Fruit and malware: Google suspends the online shopping app Pinduoduo
Google has suspended apps from Chinese online shopping service Pinduoduo on suspicion that they contain malware. Google Play Protect sends alerts to users who already have the Android apps installed. Bloomberg News reports that versions of the Pinduoduo app that were released outside of the Play Store are affected. In recent weeks, Chinese security researchers have claimed that Pinduoduo’s Android apps contain spyware to monitor users.
With around 788 million annual active users, Pinduoduo is one of the most popular Chinese online shopping services. Originally, the app became popular in China’s poorer regions with low prices for agricultural products and other groceries. When users open the app, they can browse through different product categories or select products recommended by the app. After a product has been selected, the purchase usually takes place in groups. For example, users can use the WeChat messaging service to involve their friends in the purchase – the economies of scale are intended to keep prices low.
According to TechCrunch, several Chinese security researchers had examined Android apps from the company PDD Holdings. On Github, they logged alleged zero-day exploits in Pinduoduo’s APK file. Now Google Play Protect is supposed to block the installation of these versions, with a warning that the app in question is trying to circumvent Android’s security protection. Pinduoduo founder Colin Huang is a former Google employee.
An anonymous security researcher told TechCrunch that the malware-infected files were also apps available on Samsung, Huawei, Oppo, and Xiaomi’s proprietary app stores. Chinese users cannot get their apps from the Google Play Store because the “Great Firewall of China” blocks the application.
Concerns about the security of Chinese apps are increasing. For example, a study shows that apps for smartphones purchased in China convey more data than usual to manufacturers and developers. The US Department of Justice and the FBI are currently investigating possible data abuse on TikTok. The EU Commission is also taking action against the app – and bans TikTok on service devices for security reasons.