Temu App Poses Potential Data Risk for Consumers

The modern world is governed by apps. From communication to e-commerce, every aspect of our lives seems to be tied to digital platforms that promise convenience at the touch of a button. Among these apps, a newcomer has garnered significant attention lately. Temu, a discount shopping site with ties to China, has exploded in popularity in the U.S. But this popularity has brought a swarm of scrutiny and concerns about potential data risks associated with the platform. This blog post will explore the Temu data risks, the possible dangers of the Temu app, and whether it is safe to shop on Temu.

What Is Temu?

Temu (pronounced "tee-moo") is an e-commerce platform owned by the Nasdaq-listed Chinese company PDD Holdings, which also owns Pinduoduo, a shopping app known for selling everything from groceries to clothing. While Temu is a Boston-based operation, PDD is headquartered in Shanghai. Dubbed as a copycat of the fast-fashion label Shein, Temu has seen an explosive rise in the U.S market, surpassing giants like Instagram, WhatsApp, Snapchat, and Shein on the Apple App Store only 17 days after its launch in the U.S.

According to Apptopia data, over 50 million Americans have downloaded Temu since it launched in September 2022. You might recall seeing their expensive Super Bowl ads promising to let users "shop like a billionaire". It's also worth noting that Temu's global presence isn't limited to the United States; it launched in the U.K. in March, mere weeks after entering Australia and New Zealand. However, while its popularity can't be denied, important questions linger: is Temu safe, and is it safe to shop on Temu?

Data Risks & Controversies

The sudden success of Temu has not come without controversy. The U.S has accused Temu of posing possible data risks, particularly after its sister app Pinduoduo was pulled from Google’s app store due to the presence of malware on the Pinduoduo app that exploited vulnerabilities in Android operating systems. Company insiders said the exploits were utilized to spy on users and competitors, allegedly to boost sales. Pinduoduo requested as many as 83 permissions, including access to biometrics, Bluetooth, and Wi-Fi network information.

Temu is not as aggressive in its data requests as Pinduoduo, although the fact that Temu requests 24 permissions, including access to Bluetooth and Wi-Fi network information, is a cause for concern. These permissions might seem innocuous at first glance, but cybersecurity experts argue there is no need for an e-commerce app to store biometric data, and any request to do so should be treated with suspicion. Unlike passwords, biometric data like fingerprints cannot be changed, which makes them a lucrative target for cybercriminals.

Users should also question the need for e-commerce apps to access Wi-Fi information. If a user is connected to a corporate Wi-Fi, the data could provide a pathway for cybercriminals to infiltrate potentially sensitive information. The question then arises: why does an e-commerce app need such access?

The Bigger China Picture

The case of Temu is not an isolated one. Data risks associated with e-commerce platforms are part of a larger systemic problem. Chinese-owned apps face intense scrutiny in the U.S. over security concerns. The U.S.-China Economic and Security Review Commission has accused Temu and Shein of posing possible data risks. These platforms' reliance on U.S. consumers downloading and using their apps to curate and deliver products presents significant risks and challenges to U.S. regulations, laws, and market principles.

Though there's no solid proof that these firms share data with the Chinese government, the potential for such actions persists. We have previously discussed these concerns regarding the renowned app, TikTok. China's Cybersecurity Law, introduced in 2016 and enforced from June 2017, obligates Critical Information Infrastructure (CII) operators to provide unobstructed access to their data to the government and mandates that such data be stored exclusively within mainland China. Moreover, the 2012 Constitution of the Communist Party of China stipulates that senior members of the Chinese Communist Party (CCP) must be granted the opportunity to occupy leadership positions within public and private companies operating in China. By 2017, these government officials held roles in approximately 70 percent of China's 1.86 million privately-owned companies. These legislative tools currently being implemented by the Chinese government aim to advance their goal of achieving global economic supremacy. As such, there's concern in the U.S. that Temu and other apps linked to entities operating in China could potentially be contributing to this aim by sharing our data with the Chinese government, posing a potential threat to our economy and the privacy of our citizens.

Is Temu a Scam?

While the question, "is Temu a scam?" may be too harsh, it is clear that the app's data requests are concerning. Although Temu may not pose the same threats as social media platforms like TikTok or its sister app Lemon8, which can promote and demote content based on opaque metrics, the potential for misuse of collected data can't be ignored. Hence, we must ask ourselves: should we delete Temu?

Currently, there is no clear answer to this. While no evidence directly proves Temu as unsafe or a scam and the majority of users have reported receiving the items they ordered without issue, the concerns raised about the data it collects cannot be dismissed. In a world that is becoming increasingly digitized, data privacy and security are paramount. Hence, users should exercise caution when downloading and using apps like Temu. Until better regulatory measures are put in place to protect user data, consumers should remain vigilant and take proactive steps to protect their information.

Conclusion

In the end, while the popularity of apps like Temu presents a new avenue for consumers to “shop like a billionaire”, it is essential to remember that these conveniences come with potential risks. The dangers of the Temu app, as well as other e-commerce platforms, lie in the data they collect and how they use it. The question, "Is the Temu app safe?" therefore, does not have a simple yes or no answer. Until more is known, consumers should prioritize their data security and privacy and proceed with caution.

Compass IT Compliance stands at the forefront of the information technology (IT) security sector, specializing in comprehensive audits, stringent compliance assessments, and robust security solutions, thereby enabling organizations to secure their most critical data assets. Our principal objective is to foster enduring partnerships with each of our clients, assisting them in cultivating a security-oriented culture within their organizations, whilst ensuring continual compliance with a spectrum of federal, state, and industry-specific regulations.