• dhork@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    5 months ago

    “Temu is designed to make this expansive access undetected, even by sophisticated users,” Griffin’s complaint said. “Once installed, Temu can recompile itself and change properties, including overriding the data privacy settings users believe they have in place.”

    That’s just nuts

    • dev_null@lemmy.ml
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      5 months ago

      Yeah, it is. It’s such an extraordinary claim.

      One requiring extraordinary evidence that wasn’t provided.

      “It’s doing amazing hacks to access everything and it’s so good at it it’s undetectable!” Right, how convenient.

      • GenitalHurricane@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        5 months ago

        Libmanwe-lib.so is a library file in machine language (compiled). A Google search reveals that it is exclusively mentioned in the context of PDD software—all five search results refer to PDD’s apps. According to this discussion on GitHub, “the malicious code of PDD is protected by two sets of VMPs (manwe, nvwa)”. Libmanwe is the library to use manwe.

        An anonymous user uploaded a decompiled version of libmanwe-lib to GitHub. It reads like it is a list of methods to encrypt, decrypt or shift integer signals, which fits the above description as a VMP for the sake of hiding a program’s purpose.

        In plain words, TEMU’s app employed a PDD proprietary measure to hide malicious code in an opaque bubble within the application’s executables

    • paraphrand@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      5 months ago

      This is why companies like Apple are at least a tiny bit correct when they go on about app security and limiting code execution. The fact it aligns with their creed of controlling all of the technology they sell makes the whole debate a mess, though. And it does not excuse shitty behavior on their part.

      But damn

      And if they got this past Apple in their platforms. That’s even wilder.

      • chiisana@lemmy.chiisana.net
        link
        fedilink
        English
        arrow-up
        0
        ·
        5 months ago

        The article linked to the analysis and on a quick glance, it seems to be done entirely against the Android variant of the app. This makes sense because if the alleged actions are true, they’d never have gotten on to the App Store for iOS Apple users… or at least as of a couple months ago. Who knows what kind of vulnerability is exposed by Apple only doing limited cursory checks for 3rd party App Stores.

  • Bluefruit@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    5 months ago

    Shocked i tell you. I am shocked.

    No way an app would collect data it doesnt need. Preposterous.

    Next thing you’ll tell me is that tiktok is doing the same thing!

        • TWeaK@lemm.ee
          link
          fedilink
          English
          arrow-up
          0
          ·
          5 months ago

          Erm, WhatsApp would suggest otherwise.

          WhatsApp was the vector for zero click access to a target’s phone from Israel’s weapons grade hacking Pegasus toolkit. They would send a video call, typically in the middle of the night, and with no input from the used they’d get full access. My personal belief is that they used functionality WhatsApp itself uses to access user data.

          There was also an encrypted phone called ANOM, which had this trick calculator app with a hidden encrypted messager. “Made for criminals, by criminals”. Except, when the guy started his business he got investment from the FBI and Australian Federal Police to pay for the servers and some of the phones themselves. Basically every time it sent an encrypted message it sent a separate encrypted message to the ANOM servers. It’s entirely possible (perhaps even likely) that WhatsApp would do this also.

          As for Google, they’re truly insidious. Lots of banks now require you to connect to Google captcha servers - they don’t give you the pictures, it’s just the back end, basically the tracking parts. Then there’s the controversy about them collecting location data when users have said no. They absolutely do collect data they shouldn’t.

  • dev_null@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    5 months ago

    I’m sure Temu collects all information you put into the app and your behaviour in it, but this guy is making some very bold claims about things that just aren’t possible unless Temu is packing some serious 0-days.

    For example he says the app is collecting your fingerprint data. How would that even happen? Apps don’t have access to fingerprint data, because the operating system just reports to the app “a valid fingerprint was scanned” or “an unknown fingerprint was scanned”, and the actual fingerprint never goes anywhere. Is Temu doing an undetected root/jailbreak, then installing custom drivers for the fingerprint sensor to change how it works?

    And this is just one claim. It’s just full of bullshit. To do everything listed there it would have to do multiple major exploits that are on state-actor level and wouldn’t be wasted on such trivial purpose. Because now that’s it’s “revealed”, Google and Apple would patch them immediately.

    But there is nothing to patch, because most of the claims here are just bullshit, with no technical proof whatsoever.

  • Snapz@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    5 months ago

    Have any of you actually ever stopped to process what the tagline, “I’m shopping like a billionaire” means?

    I’ve always interpreted it as,

    I’m needlessly buying things that don’t make me happy, but making the purchase without any hesitation, knowing that the purchase price could never financially impact me in any real way. When I purchase the thing, I’ll probably never use it or actually take it out of the box even. It is just empty, hollow. And somewhere inside, I always know that it’s all only possible, because I’m actively exploiting the cheap labor of scores of other people that are made to perpetually suffer in generations of abject poverty to allow for my relative comfort…

    🎶*“I’m shopping like a billionaire!”*🎶

    • Captain Poofter@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      5 months ago

      I am disabled and have limited income I don’t have control over increasing or decreasing. I use temu to save a lot of money on essential things that should be cheap but are still overpriced in America. Sponges. Rags. Soaps. Pens. Tools. Home improvement hardware. Plant grow supplies. Gifts for me nieces. The tagline, is just a tagline. Billionaires are not like me and scouring for cheap magic sponges.

      Edit: also, temu did not invent drop shipping. Shopping on amazon is literally the same thing.

      • PythagreousTitties@lemm.ee
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        5 months ago

        Good to know people that are disabled don’t mind using shitty maleware apps, I guess?

        What’s your point combining using the malware app with you being disabled? Is that supposed to make the app better somehow?

        You’re not special because you’re disabled. Things you use aren’t magical amazing. You’re still the same as everyone else.