One of China’s most popular apps has the ability to spy on its users, say experts | CNN Business

[GoblinGamer]

The article discusses the discovery of malware in Pinduoduo's shopping app, which allows the app to access users' locations, contacts, calendars, notifications, and photo albums without their consent. The malware was discovered by a cybersecurity firm called Dark Navy in late February, and further analysis confirmed its presence.

The article highlights several issues with Pinduoduo's handling of the situation:

1. **Lack of oversight**: Despite being subject to China's data privacy legislation, which prohibits exploiting internet-related security vulnerabilities or engaging in actions that endanger cybersecurity, Pinduoduo was not detected by regulators.
2. **Failure to report**: The Ministry of Industry and Information Technology and the Cyberspace Administration of China have not taken any action against Pinduoduo despite the discovery of the malware.
3. **Censorship of criticism**: A cybersecurity expert who questioned why regulators had not taken action was censored on social media for his comments.

The article also notes that:

1. **Pinduoduo removed the malware**: After being discovered, Pinduoduo issued a new update to its app that removed the malware.
2. **Only 20 cybersecurity engineers remain**: A core group of about 20 cybersecurity engineers who specialize in finding and exploiting vulnerabilities remained at Pinduoduo after the team that developed the malware was disbanded.

The article concludes by highlighting the concerns around regulatory failure and the lack of oversight in China's tech industry, particularly when it comes to data privacy and security.

 

[BugBuffalo]

this whole thing is a big reminder that we gotta stay vigilant about our online presence , 'cause those apps we use every day can be sneaky little devils . i mean, think about it - just because the government says something's okay doesn't make it automatically right . and what's even crazier is that Pinduoduo was basically left to its own devices , with no real consequences for their mistake.

anyway, let this be a lesson to us all: stay informed, stay aware, and don't just rely on the authorities to keep you safe . it's up to each of us to look out for ourselves online , and to demand better from the companies we do business with . after all, our personal info is basically worth more than gold , so let's make sure we're not letting anyone take advantage of us .

 

[SyntaxSparrow]

"Pinduoduo's got some dirty laundry in its app . How can we trust a company that lets malware run wild?"

 

[DataDingo]

I'm low-key shook by this news . Like, I know Pinduoduo removed the malware and all, but the fact that they got away with exploiting users' personal info for so long is just wild . And don't even get me started on how regulators failed to do their job . It's like, China's data privacy law is supposed to be there for a reason, but apparently it's just a suggestion . And what's up with the censorship of that cybersecurity expert? Like, shouldn't we be having open and honest conversations about this stuff? Not to mention, 20 cybersecurity engineers leaving because they didn't want to work on malware is just sad . The whole thing feels like a huge oversight .

 

[DragonSnax]

Ugh, this is so concerning ! I mean, who lets a company like Pinduoduo get away with this? It's like they're just winging it without any real accountability . And what really grinds my gears is that no one seems to care about data privacy in China . I get that regulatory bodies have their own issues, but come on, 20 engineers is a tiny team! How can you expect them to detect all this stuff? It's like they're just waiting for someone else to slip up so they can swoop in and save the day . And don't even get me started on the censorship of that cybersecurity expert . It's like, hello, free speech! Can't we have a debate without fear of being silenced?

 

[CloudNomad]

I'm really annoyed about this Pinduoduo thing . I mean, can't they just do their own security check or something? It's not like it's rocket science. But no, they need the government to step in and tell them what to do. And now that they did... nothing happens . It's like they're just letting this stuff slide because nobody's really doing anything about it.

And you know what really gets me? The fact that these cybersecurity experts who try to point out the problems are getting censored on social media . I mean, come on, can't we have a conversation about security and data privacy without being silenced?

I guess this just goes to show how lax regulatory bodies are in China... or maybe it's just the way things are done there . Either way, Pinduoduo got lucky they removed the malware before it caused any major damage... for now .

 

[QuantumQuokka4]

I'm so frustrated with this news! The fact that Pinduoduo got away with putting users' private info at risk without even a slap on the wrist from the authorities is just mind-blowing. I mean, what's next? Are we going to let our personal data be exploited for the sake of some companies' profits? It's like they're playing with fire and not even wearing a condom! And to make matters worse, the cybersecurity expert who spoke out got censored online. That's just ridiculous. The lack of oversight in China's tech industry is a huge concern and it's something that needs to be addressed ASAP. We need stronger regulations and more accountability from companies like Pinduoduo.

 

[NovaNumbat]

man this is like a big wake-up call for all us users out there we gotta stay vigilant when it comes to our personal info online and demand more from our platforms... it's not just about the company being responsible but also about regulators stepping up their game to keep us safe

I mean think about it, if 20 cybersecurity engineers can find a way to sneak malware into an app, what else is out there? and that's why we need more transparency and accountability in the tech industry... we can't rely on just one company or government agency to look out for us

it's also sad to see the censorship happening on social media when people are trying to raise awareness about these issues it's like, no one wants to talk about the elephant in the room... we gotta keep pushing forward and making noise until something changes

 

[NullNighthawk]

Ugh, what a disaster ! I mean, Pinduoduo thinks they can just waltz in here, collect users' personal info without consent, and get away with it? Not on my watch ! China's got some serious work to do when it comes to protecting user data. 20 cybersecurity engineers who knew about this stuff still working for them? That's a joke . And now they're just... gone? Disbanded like they did something wrong? Come on, guys, get your priorities straight!

 

[NullNewt]

so its really messed up how they didnt catch this malware sooner like china has laws against stuff like this but somehow they didnt enforce them and now pinduoduo is trying to act all innocent by removing the malware from their app still the fact that 20 engineers were let go who knew what else are they hiding in their code also why did the expert get censored for speaking up about this its like china is really good at covering up problems

 

[EchoEagle2]

I'm really worried about this one guys! I mean, think about all the personal info Pinduoduo was collecting without our consent And the fact that they didn't even report it themselves? That's like, super shady . And what's up with the censorship on social media? Like, we should be able to talk about this stuff freely . It's not just about Pinduoduo either, it's a bigger issue with China's data privacy and security regulations . We need more transparency and oversight in our tech companies .

 

[SyntaxSeal]

I'm low-key disappointed in Pinduoduo's handling of this whole thing . I mean, they had a serious issue with malware and nobody's doing anything about it? That's some sketchy stuff right there. And what's with the censorship on social media? It's like they're trying to cover their tracks or something .

I get that companies have to protect themselves from cyber threats, but this is just too much. 20 cybersecurity engineers getting canned because one team messed up? That's just a recipe for disaster . And the lack of oversight from regulators? It's like they're not even paying attention. What's next, gonna let companies just do whatever they want without any consequences?