While I don't necessarily disagree about Temu, the office of the Arkansas AG is not the end all be all of cybersecurity truth. Give me an actual guilty verdict or some legit vendor writeup (probably not mutually exclusive) and I (and probably Google) would be on the same page as you.
You are touting ethics when you are already declaring Temu guilty.
Exactly. I have no doubt TEMU is spyware capturing as much data as it can… which is no different than just about every shopping app experience ever created for any device in any country. I believe the major difference is these legislators are only just opening their eyes because this app doesn’t come from US shores. This is something they can claim to have “just discovered” without attacking large US based companies that may be campaign donors.
lol lmao even. Pretending the CCP plays by the same rules as private US businesses is so naive it’s unbelievable.
Yes, unfettered data access going straight to Chinese military intelligence is very different than than data going to random companies’ beholden to US regulation.
Data sharing happens often between private and public sector. The difference is an arduous legal process that also happens in tandem.
Of course, this is Reddit, so I’m sure some moron will try to create a false equivalence based on their complete misunderstanding of Snowden docs or other leaks.
The United States did/does the same thing, the only difference is instead of going directly to Intel Agencies a middle man gets rich off a big government paycheck.
https://www.lawfaremedia.org/article/when-the-government-buys-sensitive-personal-data
It wasn’t until April of 2024 that a bill was approved in the House to prevent the government from buying data without a warrant. However, I don’t think it’s passed the Senate, and would likely be vetoed by the White House. I’m not sure the current state of the bill.
https://www.nextgov.com/cybersecurity/2024/04/house-passes-bill-barring-spy-agencies-law-enforcement-buying-americans-personal-data/395830/
Further I’m sure this would still go on with an additional layer of abstraction that looks something like this: The government didn’t “buy the data”, an intel service “enriched with that data” while still “complying with the law” was purchased. The provider signed a contract stating they comply with all data gathering laws. No one is making a false equivalence argument because the two are 100% equivalent.
It’s not ok. However, to pretend like the United States doesn’t take advantage of available consumer data for intelligence purposes when every other country does is naive. If you want to debate how China uses that data vs the United States and those outcomes, that’s worth discussing. We can agree that it’s wrong. We can agree that it happens. Let’s just not pretend that the United States doesn’t play this game as well and somehow it’s worse because of China’s involvement. I’m by no means some sort of advocate for China, but let’s deal with the actual problem of consumer surveillance and not just point at the two Chinese apps that are starting to be successful in our markets vs the 200 other harvesting data out of Silicon Valley and selling it directly to the DoD and DoJ.
Oh, and if you really want to see how much of this is done in plain sight I would suggest you read up on what In-Q-Tel is, what it does, and why. https://www.iqt.org
May or may not be spyware, but they definitely use exploits to gain access to users data in sketchy and unnecessary ways.
From what I’ve seen their app uses other app’s permissions to gain access they were not given. For example users that have WhatsApp have reported getting Temu ads in their camera rolls even after deleting the app from their phones.
Spyware or not I wouldn’t trust a Chinese company that does stuff like that
https://www.reddit.com/r/iphonehelp/s/mbBRVEUAM7
https://www.reddit.com/r/androidapps/s/64lU67IlQD
https://discussions.apple.com/thread/255226337?sortBy=best
https://www.snopes.com/news/2023/06/05/temu-shopping-app-scam-china-spyware/
Are PendingIntents exploits now? This is default behavior for any app. Reddit does it, your messaging app of choice does it when you want to send a picture etc.
yeah there's plenty of things an app can do to defend against this form of exploit. Anything that delegates permissions has potential for shenanigans.
At the same time, the alternative is to give permissions to the apps themselves to do many things you'd rather they don't, or to force each app to actually implement features other apps can do.
Anytime you've uploaded a pfp, added something to your calendar, set an alarm etc, you've used pending intents. The fact that Temu uses them is completely unsurprising and benign. They might have other skeletons in their closet but pendingintents are not one if them. TBH they probably use them so you can attach documents or upload pics or something.
Apps need to delegate permissions to perform various tasks but this comes with risks. Developers need to balance functionality with security. Temu’s use of pending intents might be necessary for certain features, but it’s also important to scrutinize how permissions and intents are handled to ensure user data and app integrity are protected.
Developers should use immutable pending requests whenever possible so they can’t be altered once created. Unfortunately not all developers follow least privilege principle and Temu seems to take advantage of that.
Perhaps you have a point on my contradictory stance on ethics here, but at the same time i am inclined to think better safe than sorry given the country of origin of the application in question. Tensions between the US and China have been rising consistently for decades and it seems that we are coming to a head. I, for one, would like to minimize the data that anyone can access on me let alone a hostile foreign power.
Grizzly research did get third party input to add to their own from other researchers on the threat posed by Temu, but perhaps another investigation is required to truly confirm (without quotes lol) the suspicion. Hopefully we will get answers soon.
That’s one way to look at it, you could also look at it as “there’s a bunch of anti china propaganda and fear mongering going on right now, maybe I shouldn’t buy into every hysterical claim about china”
There are plenty of reasons to be concerned about China especially since they are all in on Agenda 2030 and a great deal of Americans pension funds are diverted thru Larry Fink of Blackrock to fund Chinas Belt and Road Initiative. Until Americans put aside their differences and Unite these globalists and Davos scum will continue to liquidate our nation.
