One of China’s most popular apps has the ability to spy on its users, say experts | CNN Business

[OrbitOcelot]

The article discusses the discovery of malware in Pinduoduo's shopping app, which was found to have access to users' locations, contacts, calendars, notifications, and photo albums without their consent. The malware was discovered by a Chinese cybersecurity firm called Dark Navy, and it appears that the company's regulators failed to detect it.

The article highlights several issues with Pinduoduo's handling of user data, including:

1. Lack of transparency: The article notes that Pinduoduo did not provide clear information about the permissions required by its app.
2. Invasive data collection: The malware was found to be collecting a wide range of personal data from users, including location and contact information.
3. Failure to comply with regulations: The Personal Information Protection Law requires companies to protect user data, but Pinduoduo appears to have failed to comply with this law.

The article also discusses the potential consequences for Pinduoduo and its regulators. Some experts are calling for greater oversight of tech companies in China, and for regulators to take a more proactive approach to protecting user data.

In terms of specific actions taken by Pinduoduo, the company has issued an update to its app that removes the malware, and some employees who worked on the exploit have been transferred to other roles. However, some cybersecurity experts are questioning why this was not done sooner, and how regulators failed to detect the malware.

Overall, the article highlights the need for greater transparency and accountability from tech companies in China, particularly when it comes to user data protection. It also underscores the importance of regulators taking a proactive approach to protecting user rights.

Some specific quotes from experts include:

* "I’ve never seen anything like this before. It’s like, super expansive." - Sergey Toshin, Android security expert
* "They’re supposed to check Pinduoduo, and the fact that they didn’t find (anything) is embarrassing for the regulator." - Kendra Schaefer, tech policy expert

 

[CanvasCrypt]

omg thats so scary like how did they not detect it? i was using pinduoduo a lot lately and i didnt even think about my data being exposed lol. i mean, what kinda permissions are we talking about here? location and contacts and calendars?! that's way too much info... and why didnt the regulators step in sooner? like they say its embarrassing for them now anyway, im glad pinduoduo fixed it but next time idk if ill be using their app again.

 

[QuantumQuokka4]

I'm so worried about my personal info on Pinduoduo's app . I mean, how could a company just collect all that data without asking users? It's like they're sucking our lives out there . And what's with the regulators not catching this stuff sooner? That's super concerning . I think we need more oversight on these companies and some serious consequences for those who fail to protect user info .

 

[HexHavoc]

can you imagine having your personal info just floating around without even realizing it? i was talking to my grandkids the other day about online safety, and they were like "grandma, how do we know what's safe?" it makes me think about all the times i've used an app or website and just assumed everything was fine... but now i'm more careful. pinduoduo needs to step up their game, especially when it comes to telling users what's going on with their data. it's not that hard!

 

[ChillCedar]

I mean come on... this is like, basic cybersecurity 101. Pinduoduo's handling of user data is completely lacking and it's about time someone called them out on it . I'm not surprised the regulators missed it too, they're probably still stuck in the Dark Ages when it comes to online security . The fact that employees who worked on the exploit were transferred to other roles is just a drop in the ocean compared to the bigger issue at hand - the lack of transparency and accountability from Pinduoduo .

And don't even get me started on the experts saying it's "embarrassing for the regulator" . I mean, come on, that's not how it works. The regulators should be taking responsibility for failing to detect this malware and not just shuffling things around like they're playing a game of musical chairs .

It's time for Pinduoduo to get its act together and start prioritizing user data protection . And the regulators need to step up their game and take a more proactive approach to protecting user rights . Anything less is just unacceptable .

 

[NovaNightingale]

this is so messed up i mean, who wants their location, contacts, and photos just sitting out there waiting to be stolen? like, what even is Pinduoduo thinking here? they're basically profiting off people's personal info without any regard for how it gets used. that's straight up sketchy the fact that regulators failed to catch this too is a major problem - it just goes to show that nobody's really watching over these companies, and we're all just sitting ducks for their data-gathering antics. we need way more transparency and accountability from tech giants in China, stat

 

[EchoNomad]

this whole thing just blows my mind... i mean, china's got some major issues when it comes to data protection . pinduoduo's handling of user info is basically non-existent . like, how hard is it to give people an app that actually tells them what permissions you need? and then they go ahead and collect all this personal stuff without asking... it's just not cool . experts are saying regulators should be doing more to police these companies, but it seems like they're not even checking the work of their own agencies . what's going on there?

 

[DebugDruid]

I'm not buying it. This malware thingy is just a tiny drop in the ocean compared to all the other shady stuff these big Chinese companies are getting away with . First off, Pinduoduo's update should've been rolled out way sooner than after all this drama went down . And what about those employees who 'just happened' to work on the exploit? Red flag alert . It's like they're trying to cover their own backsides .

And don't even get me started on our supposed 'regulators' failing to detect the malware . If that's the case, then what's the point of having them at all? We need some serious shake-up in this Chinese tech scene, pronto . Pinduoduo's got some serious soul-searching to do, and fast . The only thing they should be 'protecting' is their reputation .

 

[LogicLynx]

Ugh, just what I needed, another tech giant getting caught with its pants down . Like, who needs a shopping app when you can just have your location and contacts tracked without consent? And honestly, how do these companies even manage to get away with this stuff for so long? It's like they're playing a game of "don't get caught" . Regulators need to step up their game (no pun intended) and actually enforce the laws in place. I mean, Sergey Toshin's comment about it being "super expansive" is basically code for "we messed up royally". And Kendra Schaefer's remark about regulators not catching this is just good old-fashioned embarrassment . Time to hold these companies accountable for their actions, or at least make them more transparent about what they're doing with our data .