You can also listen to the article in audio version.
Fast-growing Chinese marketplace Temu selling very cheap goods from Asia is attracting a lot of attention – especially in the US, where it has become a social media phenomenon. However, similar to the Chinese social network TikTok or the popular shopping platform Shein, Temu has become a big topic in the security community and in business circles.
No wonder. In 2023, the four most downloaded apps for mobile phones in the US had Chinese owners, and the marketplace was ruled by Temu, who was unknown two years ago. That quickly changed thanks to a massive advertising campaign that culminated in spots during American football’s Superbowl final.
Just to add: the next most downloaded apps in the US were the social network TikTok, the video editing software CapCut (it has the same owner as TikTok, the company ByteDance) and the marketplace Shein.
Chinese tech firms have tremendous economic power, and that naturally bothers domestic American firms that guard their territory. Even some traditional retail companies perceive the Chinese “invasion” as a risk. According to a study by the analytical company Earnest Analytics, in the two years since entering the US, Temu has eaten away 17% of the market share of discount chains. For example, the big chain with goods “for a few bucks” Dollar General is under pressure, and the discounter Five Bellow (8% share) has already left Temu behind. After all, during its advertising campaign, Temu sold goods at a loss price.
Also under scrutiny in the Czech Republic
The Chinese marketplace, which has also been operating in the Czech Republic since last year, is also closely monitored by experts due to the doubts surrounding the quality of services, ethical procedures in the production of goods and cyber security.
In February of this year, the Czech National Office for Cyber and Information Security (NÚKIB) announced that it was examining the Temu.cz e-shop and its mobile application. The same authority warned against the use of Chinese applications TikTok and WeChat last year.
“The concern about possible security threats arises primarily from the amount of data collected about users and the way in which it is collected, how it is handled, and last but not least, also from the legal and political environment of the People’s Republic of China,” the authority said to TikTok.
However, its apps are still available for download on iPhones and Android. In addition, the office is still processing the analysis and its outcome cannot be predicted.
Cheap through forced labor?
In mid-March, the US House of Representatives passed a bill that would allow the banning of the social network TikTok. While it is unclear whether the radical move will force the Chinese to ditch the service, the proposal would allow the US government to ban other digital services “controlled by foreign rivals”.
As some evaluations suggest, online platforms Temu and Shein may be such candidates. The USCC’s US-China Economic Cooperation Security Commission report, which makes legislative recommendations to Congress, mentions some of the risks that have earned these marketplaces attention.
“Shein and similar companies present a number of challenges to US interests, including difficulties in monitoring sources of supply and barriers to ensuring fair market conditions vis-à-vis US competition,” the report said.
For example, he cites the findings of Bloomberg News, which revealed through tests that the clothes sold on Shein are made of cotton from Xinjiang province, which is in direct violation of the Uyghur Forced Labor Prevention Law. In order for cotton from the area to be exported, Shein would have had to prove that it was not the product of the forced labor of an ethnic minority, which it did not happen. China is trying to re-educate the Uyghur minority, which is striving for autonomy, by locking them up in internment camps, dictating their appearance and banning their language.
Temu’s parent company PDD Holdings and its shopping app Pinduoduo were also pillaged. The non-profit organization China Labor Watch accused the company of extreme pressure on employees to work 380 hours a month.
In 2023, CNN reported on a dangerous malware in the Pinduoduo application that allowed an unprecedented data leak. According to security experts, the software made it possible to monitor activities in other applications, check incoming notifications, read private messages and change phone settings. The firm denied that the app was dangerous, but in March 2023, Google suspended downloads of the app due to these findings.
One of Pinduoduo’s employees described that in 2020, the company created a team of around a hundred engineers and product managers to look for vulnerabilities in phones and develop ways to exploit them. Allegedly with the aim of spying on users, competition and thereby increasing sales.
Several security experts have rated the app as dangerous. “I’ve never seen anything like this, it’s super expansive,” Sergey Toshin, founder of security startup Oversecured, said of the app’s background to CNN, calling the app “the most dangerous malware.”
Spyware? “We meet the standards”
According to the US company Grizzly Research, which conducts research on publicly traded companies through in-depth due diligence audits, the team of experts behind the problematic application has been disbanded, but has all moved to Temu.
Grizzly Research released a highly critical study in September 2023 that analyzes the source code of the Temu application and the processes on which it runs. It warned that the shopping app is the most dangerous malware/spyware currently on the market. It talks about pillaging customer data and warns against its use.
“From the moment you install the app, Temu is able to hack your phone, override your privacy settings, gain access to your contacts, exact location, in some cases take screenshots of running apps and, depending on the permissions granted, access your text messages and other documents on the phone,” the message reads.
He denies the accusation through his spokesperson. They claim that these are baseless claims from a company that bet on a fall in stocks and wants to profit from it. He adds that shares of parent PDD Holdings, listed on the New York Stock Exchange NASDAQ, have risen by more than 30 percent since the report was published.
Media representative Temu Miłosz Ciekalski pointed out that the company meets strict safety standards. “Temu’s security practices have been independently certified by Germany’s DEKRA to meet strict global standards,” SZ Byznys said. It is also said to be working with “ethical hackers” who reveal system weaknesses.
He also directly denied that the app had access to sensitive data on the phones. “Temu does not have access to device features such as microphone, bluetooth, photos, contacts, clipboard, location and other permissions such as calendars,” he added.
No analysis of this application has yet been created in the Czech Republic. However, some e-shops claim that marketplaces such as Allegro, Kaufland and Temu buy advertising space in large quantities. In addition, in mid-March, the Association for Electronic Commerce (APEK), which represents e-shops, filed a motion to investigate Temu’s activities with the Czech Trade Inspection. According to her, for discounted goods, the marketplace does not list the lowest price for the last thirty days, as required by law, but calculates the discount from the recommended or retail price.
“Temu actively reviews discount display practices to ensure it complies with all applicable laws and regulations,” a spokesperson responded.