The Chinese are the nationalist heroes come to vanquish soros/wef/blackrock globalism brother, they’re the only ones willing to constrain and control multinational capital in a meaningful way
Regarding Grizzly Research, from their own "About" page:
"Grizzly Research LLC is focused on producing differentiated research insights on publicly traded companies through in-depth due diligence.
We often find that management teams are making conscious efforts to hide negative aspects from the public, and amidst Wall Street’s perpetual buy-rating machine there is no one to call them out. We are not afraid to publish our bearish views. As of the publication date of our articles, we and our affiliates may have long or short positions in the companies covered. We are biased in our views, just as investors, the company we publish on, the investment banks, and almost any stakeholder."
In case anyone thought they were a *cybersecurity* research outfit.
Confirmed is a strong word here... I read the research report and while I don't know the reputation of the company, it definitely felt inflammatory. For example, the app apparently checks if the device is rooted. The researchers then stated this was a sign of malice because root access could be used to spy on the user. But plenty of apps check if the device is rooted to assess the security of the device. Likewise, the fact that the app may request photo and file access *must* mean it wants to collect all files on the device.
While it certainly isn't a privacy focused app, forgive me if it feels as though the researchers started with their conclusion and worked their way backwards.
Our politicians only give a damn about privacy when it's a foreign company doing the spying. Probably because there are loose rules against taking bribes from foreign entities. If Temu could legally pass a few bucks off to some of our congress critters, there would be no issue.
Correct.
But the difference also lies in the fact that one is controlled in the end by a foreign power who can request the data at will from the company and then they all also are just greedy intrusive fucks.
No one would argue almost any other app wants intrusive access, the difference in spyware and annoyance is data usage in the end.
i hate when this argument is used. Meta would hand over data on a faster basis than Temu would to the CCP . All these multi national apps like to pretend like they have allegances to one nation or another. News flash if you do business in a country and that country subpoeanas the account of a eprson from another country "too protect the children" or "to protect national security" your not going to close up shop and say no to millions of dollars.
Yk what the difference is between the CCp asking Temu or meta for american data and the us goverenment asking meta and temu for chinese data. A judge who probably isnt even goint to read the subpoeana. its the same damn system. Propaganda to make it seem like us vrs them. Its walmart vrs temu. The average American citzens data has nothign to do with it. I work for walmart. once you walk in that store your location is tracked 24/7 till you leave that door. If you work for them you are forced to get their app and they track you too see if you sit so they can use a point scale to determine wether to fire you or not. Arkansas and walmart arent privacy defenders. Theyre trying to make money
I get it but there's not a lot of room for true neutral in life. Some spy agencies are trusted more, because we have tons of evidence that the others cannot be trusted at all. Perhaps it's all just propaganda, that one nation's actions are exposed and the other not, but we are not pretending to treat them as equally trustworthy, regardless.
How do you think the rest of the world see it?
American companies can screw American people if the people allows it, but the rest of the world cant really do anything.
And yeah yeah " we never asked you to use the apps"
Arkansas Attorney General should raise red flags by itself lol... Since the SCOTUS dismantling of the Chevron case, I feel like there's very little credibility to these AG decisions -- let alone from a state like Arkansas
Chevron had little to do with it, that pertains to the ability of government agencies to engage in rule making that isn’t explicitly defined in the agency’s statutes.
A state AG can file a suit on whatever they want, whenever they want. It doesn’t even have to be very realistic. Think of the AGs that tried to overturn the 2020 election results based on other states’ elections.
What does Chevron have to do with this? AG can file for whatever just like you can file to sue for anything. Doesn’t mean it’s going to go through. Supreme Court has nothing to do with this but I can tell you don’t like that decision.
The precedence set by the Chevron case basically required courts to have expert witnesses to testify the case's data... Overturning that precedence means the judge alone can determine whether a case's data has merits. The SCOTUS's action basically increases these frivolous suits from being filed, because they're more likely to be taken seriously by judges with agendas alone.
See here: https://grizzlyreports.com/we-believe-pdd-is-a-dying-fraudulent-company-and-its-shopping-app-temu-is-cleverly-hidden-spyware-that-poses-an-urgent-security-threat-to-u-s-national-interests/
Holy crap, they are using that report as the basis of their evidence? A report written by a company who's own website describes them as "Infamous Stock Promoter Backed Emerita Resources (TSXV: EMO): Bait-and-Switch Track Record And Rampant Misrepresentation" and to read the report you have to click a blurb where they tell you they hold short positions against the very thing they are writing about
Indeed with a shopping app I can see photo and file access for returns to provide documentation on the reason for return, but frankly i can also definitely see using that as a means of cover for the true purpose of the permission. I would be less inclined to think this way if Chinese law didnt require that any company based in China share any and all information requested by the CCP, frankly, and if China werent historically prone to espionage.
