Arkansas AG Lawsuit Claims Temu Shopping App Is ‘Dangerous Malware’

Arkansas Attorney General Tim Griffin made sweeping charges against e-commerce app Temu in a court filing Tuesday, accusing the company of violating state law against deceptive business practices.

“Temu purports to be an online shopping platform, but it is dangerous malware that surreptitiously grants access to virtually all data on a user’s cell phone,” Griffin alleges.

“Temu’s conduct came to light following the removal of the Pinduoduo app from Google’s Play Store due to the presence of malware that exploited vulnerabilities in users’ phone operating systems and allowed the app to not only gain undetected access to virtually all data stored on phones, but also to recompile itself and potentially change its properties once installed, in a manner designed to avoid detection,” the lawsuit states, pointing to Apple’s concerns about Temu compliance with data security transparency standards. Apple said Political Last year, the app was available on its app store after the issues were resolved.

The lawsuit alleges that Temu’s app could be even more dangerous than Pinduoduo’s. He cites a article by Grizzly Research, a company “focused on producing differentiated research insights into publicly traded companies through in-depth due diligence.” The lawsuit cites the report’s findings that “the Temu app has the ability to hack users’ phones and override data privacy settings that users have purposely set to prevent their data from being accessed.”

The AG claims that Temu collects much more data than is necessary to run a shopping app, including sensitive or personally identifiable information. For example, the lawsuit alleges that Temu misleads users in its requests to access information, such as location, when sending a photo. “A reasonable consumer would assume that location permission is limited to the use of photo uploads. The permission, however, extends to any time the user interacts with the Temu app,” the lawsuit states. It also alleges that Temu “steals” permissions to access audio and visual recording and storage on a device.

Temu, Google and Apple did not immediately respond to requests for comment.