Merely a week after Google flagged and suspended the Pinduoduo app from the Play Store, security researchers at Kaspersky Lab have identified and reported the malicious codes found in the app.
Researchers from Kaspersky, drawing on earlier research by Chinese cybersecurity analysts, have pointed out that the app could undermine user privacy and data security by elevating its own privileges and exploiting system software vulnerabilities to install backdoors and gain unauthorised access to user data and notifications.
Kaspersky shared the report with Bloomberg and it is the most lucid explanation as to why Google suspended the app. “Some versions of the Pinduoduo app contained malicious code, which exploited known Android vulnerabilities to escalate privileges, download and execute additional malicious modules, some of which also gained access to users’ notifications and files,” said Igor Golovin, a Kaspersky security researcher.
Last week, Google suspended the Pinduoduo app and urged users to remove the app from their devices. People downloading or using the Pinduoduo app were shown a warning that the app is harmful and it can allow unauthorised access to users’ data.
The announcement came at a time when U.S. lawmakers are openly accusing Chinese apps such as TikTok as a national security threat. However, unlike TikTok, Pinduoduo has a negligible user base in the United States.
The app is widely used in China where the Play Store is not even available. Another app of the same company (PDD Holdings) — Temu is still available to download in the United States as well as India.
Pinduoduo was founded in 2015 by PDD Holdings. The company started as a fresh agriculture platform before expanding to become a leading e-commerce player with approximately 900 million users, most of them in China.
In the News: Microsoft releases emergency update for Snipping Tool vulnerability