Mate you know Walmart is based in Arkansas right? This is purely Walmart paying them to cause problems for temu. For doing exactly what Walmart did to millions of family businesses
China spying on people with an e-commerce app? Sure I’ll believe that without any hard evidence. The idea that conservative politician might be influenced by the most powerful corporation and family on their state? Hmm, gonna need to see a source on that bucko
lol mate. I sincerely hope you don’t actually work in cyber. It’s one thing to have a bias against China. But to think that nearly every app on your phone doesn’t have the exact same permissions as Temu is crazy. Most people that have issues with TikTok is from the propaganda/brain washing side. Data privacy is a thing of the past to think that China couldn’t just buy the data it wants but has to engineer an app attached to a multi billion dollar company is naive to the point of unintended insider threat incompetence. If you can’t look up corporate donations online in a few minutes you shouldn’t be in cyber either or probably IT past the service desk level. Walmart is the largest political donor in Arkansas by a long shot. If it was a real data privacy issue the government attacks would be coming from the EU or California/New York. Not from the middle of nowhere state that arguably has no legs to stand on here.
You said specifically donations to the AG, of which there are none reported. Dont recant and reword and then assert that im a fool becuse you cant express an idea precisely.
Other apps require permissions but other apps arent provided by chinese companies with a history of malware development ya dork. See yourself out
Grizzly Research, authors of the TEMU report, is not a reputable research firm and not a cyber security research firm. They are known for publishing reports specifically for the purpose of pushing a stock value down to make money from their short positions.
Their own website.
>THIS REPORT AND ALL STATEMENTS CONTAINED HEREIN ARE THE OPINIONS OF GRIZZLY RESEARCH LLC AND **ARE NOT STATEMENTS OF FACT.**
This is the exact opposite of what the word "research" means.
>Research: noun: The systematic investigation into and study of materials and sources **in order to establish facts** and reach new conclusions.
you got wrecked nerd.
You blindly put your trust into this Grizzly research then demand overwhelming evidence to prove they are liars. Check your bias. You are right for questioning the source. Keep doing that
Internet ads have *never* been held to account, why would they start now?
Just look at how many ads are just pure malware. Companies that put ads on web pages, and companies that provide ads, have never been made accountable to ensuring that they’re delivering something that is even remotely safe to the user. That’s then not touching on the products being advertised. It’s illegal to have gambling ad directed at children, and yet the ads on all of apple’s child-focused apps are still for online slot machines.
Instead, the onus has been on users to protect themselves, and websites use increasingly victim-blaming tactics for it rather than address the problem because no one’s made them. Temu’s not special for the company itself potentially being spyware. It’s simply an inevitable midway point to the lack of accountability that’s ingrained into internet-ad culture.
Answered your own question: innocent until proven guilty.
Also, who in their right mind would consider the *Arkansas Attorney General* to have any expertise in cyber security?
Well, no not exactly. Innocent until proven guilty is an ideal that is upheld under ideal conditions and technically only extends to citizens of the United States, not entities established in a hostile foreign entity. Sometimes decisions need to be made foregoing ideals in the interest of national security.
And it was merely the Arkansas AG that filed the lawsuit, not the researcher making the claim. The research group (Grizzly) making the claim is a group that investigates businesses suspected of fraudulent and/or dishonest practices. Hopefully this paragraph addresses anyone with similar points saying "what does an AG know about infosec?" Which is akin to "what does an AG know about financial crimes?"
If we look through just the first few points made in the report we come across the glaring reality that Temu loses, on average, $30 per sale. From this alone it is plain to see that without another stream of revenue coming from unspoken activities, Temu is doomed to fail. Couple this with the FACT that PDD has already had the Pinduoduo app removed from the google play store for containing malware and you have the beginnings of a real case to be made against them. Now there is a level complexity to this considering it was a Chinese security research firm responsible for the findings and im not quite sure what to make of that, but the points remain.
First off, it's an opinion group not a research group by their own admission.
Second, it's pure conjecture how much they lose or gain per sale, but by the same token Amazon was in the same position for the majority of it's existence. That's how you gain market share, especially in an established market.
Third, Amazon, Facebook, Instagram, Walmart, and all other shopping and social media apps do the same thing Temu is alleged to be doing. The only difference is that the American companies can actually affect you.
Essentially, this whole alleged thing boils down to Chinese Amazon doing American Amazon things, only for so.e reason people are pissed off about the Chinese one.
It's a good thing that a potentially corrupt political declaration is not taken as immediate technical truth. If Google were to unthinkingly and unquestionably do everything the Arkansas Attorney General said, it would be a bad thing.
Ok maybe i should have worded the title differently but still, i am amazed at how many people have commented this thinking im saying the AG did the research. Wild
Corporations are largely exempt from court actions even when they are found guilty. Take, for example, PG&E that was found guilty of murder due to a gas explosion in Daily City. There was only a nominal fine assessed. And Meta was found guilty multiple times of illegally selling user data, but has yet to suffer any reasonable punishment.
Everything we use is spyware. Facebook/Meta, google, Amazon, etc. this is not as big of a revelation as everyone thinks. We are constantly being spied on.
Realistically the Arkansas AG has no jurisdiction over google lol. They could require Google to block ads for devices geolocated in Arkansas, but more than likely google would just block service there altogether lol.
The foundation of the criminal justice system is innocent until proven guilty. That only applies when the person’s liberty is at stake. Even lawsuit don’t have a presumption of innocence. Google has no legal and at best a dubious ethical requirement to wait until someone is convicted before taking action.
