Google suspends Chinese shopping app Pinduoduo over malware issues

Pinduoduo started out in 2015 to cover markets that Alibaba and JD.com neglected. PHOTO: REUTERS
Updated
March 21, 2023 at 6:00 PM
Published
March 21, 2023 at 3:35 PM

MOUNTAIN VIEW, California – Google has suspended PDD Holdings’ main Chinese shopping app Pinduoduo after discovering malware in unsanctioned versions of the software, dealing a blow to one of China’s biggest online retailers.

Google said on Tuesday that it was investigating the matter and suspended downloads of the Play Store version of Pinduoduo as a security precaution. It did not mention Temu, PDD’s popular shopping app for the United States, which remains available to download.

The move may cast a cloud over the company at a time when American lawmakers have accused Chinese-owned apps such as TikTok of potentially threatening national security. While Pinduoduo is largely used in China, it is rare for Google to freeze downloads of a major app of its size and scale.

Google warned users on Tuesday to uninstall off-store versions of Pinduoduo. It was unclear whether other local app stores run by Huawei Technologies, Xiaomi and Tencent Holdings were looking into the allegations.

PDD’s main shopping app serves more than 700 million mainly Chinese users monthly, and is more commonly downloaded via domestic platforms as Google’s is not available in China.

“Google Play Protect enforcement has been set to block installation attempts of these identified malicious apps,” a Google spokesman said. “Users who have malicious versions of the app downloaded to their devices are warned and prompted to uninstall the app.”

Code from previous versions of the app on GitHub show malware present, said Mr Shawn Chang, founder and chief executive of Hong Kong-based security firm HardenedVault, who was aware of the industry talk but has not examined the software in detail or spoken with PDD.

“According to that publicly available information, PDD has used n-day/zero-day exploits, targeting Android parcel serialisation/deserialisation to gain system privileges,” he said.

PDD, which reported disappointing sales on Monday, has in recent years taken market share from leaders Alibaba Group Holding and JD.com while aggressively expanding in North America with Temu.

Investors previously pushed PDD shares to their highest in more than a year, identifying the eight-year-old company as a winner in the escalating battle to win over Chinese consumers.

PDD started out in 2015 with the aim of covering markets that Alibaba and JD.com neglected, such as poorer rural cities. The company has since moved into pricier goods, covered more cities and launched a US app that has surged in popularity in just a few months.

Much like fast-fashion upstart Shein, Temu is capturing American shoppers with bargains at a time when most consumers are tightening their belts. Temu was the most downloaded app on Apple’s US app store for much of the past few months. It achieved about US$500 million (S$670 million) gross merchandise value in the US during its first five months of operation, according to data analytics firm YipitData. In January alone, sales were almost US$200 million, the data show.

Temu launched in Canada, its second market, in February. BLOOMBERG

More On This Topic
Singapore users among those who downloaded malicious software: IT security firm
Britain bans TikTok on government devices over security concerns

Join ST's Telegram channel and get the latest breaking news delivered to you.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 076/10/2022, MCI (P) 077/10/2022. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2023 SPH Media Limited. All rights reserved.

Back to the top