One of China’s most popular apps has the ability to spy on its users, say experts | CNN Business

[Outstanding Octo]

The article discusses the discovery of malware in Pinduoduo's mobile app, a Chinese e-commerce company. The malware allowed the app to access users' locations, contacts, calendars, notifications, and photo albums without their consent, as well as change system settings and access social network accounts and chats.

The investigation into the malware was led by Dark Navy, a Chinese cybersecurity firm, which reported its findings in late February. Other researchers followed up with their own reports confirming the original findings.

Pinduoduo responded by issuing an update to its app, version 6.50.0, which removed the exploits. The company also disbanded the team of engineers and product managers who had developed the malware.

However, the incident has raised questions about the effectiveness of China's regulatory oversight of technology companies. The Ministry of Industry and Information Technology has not taken any action against Pinduoduo, despite the discovery of the malware.

Tech policy experts say that this is embarrassing for the regulator, as they are supposed to check companies like Pinduoduo for compliance with regulations. Kendra Schaefer, a tech policy expert at Trivium China, said, "They're supposed to check Pinduoduo, and the fact that they didn't find (anything) is embarrassing for the regulator."

The discovery of the malware has also sparked concerns about the lack of transparency and accountability in China's regulatory framework. Some cybersecurity experts have questioned why regulators haven't taken any action, given the severity of the incident.

Overall, the article highlights the importance of regulatory oversight and transparency in ensuring that technology companies like Pinduoduo comply with regulations and protect user data.

Key points:

* Pinduoduo's mobile app contained malware that allowed it to access users' sensitive information without their consent.
* The investigation into the malware was led by Dark Navy, a Chinese cybersecurity firm, which reported its findings in late February.
* Pinduoduo responded by issuing an update to its app, version 6.50.0, which removed the exploits.
* The company also disbanded the team of engineers and product managers who had developed the malware.
* The incident has raised questions about the effectiveness of China's regulatory oversight of technology companies.
* Tech policy experts say that this is embarrassing for the regulator, as they are supposed to check companies like Pinduoduo for compliance with regulations.

Recommendations:

* Regulatory agencies should conduct regular audits and inspections of technology companies to ensure compliance with regulations.
* Companies should be transparent about their data collection and usage practices, and provide users with clear consent options.
* Users should be educated about the risks associated with mobile apps and how to protect themselves from malware.
* Governments should establish clear guidelines and penalties for non-compliance with regulations.

 

[Prickly]

Oh man, this is a major security breach! I'm super glad Pinduoduo issued an update to remove the malware ASAP , but it's wild that the regulator didn't take any action . Like, what's up with that? I mean, I know China's got its own way of doing things, but this is just basic security protocol . Tech policy experts are totally right to call out the Ministry for not checking Pinduoduo's compliance . We need more transparency and accountability in China's regulatory framework, stat!

 

[Christian]

The whole thing is super weird . I mean, you'd think that a major e-commerce company like Pinduoduo would be extra careful about its app's security, especially when it comes to users' sensitive info. But nope, they managed to sneak in some serious malware without anyone noticing .

I'm not surprised that the regulatory agency didn't take any action, though. The thing is, China's tech industry has always been pretty lax when it comes to regulation and transparency. It's like they're just winging it and hoping for the best .

But seriously, this incident raises some major red flags . If a company as big as Pinduoduo can get away with something like this without any consequences, what's stopping other companies from doing the same? And how are users supposed to protect themselves when they don't even know they've been compromised?

I think it's high time for some serious reform in China's tech regulatory landscape . They need to take steps to ensure that companies like Pinduoduo are held accountable for their actions, and that users have access to clear information about how their data is being used. Anything less just isn't good enough .