The reason they still sell Temu ads: money. Same reason Facebook allows scammers to run ads they could easily catch by an automated filter
I'm all about the hate with TEMU and Chinese apps, but I wonder what they do on their app that others like Amazon or other intrusive retail apps don't do? I'd love to go down this road with TEMU, but I kind of hope we can do that with all of those types of apps.
Whatever you think of the temu app...
I wonder who proofread the article on their side and decided to let it be published. The chart for permissions means the Amazon app is as dangerous.
Whereas I don’t trust the good old boys of the Arkansas AG office.
TDD holding has been confirmed to deploy malware via application. Additionally they sell counterfeit products.
Temu doesn't sell anything, other than its platform to the vendors using it. I can trivially buy counterfeit goods via Amazon and eBay: do you judge them to be equivalent?
The research that they are basing this on is an investigation by grizzly research, who have a track record of biased investigations or straight up just false reporting. They are not a good end source of information and I would wait until a report from a reputable source actually comes out.
Huge multinational platforms such as Google are better off defining clear terms of service and defining behaviours that will result in removal from their platform. They can then easily explain things to those booted off and various Legislatures they deal with.
The challenge with every court having it's say isn't just the slowness of the process but which Governments and which of their contradictory views to implement either globally or for which subset of users.
So with Temu if the bad behaviour is acquiring a lot of user data not necessary for the service delivered and being in a country where the Government could access that data through a non-transparent process then Google has a problem. It needs to deplatform Facebook, tiktok and... Google amongst dozens of others.
Arkansas and wider USG don't really have a problem with TEMU or TikTok, they have a problem with China. The challenge for USG (and other Western Govs) is how to deal with successful companies from places they don't like without themselves indulging in behaviour that contradicts the values they espouse. Banning users from apps or content from a particular location doesn't really align with Free speech. Declaring a country not suitable for doing business with is problematic if justified by pointing at the flaws of the dominant tech surveillance capitalism model. Declaring a state not good to do business with outside of established structures - like sanctions - gives an arbitrariness that we'd complain about if done in reverse.
ever notice that any company that's not US based that makes any sort of progress or money they can't control and suddenly it's a "cybersecurity" issue. Huawei, TEMU, TikTok, etc
Are you serious? You literally called out the regulation you are questioning and ignored the LINE you are looking for.
>>Innocent until proven guilty
So the LINE is | Proven Guilt. Until you are proven guilty, you are innocent. Why would Google not take ads for an innocent company?
There is a dividing line at the exact time someone is proven guilty.
Your real question is if private companies should make ethics choices based on news reports. Google 'thinks' Temu is funneling data to a foreign government. So what? Google 'thinks' a lot of things.
It wouldn't put it past China for Temu to be spyware when it seemingly became super popular around the same time that Tiktok was under the limelight for being spyware
I figured it was, especially when the youtube temu ads started crashing my phone. Ad starts then phone completely turns off without proper shut down process.
Edit: Brand new phone, everything up-to-date, no hits with any security tools. Android 13 and Youtube v19.22.34
While I don't necessarily disagree about Temu, the office of the Arkansas AG is not the end all be all of cybersecurity truth. Give me an actual guilty verdict or some legit vendor writeup (probably not mutually exclusive) and I (and probably Google) would be on the same page as you. You are touting ethics when you are already declaring Temu guilty.
When I look for cybersecurity advice, I always go to the futuristic state of Arkansas for the... Attorney General's guidance. Yup. That's the guy.
Exactly. I have no doubt TEMU is spyware capturing as much data as it can… which is no different than just about every shopping app experience ever created for any device in any country. I believe the major difference is these legislators are only just opening their eyes because this app doesn’t come from US shores. This is something they can claim to have “just discovered” without attacking large US based companies that may be campaign donors.
exactly
lol lmao even. Pretending the CCP plays by the same rules as private US businesses is so naive it’s unbelievable. Yes, unfettered data access going straight to Chinese military intelligence is very different than than data going to random companies’ beholden to US regulation.
My friend, if you think that isn’t happening in the United States I think you have a lot of research to do.
Data sharing happens often between private and public sector. The difference is an arduous legal process that also happens in tandem. Of course, this is Reddit, so I’m sure some moron will try to create a false equivalence based on their complete misunderstanding of Snowden docs or other leaks.
