Google’s decision to suspend Pinduoduo’s app from its Play Store has sparked a heated debate among cybersecurity experts and users alike. The move follows a report by Chinese researchers who claimed that Pinduoduo’s app was abusing several Android vulnerabilities to spy on users and gain root access to their devices.
Pinduoduo is one of China’s largest e-commerce platforms, with over 800 million active users and over $200 billion in annual sales. The company is known for its low prices and group-buying deals that encourage social interactions among shoppers.
However, Pinduoduo’s app has also been accused of being intrusive and aggressive in its data collection practices. According to DarkNavy’s analysis, Pinduoduo’s app exploited three zero-day vulnerabilities in Samsung phones that were previously used by a commercial surveillance vendor to target high-profile individuals.
The researchers said that Pinduoduo’s app could use these exploits to bypass Android’s security mechanisms and gain complete control over the device. This would allow it to access sensitive information stored by other apps, such as contacts, messages, photos and location data. Moreover, Pinduoduo’s app could also prevent itself from being uninstalled or detected by antivirus software.
DarkNavy did not disclose how they discovered Pinduoduo’s malicious behaviour or how many users were affected by it. They also did not provide evidence that Pinduoduo was intentionally using these exploits for malicious purposes or collaborating with any third-party actors.
Pinduoduo denied wrongdoing and said its app was safe and compliant with Google’s policies. The company said it had fixed some minor issues reported by Google and was working with them to resolve any remaining concerns.
Google confirmed that it had temporarily removed Pinduoduo’s app from its Play Store pending further investigation. The company said it takes user privacy and security seriously and regularly scans apps for potential threats.
The incident has raised questions about how Google monitors and enforces its security standards for apps on its platform. Some critics argued that Google should have detected and blocked these exploits sooner or notified users more transparently. Others suggested that Google should impose stricter penalties or even ban apps that violate its policies or endanger users’ safety.
Meanwhile, some users expressed frustration and anger over Pinduoduo’s alleged abuse of their trust and privacy. Some said they would stop using Pinduoduo’s services or switch to alternative platforms such as Alibaba or JD.com. Others said they would take legal action against Pinduoduo or seek compensation for any damages caused by its app.