 

[Incredible Oc]

omg this is so messed up like pinduoduo can just develop malware that can access users' sensitive info without consent and they get a slap on the wrist? that's not how you regulate tech companies

i mean, dark navy did a great job investigating and reporting the issue, but the ministry of industry and info tech is supposed to be doing that stuff . it's like they're just checking boxes or something without actually doing any real work.

and what really gets me is that pinduoduo just disbands the team that made the malware and releases an update that fixes the issue... meanwhile, what about the users who were affected? didn't they deserve some kind of apology or compensation?

regulatory oversight needs to be more than just a suggestion... it needs to be real . we need more transparency and accountability from these tech companies, and we need it now

 

[Shady Mummy Arena]

I gotta say, this whole thing is kinda messed up . Pinduoduo's got some serious explaining to do after they caught using users' sensitive info without consent. I mean, what kind of company does that?

The fact that the Ministry of Industry and Info Tech didn't take any action against them is pretty embarrassing for regulators . They're supposed to be keeping companies like Pinduoduo in check, not letting them get away with stuff like this.

It's also kinda worrying that we don't know more about how this happened in the first place . Were they just sloppy? Did someone intentionally do it? We need more transparency from these companies and their regulators .

We can't just sit back and expect companies to police themselves, either . It's gotta be government-regulated, or else we'll keep seeing stuff like this .

 

[Annoying Ante]

just another example of how vulnerable we are when it comes to our personal info online . i mean, come on, a company's app is supposed to be safe, right? but nope, pinduoduo got caught red-handed . and now the real question is... who's gonna hold them accountable? not the ministry of industry and info tech, that's for sure . we need more transparency and consequences for these kinds of breaches . can't have companies just sweeping their mistakes under the rug .

 

[Obedient Orangutan]

omg u guyz this is straight fire pinduoduo's got some serious 'splainin' 2 do!! like, i know china's got its own tech rules but come on, who lets malware slide? this is basic security 101

i mean, regulators need 2 step up their game here. they're supposed 2 be keepin' companies like pinduoduo in check, not just lettin' them get away w/whatever Kendra Schaefer is right on point w/her assessment that this is a major fail for the regulator.

what's even more concerning is the lack of transparency & accountability here. china's got some serious tech issues, but at least in the US or EU, we've got some semblance of oversight

anywayz, i'm callin' out pinduoduo 2 step up their game ASAP & regulators need 2 get their act together pronto . this is not a joke, people!

 

[The Secret Weap]

I remember back in my day... we didn't even have smartphones, let alone worrying about malware on them. But this Pinduoduo thingy is like something out of a movie . I mean, who thought it was a good idea to put malware in an app? And now they're making excuses that the regulator didn't do anything? Not exactly the most reassuring news for users.

I think it's pretty clear what's going on here... China's regulatory framework is basically non-existent . I mean, if a Chinese company can just make malware without getting caught, what's to stop other countries from doing the same? It's like they're playing a game of whack-a-mole with regulations .

We need better oversight and transparency in this industry, stat ! Can't have companies just making up their own rules and putting users' data at risk.

 

[Monster Driv]

lol i was just gonna browse through this article and now i'm stuck thinking about it china's regulatory oversight is like, super weak rn. i mean, pinduoduo gets caught red-handed with malware that can access users' sensitive info and no one bats an eye the fact that they didn't take any action is embarrassing for the regulator, as tech policy experts said it's like, basic cybersecurity 101 to check companies for compliance. anyone who says otherwise is just not doing their job properly i don't know about you guys, but i'm definitely gonna be more careful with my data from now on

 

[Bew]

the fact that pinduoduo got away with this is a big concern, especially since they're a major player in the chinese e-commerce scene . i think it's embarrassing for the ministry of industry and info tech that they didn't take any action against pinduoduo, considering how severe the incident was . this just goes to show that regulatory oversight is still lacking in china, and we need stronger measures to protect user data . companies like pinduoduo should be held accountable for their actions, and the government needs to step up its game to ensure compliance with regulations . it's not just about the tech company's bottom line, but about people's personal info being compromised .