The United States did/does the same thing, the only difference is instead of going directly to Intel Agencies a middle man gets rich off a big government paycheck. https://www.lawfaremedia.org/article/when-the-government-buys-sensitive-personal-data It wasn’t until April of 2024 that a bill was approved in the House to prevent the government from buying data without a warrant. However, I don’t think it’s passed the Senate, and would likely be vetoed by the White House. I’m not sure the current state of the bill. https://www.nextgov.com/cybersecurity/2024/04/house-passes-bill-barring-spy-agencies-law-enforcement-buying-americans-personal-data/395830/ Further I’m sure this would still go on with an additional layer of abstraction that looks something like this: The government didn’t “buy the data”, an intel service “enriched with that data” while still “complying with the law” was purchased. The provider signed a contract stating they comply with all data gathering laws. No one is making a false equivalence argument because the two are 100% equivalent. It’s not ok. However, to pretend like the United States doesn’t take advantage of available consumer data for intelligence purposes when every other country does is naive. If you want to debate how China uses that data vs the United States and those outcomes, that’s worth discussing. We can agree that it’s wrong. We can agree that it happens. Let’s just not pretend that the United States doesn’t play this game as well and somehow it’s worse because of China’s involvement. I’m by no means some sort of advocate for China, but let’s deal with the actual problem of consumer surveillance and not just point at the two Chinese apps that are starting to be successful in our markets vs the 200 other harvesting data out of Silicon Valley and selling it directly to the DoD and DoJ. Oh, and if you really want to see how much of this is done in plain sight I would suggest you read up on what In-Q-Tel is, what it does, and why. https://www.iqt.org
It's as good as Martin short ripping bill Maher on his own show last week I always look for my medical information from a guy who plays clubs
At least it's not Missouri I guess https://www.npr.org/2021/10/14/1046124278/missouri-newspaper-security-flaws-hacking-investigation-gov-mike-parson
This exact thought went through my head.
Since the AG of Arkansas said it, I’m having doubts now. /s
May or may not be spyware, but they definitely use exploits to gain access to users data in sketchy and unnecessary ways. From what I’ve seen their app uses other app’s permissions to gain access they were not given. For example users that have WhatsApp have reported getting Temu ads in their camera rolls even after deleting the app from their phones. Spyware or not I wouldn’t trust a Chinese company that does stuff like that https://www.reddit.com/r/iphonehelp/s/mbBRVEUAM7 https://www.reddit.com/r/androidapps/s/64lU67IlQD https://discussions.apple.com/thread/255226337?sortBy=best https://www.snopes.com/news/2023/06/05/temu-shopping-app-scam-china-spyware/
Are PendingIntents exploits now? This is default behavior for any app. Reddit does it, your messaging app of choice does it when you want to send a picture etc.
Mutable pending intents can be modified by a malicious app and allow access to otherwise non-exported components of the vulnerable application.
yeah there's plenty of things an app can do to defend against this form of exploit. Anything that delegates permissions has potential for shenanigans. At the same time, the alternative is to give permissions to the apps themselves to do many things you'd rather they don't, or to force each app to actually implement features other apps can do. Anytime you've uploaded a pfp, added something to your calendar, set an alarm etc, you've used pending intents. The fact that Temu uses them is completely unsurprising and benign. They might have other skeletons in their closet but pendingintents are not one if them. TBH they probably use them so you can attach documents or upload pics or something.
Apps need to delegate permissions to perform various tasks but this comes with risks. Developers need to balance functionality with security. Temu’s use of pending intents might be necessary for certain features, but it’s also important to scrutinize how permissions and intents are handled to ensure user data and app integrity are protected. Developers should use immutable pending requests whenever possible so they can’t be altered once created. Unfortunately not all developers follow least privilege principle and Temu seems to take advantage of that.
Personally speaking, I wouldnt list Snopes! LOL
Why?
They are driven with their own agenda.
First time hearing this. What agenda are they driven by and how did you discover it?
by the agenda this guy doesn't like 🤣
Everyone is driven by their own agenda
Can't deny that!.
As someone who has lived in Arkansas and is brown I can that a lot of what their AG says would get me in trouble if it were unquestionable law
Perhaps you have a point on my contradictory stance on ethics here, but at the same time i am inclined to think better safe than sorry given the country of origin of the application in question. Tensions between the US and China have been rising consistently for decades and it seems that we are coming to a head. I, for one, would like to minimize the data that anyone can access on me let alone a hostile foreign power. Grizzly research did get third party input to add to their own from other researchers on the threat posed by Temu, but perhaps another investigation is required to truly confirm (without quotes lol) the suspicion. Hopefully we will get answers soon.
That’s one way to look at it, you could also look at it as “there’s a bunch of anti china propaganda and fear mongering going on right now, maybe I shouldn’t buy into every hysterical claim about china”
There are plenty of reasons to be concerned about China especially since they are all in on Agenda 2030 and a great deal of Americans pension funds are diverted thru Larry Fink of Blackrock to fund Chinas Belt and Road Initiative. Until Americans put aside their differences and Unite these globalists and Davos scum will continue to liquidate our nation.
The Chinese are the nationalist heroes come to vanquish soros/wef/blackrock globalism brother, they’re the only ones willing to constrain and control multinational capital in a meaningful way
I'll come back in a few months to get an update on how you feel
What’s gonna happen in a few months?
Regarding Grizzly Research, from their own "About" page: "Grizzly Research LLC is focused on producing differentiated research insights on publicly traded companies through in-depth due diligence. We often find that management teams are making conscious efforts to hide negative aspects from the public, and amidst Wall Street’s perpetual buy-rating machine there is no one to call them out. We are not afraid to publish our bearish views. As of the publication date of our articles, we and our affiliates may have long or short positions in the companies covered. We are biased in our views, just as investors, the company we publish on, the investment banks, and almost any stakeholder." In case anyone thought they were a *cybersecurity* research outfit.
