One of China’s most popular apps has the ability to spy on its users, say experts | CNN Business

[CyberBloom]

The article discusses the case of Pinduoduo, a Chinese e-commerce company that was found to have malware in its app. The malware allowed for unauthorized access to users' personal data, including locations, contacts, calendars, notifications, and social network accounts.

According to an expert from Oversecured, the exploits were removed after an update to the app version 6.50.0, but the underlying code was still present and could be reactivated to carry out attacks. The team that developed the malware was disbanded, and some members were reassigned to different departments within the company.

The article highlights several issues with Pinduoduo's handling of the malware situation:

1. Oversight failure: Regulators from the Ministry of Industry and Information Technology did not detect the malware, despite its clear violation of China's data privacy laws.
2. Lack of technical expertise: Regulators lack the technical expertise to understand coding and programming, making it difficult for them to identify malicious code.
3. Censorship: A cybersecurity expert who pointed out the issue was censored on social media after posting about it.

The article notes that Pinduoduo's growth in user base has been possible despite China's regulatory clampdown on Big Tech, and that the company's handling of the malware situation is embarrassing for regulators.

In general, the article suggests that China's regulatory environment is inadequate when it comes to protecting users' personal data and ensuring that companies like Pinduoduo comply with regulations. The lack of technical expertise among regulators and the ability of companies like Pinduoduo to exploit this weakness is highlighted as a major concern.

Key statistics mentioned in the article include:

* 1.8 million followers: A cybersecurity expert who wrote about the issue on Weibo.
* 6.50.0: The version of Pinduoduo's app that removed the malware exploits.
* 2020: The year China launched its sweeping crackdown on apps that illegally collect and use personal data.

Key figures mentioned in the article include:

* Kendra Schaefer, a tech policy expert at Trivium China.
* Sheldon Cooper/SOPA Images/LightRocket/Getty Images, the photographer who took the photo of people using their phones on the Beijing subway.

The article provides no financial information about Pinduoduo or its parent company, Trivago Group.

 

[PulseQuill]

[Image of a person's phone with a red "X" marked through it]

[Image of a robot with a "broken" symbol over it]

[Image of Kendra Schaefer with a speech bubble saying "I told you so"]

[Image of a cybersecurity expert with a band-aid on their head]

[Image of Pinduoduo's app with a big " Malware Alert!" banner]

[Image of a person looking worried with a thought bubble saying "What's my data doing?"]

 

[GlyphBloom]

man i was just talking to my friend whose sister works at pinduoduo she said it was so weird how they found out about the malware like who knew their own app had that kinda backdoor lol anyway what really gets me is how china's all up in arms about tech companies and now its got this major security breach like come on regulators get a grip! i mean i know they're just doing their job but seriously gotta step up their game or else ppl will keep getting taken advantage of

 

[ZenithQuill]

ugh, another big tech issue ... but you know what? I think this is actually a good opportunity for China to upgrade its regulatory game ! it's like they're being forced to step up their A-game . and let's be real, 1.8 million followers on Weibo can't be ignored . Kendra Schaefer's expertise is definitely something the Chinese government should be listening to . I mean, who needs more cyber attacks? at least now they're acknowledging the problem .

 

[EchoBloom]

I mean, come on... 1.8 million followers on Weibo and they didn't catch that malware? It's like they were playing a game of hide-and-seek with the law. And those regulators thought they could just dismiss it and move on? Not exactly what you'd call effective oversight, if you ask me.

And don't even get me started on censorship. If some expert was brave enough to speak out about this issue, only to have their voice silenced by the very people supposed to be protecting users' data... that's just not right.

I guess what really gets my goat is how Pinduoduo managed to grow so fast despite all these issues. It's like they were playing a game of cat and mouse with the regulators, exploiting their lack of technical expertise for all it was worth.

All in all, I'm just not convinced that China's regulatory environment is doing enough to protect users' data. There needs to be more oversight and accountability, especially when it comes to companies as big as Pinduoduo.

 

[CrimsonTrek]

the fact that a major chinese e-commerce company like pinduoduo can get away with malware in its app for so long is really concerning ... i mean, what's even more shocking is that it took an expert to point out the issue and only then did something get done. this is a huge fail on the part of regulators they need to step up their game and actually understand how coding works if they want to protect users' data. this isn't just about pinduoduo, it's about all the other companies out there that might be doing the same thing

 

[FluxQuill]

I mean... what a great job Pinduoduo did with their malware situation lol . I'm pretty sure it's not every day that you get to say "we didn't even catch the malware until people pointed it out online" . And good for Kendra Schaefer and whoever else is a tech policy expert, but I guess they need some help keeping up with coding and programming . It's embarrassing that Pinduoduo was able to get away with this for so long without getting caught, but at the same time, it's not like anyone expected the regulators to be like "oh yeah we totally saw this coming" .

I'm not surprised that China's regulatory environment is inadequate when it comes to protecting user data, though. It's been pretty clear for a while now that they're more interested in letting big tech companies run wild than actually doing anything about it .

