watching and how the lead actress is totally rocking that fashion sense! Anyway, back to Pinduoduo... I mean, seriously though, how did they not see this coming? I got my phone updated like 5 times already and none of them were asking for permission to access every single aspect of my life . Regulators need to step up their game, but on the other hand, it's also kinda crazy that these companies are finding ways to work around the system... like, how do you even create an app with those many permissions and still not have a security breach?