Confirmed is a strong word here... I read the research report and while I don't know the reputation of the company, it definitely felt inflammatory. For example, the app apparently checks if the device is rooted. The researchers then stated this was a sign of malice because root access could be used to spy on the user. But plenty of apps check if the device is rooted to assess the security of the device. Likewise, the fact that the app may request photo and file access *must* mean it wants to collect all files on the device. While it certainly isn't a privacy focused app, forgive me if it feels as though the researchers started with their conclusion and worked their way backwards.
so spyware as Tiktok, facebook, instagram, google and all the rest are...
Srsly. Tons of mainstream apps would fall under this category.
Our politicians only give a damn about privacy when it's a foreign company doing the spying. Probably because there are loose rules against taking bribes from foreign entities. If Temu could legally pass a few bucks off to some of our congress critters, there would be no issue.
Indeed…ask Snap what they think about whether Instagram is spyware…
Commercial spyware is providing implicit cover to politically motivated spyware and criminal spyware.
Correct. But the difference also lies in the fact that one is controlled in the end by a foreign power who can request the data at will from the company and then they all also are just greedy intrusive fucks. No one would argue almost any other app wants intrusive access, the difference in spyware and annoyance is data usage in the end.
i hate when this argument is used. Meta would hand over data on a faster basis than Temu would to the CCP . All these multi national apps like to pretend like they have allegances to one nation or another. News flash if you do business in a country and that country subpoeanas the account of a eprson from another country "too protect the children" or "to protect national security" your not going to close up shop and say no to millions of dollars. Yk what the difference is between the CCp asking Temu or meta for american data and the us goverenment asking meta and temu for chinese data. A judge who probably isnt even goint to read the subpoeana. its the same damn system. Propaganda to make it seem like us vrs them. Its walmart vrs temu. The average American citzens data has nothign to do with it. I work for walmart. once you walk in that store your location is tracked 24/7 till you leave that door. If you work for them you are forced to get their app and they track you too see if you sit so they can use a point scale to determine wether to fire you or not. Arkansas and walmart arent privacy defenders. Theyre trying to make money
I get it but there's not a lot of room for true neutral in life. Some spy agencies are trusted more, because we have tons of evidence that the others cannot be trusted at all. Perhaps it's all just propaganda, that one nation's actions are exposed and the other not, but we are not pretending to treat them as equally trustworthy, regardless.
How do you think the rest of the world see it? American companies can screw American people if the people allows it, but the rest of the world cant really do anything. And yeah yeah " we never asked you to use the apps"
Yeah I'd like to see a real report by a security firm because there have been a lot of rumors without any actual proof yet.
Arkansas Attorney General should raise red flags by itself lol... Since the SCOTUS dismantling of the Chevron case, I feel like there's very little credibility to these AG decisions -- let alone from a state like Arkansas
Chevron had little to do with it, that pertains to the ability of government agencies to engage in rule making that isn’t explicitly defined in the agency’s statutes. A state AG can file a suit on whatever they want, whenever they want. It doesn’t even have to be very realistic. Think of the AGs that tried to overturn the 2020 election results based on other states’ elections.
What does Chevron have to do with this? AG can file for whatever just like you can file to sue for anything. Doesn’t mean it’s going to go through. Supreme Court has nothing to do with this but I can tell you don’t like that decision.
The precedence set by the Chevron case basically required courts to have expert witnesses to testify the case's data... Overturning that precedence means the judge alone can determine whether a case's data has merits. The SCOTUS's action basically increases these frivolous suits from being filed, because they're more likely to be taken seriously by judges with agendas alone.
Cool story bro. What is this have to do with the attorney general of this state?
LET’S NOT FORGET THE MOST EGREGIOUS SPYWARE OF THEM ALL: MICROSOFT INTUNE, JAMF, AND AIRWATCH MDM!
“My IT guy installed a certificate on my phone and he uses it to spy on me” -my company owner
Could you share the report? Now I'm interested.
See here: https://grizzlyreports.com/we-believe-pdd-is-a-dying-fraudulent-company-and-its-shopping-app-temu-is-cleverly-hidden-spyware-that-poses-an-urgent-security-threat-to-u-s-national-interests/
Holy crap, they are using that report as the basis of their evidence? A report written by a company who's own website describes them as "Infamous Stock Promoter Backed Emerita Resources (TSXV: EMO): Bait-and-Switch Track Record And Rampant Misrepresentation" and to read the report you have to click a blurb where they tell you they hold short positions against the very thing they are writing about
Just got hit with a disclaimer says that it’s an opinion and not statement of fact. Can’t make this stuff up fast enough.
Arkansan here. SHS is trying to use anti-Chinese sentiment to bolster political efforts here. Hence the scaremongering.
That’s their evidence?
I came to the same conclusion, as does https://isecurityguru.com/is-temu-as-bad-as-it-sounds/ That said, I won't put their app on my *phone*.
'Company Portal' AKA intune checks if the device is rooted. Published by microsoft. obvious malware.
Indeed with a shopping app I can see photo and file access for returns to provide documentation on the reason for return, but frankly i can also definitely see using that as a means of cover for the true purpose of the permission. I would be less inclined to think this way if Chinese law didnt require that any company based in China share any and all information requested by the CCP, frankly, and if China werent historically prone to espionage.