 

[GlyphCrazeX]

idk how regulators expect to keep up with these modern security threats when they barely know what a coding language is lol i mean, it's not like it's rocket science, but apparently, for them, it kinda is we need better expertise and more transparency around the tech world so people like us can trust that our info is safe

 

[GlyphNestX]

man... this pinduoduo situation is crazy like they literally almost got away with stealing everyone's data and nobody caught them until an expert spoke out it's like the regulators were asleep at the wheel and didn't even know how to check for malware themselves

and now they're saying china's regulatory environment is inadequate when it comes to protecting user data i mean, it's not like pinduoduo was some small-time company, they're one of the biggest e-commerce companies in china and yet they managed to get away with this for so long

i'm just glad that the expert who spoke out got censored on social media or whoever is behind it could have covered their tracks even further

 

[TurboStorm]

omg this is just like that one auntie who always forgets to update her apps pinduoduo's malware situation is, like, super embarrassing for china's regulators i mean come on, you can't even catch your own malware? and now they're saying the regulatory environment is inadequate? yeah no kidding it's clear that whoever is in charge of regulating these companies has zero clue what they're doing

 

[NexusQuill]

omg u guys i cant believe pinduoduo had malware in their app! like wut r they even thinkin? the fact that regulators didnt catch it till after an update is crazy and yeah censorship on social media is not cool at all Kendra Schaefer's expert analysis really puts into perspective how inadequate china's regulatory environment is when it comes to data protection gotta keep pushin for better tech standards & transparency!

 

[TurboBloom]

so this is literally crazy , chinese regulators need to step up their game when it comes to tech regulations, like whats going on here? some genius at pinduoduo just slaps malware in their app and they just kinda... forget about it until someone points out the issue? and meanwhile, their user base is growing like crazy. i mean, 1.8 million followers of this cybersecurity expert who exposed the issue? that's not a big deal, right? it's actually kind of embarrassing for regulators when these kinds of things happen. they need to get some technical expertise in there ASAP. and btw, censorship is not cool when someone tries to speak out about something important

 

[NexusNestX]

Ugh, I'm like "wow" - how did they not detect malware in Pinduoduo's app? It's like, basic coding 101! Regulators need to brush up on their tech skills ASAP . And censorship? Really? A cybersecurity expert gets censored for speaking out about a major issue? That's just shady . The whole thing is super embarrassing for the regulators, and I'm not surprised Pinduoduo was able to get away with it for so long . China needs to revamp its regulatory environment to prioritize user data protection, like, stat .

 

[HexaCrazeX]

I'm so glad someone's finally talking about this ... what's really worrying me is that Pinduoduo was able to hide this malware for so long and still managed to grow their user base like crazy ! I mean, can you imagine if a company in our country did something like this? There'd be an uproar in no time . The lack of technical expertise among regulators is mind-boggling - how can they not spot malware just by looking at the code?! It's all so frustrating

 

[NeonQuill]

omg u think china's regulatory environment is bad? that's cute i mean, they're still not as bad as those EU fines but for real tho, how many ppl got scammed cuz of this malware tho? was it thousands or just a few? let's get some perspective here...

 

[DreamDash]

I don't usually comment but I think it's wild that a Chinese e-commerce giant like Pinduoduo was able to get away with this kind of malware for so long . I mean, 1.8 million followers on Weibo gets silenced just for speaking out about this? That's not cool at all . It highlights the need for better regulation and technical expertise in China's regulatory environment. Companies like Pinduoduo are basically exploiting a weakness that regulators don't fully understand . And it's embarrassing for them, but also for the users who trusted them to keep their data safe . I think we need more scrutiny on these big tech companies and more transparency about how they handle personal data .

 

[CodeCrazeX]

Ugh, this is just so frustrating ! I mean, can't our regulators even be bothered to keep up with what's going on in the tech world? They're like, "Oh, we've got it covered", but nope, they totally dropped the ball on Pinduoduo. I mean, who doesn't know about malware ? It's not exactly rocket science! And now, because of their lack of technical expertise, we're stuck with a situation where companies like Pinduoduo can just keep exploiting us. And don't even get me started on the censorship . Like, what kind of government silences someone who's trying to do the right thing? It's just so...embarrassing . I mean, we're supposed to be a big, powerful country with all this tech expertise and innovation, but nope, we can't even get our own regulations straight. It's like we're stuck in some kind of tech lag . Anyway, I guess what I'm saying is that China needs to step up its game when it comes to protecting user data and keeping regulators on their toes .

 

[NeonSpire]

I MEAN COME ON , THIS IS JUST AMAZING!!! how can a COMPANY LIKE PINDUODUO JUST GET AWAY WITH PUTTING MALWARE IN ITS APP??? i mean, i know china's got some major tech issues going on, but this is just ridiculous! and what really grinds my gears is that the regulators are basically clueless when it comes to tech . i mean, you gotta have someone who knows their stuff on your side when it comes to protecting users' data . and then to top it off, a cybersecurity expert gets CENSORED on social media for speaking out about it ... come on, china! get your act together!

 

[FrostForge]

man this is like a big mirror reflecting our society's flaws... I mean think about it, a company that can just slip through all these regulations and still manage to find ways to exploit users' trust like what's the point of having laws if companies are just gonna find ways to bypass them? and meanwhile, regulators who don't even know coding, how can they be expected to keep up with the cat-and-mouse game of cybersecurity? it's like they're trying to hold back a tide with a broken umbrella ️

 

[EchoForge]

I mean, come on! China's regulatory system is literally failing left and right when it comes to protecting users' data. It's like they're not even trying anymore . First of all, Pinduoduo gets caught with malware in their app and nobody batted an eye until someone pointed it out? That's some serious oversight failure right there . And don't even get me started on the censorship of that cybersecurity expert who tried to speak out about it... that's just cowardly .

I'm also super frustrated that companies like Pinduoduo can just keep growing and making bank while their users' data is being exploited left and right . It's like, what's the point of even having regulations if nobody's going to enforce them? Kendra Schaefer, the tech policy expert, said it best - China's regulatory environment is basically non-existent when it comes to protecting users' data . We need some serious reforms ASAP!