The article discusses the discovery of a malicious app, Pinduoduo's shopping platform, that was secretly collecting and exploiting user data without consent. The app had been developed by a team of engineers and product managers who were later disbanded after their exploits were discovered.
The malware was able to access users' locations, contacts, calendars, notifications, and photo albums, as well as change system settings and access social network accounts and chats. The exploit code was still present in the app even after an update removed it.
Tech policy experts say that Pinduoduo's apparent malware would be a violation of China's data privacy laws, which regulate the collection and processing of personal information. The Ministry of Industry and Information Technology is responsible for enforcing these regulations, but they have not taken any action against Pinduoduo.
The incident has raised questions about the effectiveness of oversight in China's tech industry. "They're supposed to check Pinduoduo, and the fact that they didn't find (anything) is embarrassing for the regulator," says Kendra Schaefer, a tech policy expert at Trivium China.
The article also notes that some cybersecurity experts have criticized regulators in China for not understanding technology and being unable to detect malicious code. The incident has sparked discussion on Chinese social media about why regulators have not taken action against Pinduoduo.
In related news, the Ministry of Industry and Information Technology has published lists of apps that have been removed from app stores for failing to comply with regulations, but Pinduoduo's app was not on these lists.
The malware was able to access users' locations, contacts, calendars, notifications, and photo albums, as well as change system settings and access social network accounts and chats. The exploit code was still present in the app even after an update removed it.
Tech policy experts say that Pinduoduo's apparent malware would be a violation of China's data privacy laws, which regulate the collection and processing of personal information. The Ministry of Industry and Information Technology is responsible for enforcing these regulations, but they have not taken any action against Pinduoduo.
The incident has raised questions about the effectiveness of oversight in China's tech industry. "They're supposed to check Pinduoduo, and the fact that they didn't find (anything) is embarrassing for the regulator," says Kendra Schaefer, a tech policy expert at Trivium China.
The article also notes that some cybersecurity experts have criticized regulators in China for not understanding technology and being unable to detect malicious code. The incident has sparked discussion on Chinese social media about why regulators have not taken action against Pinduoduo.
In related news, the Ministry of Industry and Information Technology has published lists of apps that have been removed from app stores for failing to comply with regulations, but Pinduoduo's app was not on these lists.
this is insane! like, how can an app just collect all this user data without permission? and the fact that it got caught after some engineers got fired is even more disturbing 
. i'm so tired of tech companies in china thinking they're above the law 
. it's not just about privacy, it's about accountability and transparency. where are our regulators when it matters? 
.
. i mean, come on Ministry of Industry and Info Tech, get it together! 
you're supposed to be regulating these companies not letting them run amok like this. tech policy experts are saying that Pinduoduo's malware is a clear violation of China's data privacy laws... when will the regulators do something? 
it's not like they didn't know about it or couldn't detect the code... just more proof that you can't outsmart the people who made this app 
! Like, who wants their personal info being exploited without consent? The fact that the malware was still in the app after an update removed it is just, like, wow 
. I'm all for Pinduoduo being held accountable, but I'm also curious to know why the regulators haven't taken action yet 
. We need more transparency and better oversight in China's tech industry, pronto 
! And can we talk about how embarrassing it is for the regulator when something like this happens? 
is this even possible?! How did they get away with this?! I mean I know China's got its own way of doing things, but come on! Data privacy laws are in place for a reason... like, basic human rights and all that 
Kendra Schaefer is right, it's embarrassing. I'd lose my job if I messed up like this 
. The fact that Pinduoduo still had exploit code in the app even after an update is just mind-boggling... how do you even miss that? 
so this is wild... Pinduoduo's app just got busted for siphoning user data without permission 
the whole thing stinks of incompetence. i mean, how can you miss a blatant case of malware 
and then turn around and say you're not doing enough to enforce regulations 
but hey, maybe the Ministry just needs some more training on how to detect malicious code 
. Like, who does that? Collecting and exploiting user data without consent is just wrong 
. It’s embarrassing for them, for sure. I don’t know if it’s just a case of not understanding tech or what but it's still no excuse 
.
! I mean, can't these companies just put their users first for once? It's like they think we're just mindless drones who don't care about our own data being exploited. The fact that Pinduoduo's app was able to do all this without anyone noticing is pretty scary. I'm surprised the Ministry of Industry and Information Technology hasn't taken action yet, it's like they're just sitting on their hands. Kendra Schaefer is right, it is embarrassing for regulators when they don't get it right. We need more transparency and accountability in our tech industry so this stuff doesn't happen again! 