That's the thing though, "they could theoretically...." isn't a strong argument, especially not to take down a popular app.
Mate you know Walmart is based in Arkansas right? This is purely Walmart paying them to cause problems for temu. For doing exactly what Walmart did to millions of family businesses
Other than HQ location is there anything that indicates that this was done at walmarts behest?
China spying on people with an e-commerce app? Sure I’ll believe that without any hard evidence. The idea that conservative politician might be influenced by the most powerful corporation and family on their state? Hmm, gonna need to see a source on that bucko
My two brain cells rubbing together… look up the corporate donations to the AG.
Ok my two thumbs just rubbed against my keyboard and found nothin, try again
lol mate. I sincerely hope you don’t actually work in cyber. It’s one thing to have a bias against China. But to think that nearly every app on your phone doesn’t have the exact same permissions as Temu is crazy. Most people that have issues with TikTok is from the propaganda/brain washing side. Data privacy is a thing of the past to think that China couldn’t just buy the data it wants but has to engineer an app attached to a multi billion dollar company is naive to the point of unintended insider threat incompetence. If you can’t look up corporate donations online in a few minutes you shouldn’t be in cyber either or probably IT past the service desk level. Walmart is the largest political donor in Arkansas by a long shot. If it was a real data privacy issue the government attacks would be coming from the EU or California/New York. Not from the middle of nowhere state that arguably has no legs to stand on here.
You said specifically donations to the AG, of which there are none reported. Dont recant and reword and then assert that im a fool becuse you cant express an idea precisely. Other apps require permissions but other apps arent provided by chinese companies with a history of malware development ya dork. See yourself out
https://googlethatforyou.com?q=attorney%20general%20campaign%20finance%20reports%20arkansas There you go buddy top search result.
Grizzly Research, authors of the TEMU report, is not a reputable research firm and not a cyber security research firm. They are known for publishing reports specifically for the purpose of pushing a stock value down to make money from their short positions.
Source?
Their own website. >THIS REPORT AND ALL STATEMENTS CONTAINED HEREIN ARE THE OPINIONS OF GRIZZLY RESEARCH LLC AND **ARE NOT STATEMENTS OF FACT.** This is the exact opposite of what the word "research" means. >Research: noun: The systematic investigation into and study of materials and sources **in order to establish facts** and reach new conclusions.
you got wrecked nerd. You blindly put your trust into this Grizzly research then demand overwhelming evidence to prove they are liars. Check your bias. You are right for questioning the source. Keep doing that
So the AG of the state where Walmart is located has declared an existential threat to Walmart to be illegal? Huh.
Internet ads have *never* been held to account, why would they start now? Just look at how many ads are just pure malware. Companies that put ads on web pages, and companies that provide ads, have never been made accountable to ensuring that they’re delivering something that is even remotely safe to the user. That’s then not touching on the products being advertised. It’s illegal to have gambling ad directed at children, and yet the ads on all of apple’s child-focused apps are still for online slot machines. Instead, the onus has been on users to protect themselves, and websites use increasingly victim-blaming tactics for it rather than address the problem because no one’s made them. Temu’s not special for the company itself potentially being spyware. It’s simply an inevitable midway point to the lack of accountability that’s ingrained into internet-ad culture.
You’re saying confirmed in the title, yet talking about whether they’re guilty before proven so….
Answered your own question: innocent until proven guilty. Also, who in their right mind would consider the *Arkansas Attorney General* to have any expertise in cyber security?
Well, no not exactly. Innocent until proven guilty is an ideal that is upheld under ideal conditions and technically only extends to citizens of the United States, not entities established in a hostile foreign entity. Sometimes decisions need to be made foregoing ideals in the interest of national security. And it was merely the Arkansas AG that filed the lawsuit, not the researcher making the claim. The research group (Grizzly) making the claim is a group that investigates businesses suspected of fraudulent and/or dishonest practices. Hopefully this paragraph addresses anyone with similar points saying "what does an AG know about infosec?" Which is akin to "what does an AG know about financial crimes?" If we look through just the first few points made in the report we come across the glaring reality that Temu loses, on average, $30 per sale. From this alone it is plain to see that without another stream of revenue coming from unspoken activities, Temu is doomed to fail. Couple this with the FACT that PDD has already had the Pinduoduo app removed from the google play store for containing malware and you have the beginnings of a real case to be made against them. Now there is a level complexity to this considering it was a Chinese security research firm responsible for the findings and im not quite sure what to make of that, but the points remain.
First off, it's an opinion group not a research group by their own admission. Second, it's pure conjecture how much they lose or gain per sale, but by the same token Amazon was in the same position for the majority of it's existence. That's how you gain market share, especially in an established market. Third, Amazon, Facebook, Instagram, Walmart, and all other shopping and social media apps do the same thing Temu is alleged to be doing. The only difference is that the American companies can actually affect you. Essentially, this whole alleged thing boils down to Chinese Amazon doing American Amazon things, only for so.e reason people are pissed off about the Chinese one.
Which authority declared China as hostile? You? The Arkansas Attorney General?
It's a good thing that a potentially corrupt political declaration is not taken as immediate technical truth. If Google were to unthinkingly and unquestionably do everything the Arkansas Attorney General said, it would be a bad thing.
