The article reports on a recent discovery of malware in the popular Chinese shopping app Pinduoduo. The malware, developed by a team of engineers and product managers at Pinduoduo, allowed the company to access users' personal data without their consent. The exploits were removed after a report by a Chinese cybersecurity firm, but not before they had been used to gain unauthorized access to users' locations, contacts, calendars, notifications, and photo albums.
The discovery of the malware has raised concerns about the oversight failure of regulatory bodies in China, particularly the Ministry of Industry and Information Technology. The ministry is supposed to check apps like Pinduoduo for compliance with regulations, but it did not find any issues with the app.
Tech policy experts say that Pinduoduo's apparent malware would be a violation of Chinese data protection laws, which were passed in 2021. The Personal Information Protection Law stipulates that no party should illegally collect, process or transmit personal information, and that companies must notify regulators if they find security vulnerabilities.
The discovery of the malware has also sparked debate on social media in China, with some cybersecurity experts questioning why regulators have not taken action. One expert wrote a viral post on Weibo, saying that "probably none of our regulators can understand coding and programming" and that they should be able to spot malicious code when it is presented to them.
The article concludes by noting that CNN has reached out to the Ministry of Industry and Information Technology and the Cyberspace Administration of China for comment.
Key points:
* A team of engineers and product managers at Pinduoduo developed malware that allowed the company to access users' personal data without their consent.
* The exploits were removed after a report by a Chinese cybersecurity firm, but not before they had been used to gain unauthorized access to users' locations, contacts, calendars, notifications, and photo albums.
* The discovery of the malware has raised concerns about the oversight failure of regulatory bodies in China.
* Tech policy experts say that Pinduoduo's apparent malware would be a violation of Chinese data protection laws.
* The Ministry of Industry and Information Technology is supposed to check apps like Pinduoduo for compliance with regulations, but it did not find any issues with the app.
* The discovery of the malware has sparked debate on social media in China, with some cybersecurity experts questioning why regulators have not taken action.
The discovery of the malware has raised concerns about the oversight failure of regulatory bodies in China, particularly the Ministry of Industry and Information Technology. The ministry is supposed to check apps like Pinduoduo for compliance with regulations, but it did not find any issues with the app.
Tech policy experts say that Pinduoduo's apparent malware would be a violation of Chinese data protection laws, which were passed in 2021. The Personal Information Protection Law stipulates that no party should illegally collect, process or transmit personal information, and that companies must notify regulators if they find security vulnerabilities.
The discovery of the malware has also sparked debate on social media in China, with some cybersecurity experts questioning why regulators have not taken action. One expert wrote a viral post on Weibo, saying that "probably none of our regulators can understand coding and programming" and that they should be able to spot malicious code when it is presented to them.
The article concludes by noting that CNN has reached out to the Ministry of Industry and Information Technology and the Cyberspace Administration of China for comment.
Key points:
* A team of engineers and product managers at Pinduoduo developed malware that allowed the company to access users' personal data without their consent.
* The exploits were removed after a report by a Chinese cybersecurity firm, but not before they had been used to gain unauthorized access to users' locations, contacts, calendars, notifications, and photo albums.
* The discovery of the malware has raised concerns about the oversight failure of regulatory bodies in China.
* Tech policy experts say that Pinduoduo's apparent malware would be a violation of Chinese data protection laws.
* The Ministry of Industry and Information Technology is supposed to check apps like Pinduoduo for compliance with regulations, but it did not find any issues with the app.
* The discovery of the malware has sparked debate on social media in China, with some cybersecurity experts questioning why regulators have not taken action.
i mean we all know china needs to step up its tech regulation game but it's crazy that this kind of thing can happen on one of the most popular shopping apps in the country 
like how did no one notice this was going on? it sounds like the ministry is just not doing its job or maybe they're getting paid off by pinduoduo lol who knows but what we do know is that chinese data protection laws are supposed to protect users and companies need to take security seriously 
It's not like Pinduoduo did anything wrong, per se, but they definitely broke some rules, and now there are questions about how that happened in the first place. Shouldn't regulators be checking apps for vulnerabilities all the time? I don't think so... 
It just highlights how lax the oversight can be in certain situations. We need to make sure that our apps are being thoroughly vetted for security issues, not just left up to individual companies to sort out themselves 
How do we expect anyone to trust these apps when they're like this? 
The regulators are supposed to be on top of this stuff, but apparently not. It's like they're saying "we don't know coding" or something 
. It's time for some real accountability 
. I mean, this is just another example of how big companies are pushing boundaries and not being held accountable for their actions. I thought we were supposed to be protected by regulations, but it looks like Pinduoduo's malware slipped right through the cracks.
. I just hope our kids' data is protected and not being used against them.