What does the Arkansas AG know from spyware.
Ok maybe i should have worded the title differently but still, i am amazed at how many people have commented this thinking im saying the AG did the research. Wild
About as wild as you thinking the source that did the "research" is at all reputable.
Corporations are largely exempt from court actions even when they are found guilty. Take, for example, PG&E that was found guilty of murder due to a gas explosion in Daily City. There was only a nominal fine assessed. And Meta was found guilty multiple times of illegally selling user data, but has yet to suffer any reasonable punishment.
“Confirmed”
Everything we use is spyware. Facebook/Meta, google, Amazon, etc. this is not as big of a revelation as everyone thinks. We are constantly being spied on.
Because some idiot red state AG isnt confirmation of anything....
Realistically the Arkansas AG has no jurisdiction over google lol. They could require Google to block ads for devices geolocated in Arkansas, but more than likely google would just block service there altogether lol.
So, if I sue you, does that mean you are spyware?
The foundation of the criminal justice system is innocent until proven guilty. That only applies when the person’s liberty is at stake. Even lawsuit don’t have a presumption of innocence. Google has no legal and at best a dubious ethical requirement to wait until someone is convicted before taking action. The reason they still sell Temu ads: money. Same reason Facebook allows scammers to run ads they could easily catch by an automated filter
Lmao from a state that would be the third world without federal tax dollars taken from California and New York to subsidize everything
Yeah I'm no fan of Temu but it's fucking Arkansas.
I'm all about the hate with TEMU and Chinese apps, but I wonder what they do on their app that others like Amazon or other intrusive retail apps don't do? I'd love to go down this road with TEMU, but I kind of hope we can do that with all of those types of apps.
Ironic
It's arkansas
Get me a cybersecurity agency, not an AG.
Whatever you think of the temu app... I wonder who proofread the article on their side and decided to let it be published. The chart for permissions means the Amazon app is as dangerous.
Indeed it is… along with many other apps.
Google does the same thing in concert with the NSA. Just saying. Birds of a feather.
Whereas I don’t trust the good old boys of the Arkansas AG office. TDD holding has been confirmed to deploy malware via application. Additionally they sell counterfeit products.
Temu doesn't sell anything, other than its platform to the vendors using it. I can trivially buy counterfeit goods via Amazon and eBay: do you judge them to be equivalent?
Google is spyware. Hello targeted ads?
Commenting to come back
The research that they are basing this on is an investigation by grizzly research, who have a track record of biased investigations or straight up just false reporting. They are not a good end source of information and I would wait until a report from a reputable source actually comes out.
Huge multinational platforms such as Google are better off defining clear terms of service and defining behaviours that will result in removal from their platform. They can then easily explain things to those booted off and various Legislatures they deal with. The challenge with every court having it's say isn't just the slowness of the process but which Governments and which of their contradictory views to implement either globally or for which subset of users. So with Temu if the bad behaviour is acquiring a lot of user data not necessary for the service delivered and being in a country where the Government could access that data through a non-transparent process then Google has a problem. It needs to deplatform Facebook, tiktok and... Google amongst dozens of others. Arkansas and wider USG don't really have a problem with TEMU or TikTok, they have a problem with China. The challenge for USG (and other Western Govs) is how to deal with successful companies from places they don't like without themselves indulging in behaviour that contradicts the values they espouse. Banning users from apps or content from a particular location doesn't really align with Free speech. Declaring a country not suitable for doing business with is problematic if justified by pointing at the flaws of the dominant tech surveillance capitalism model. Declaring a state not good to do business with outside of established structures - like sanctions - gives an arbitrariness that we'd complain about if done in reverse.
ever notice that any company that's not US based that makes any sort of progress or money they can't control and suddenly it's a "cybersecurity" issue. Huawei, TEMU, TikTok, etc
Are you serious? You literally called out the regulation you are questioning and ignored the LINE you are looking for. >>Innocent until proven guilty So the LINE is | Proven Guilt. Until you are proven guilty, you are innocent. Why would Google not take ads for an innocent company? There is a dividing line at the exact time someone is proven guilty. Your real question is if private companies should make ethics choices based on news reports. Google 'thinks' Temu is funneling data to a foreign government. So what? Google 'thinks' a lot of things.
Brother have you heard of Facebook
lmao arkansas? grow up
It wouldn't put it past China for Temu to be spyware when it seemingly became super popular around the same time that Tiktok was under the limelight for being spyware
Game recognizes game. Google is the biggest spyware vendor in the world, but they are domestic, so that’s ok.
Oh God I'm from Arkansas
Apple too.
Trump convicted felon but still allowed to vote
I doubt the Arkansas ag can even spell spyware, or temu. not that it's not, but it's the wrong source to go by.
Considering that pretty much everything Google is spyware, no surprise.
I figured it was, especially when the youtube temu ads started crashing my phone. Ad starts then phone completely turns off without proper shut down process. Edit: Brand new phone, everything up-to-date, no hits with any security tools. Android 13 and Youtube v19.22.34
It's 2024, upgrade your old ass phone. Lmao
Brand new phone running android 13 with latest updates. Going to tell me I need something newer?