One of China’s most popular apps has the ability to spy on its users, say experts | CNN Business

The article reports on the discovery of malware in Pinduoduo's shopping app, which was designed to exploit vulnerabilities in Android devices. The malware allowed the company to access users' sensitive information, including locations, contacts, calendars, notifications, and social network accounts.

According to experts, the malware was discovered by cybersecurity firms in late February, and a report published at that time named Pinduoduo as the company behind the malicious app. However, regulators in China did not take action against the company, despite the fact that the malware would be a clear violation of the country's data protection laws.

The article suggests that the failure to act by Chinese regulators is due to a lack of understanding about technology and coding among regulatory officials. A cybersecurity expert with 1.8 million followers on Weibo wrote in a viral post that "none of our regulators can understand coding and programming, nor do they understand technology."

As a result of the discovery, Pinduoduo's team of engineers and product managers who developed the malware was disbanded, and many of its members were transferred to work on other projects. However, experts warn that even if the malware is removed from the app, it could be reactivated in the future.

The article also raises questions about the effectiveness of China's regulatory framework for protecting user data and preventing cyber threats. With Pinduoduo's case, regulators are supposed to check apps like this but failed to detect them before they were widely known.

omg u guys cant believe what just happened with pinduduo's shopping app they found out it had malware that was exploiting android devices and giving users access to their sensitive info its crazy how chinese regulators didnt take any action against them even though its a clear violation of data protection laws like what are they even doing?

anyway cybersecurity expert on weibo is totally right none of our reg officials can even understand coding and tech so it makes sense that they missed this whole thing i mean pinduduo's team got taken down and some devs got transferred to other projects but what about the users who were affected? did anyone even bother to warn them?

i dont no about china's reg framework but it seems like they need to step up their game ASAP especially when it comes to protecting user data this pinduduo incident is just a major red flag warning sign that somethin is seriously wrong

I'm freaking out over this ! I mean, can you believe a company as big as Pinduoduo would release malware that allows them to snoop on users' personal info? It's like, basic cybersecurity 101, folks! And the fact that Chinese regulators didn't take action is just wild . I think it's pretty clear that they don't understand tech (not saying that's all their fault, but...), and it's up to us as consumers to demand better .

I'm all for giving companies a chance to fix things, but what if Pinduoduo had done nothing? What if the malware was just a one-off mistake? The lack of accountability here is concerning . And let's be real, we've seen this happen before... like with Huawei . It's time for China to up its regulatory game and prioritize user safety !

omg just heard about this pinduoduo got caught with some nasty malware that can access users' sensitive info and no one knows how it slipped through the cracks china's regulators are supposed to be on top of things but apparently they don't know coding or tech what's going on? anyway, pinduoduo fired their team that made the malware but experts say it could come back so we should keep an eye on this [https://www.reuters.com/world/china...ware-activates-after-firing-team-2023-03-23/)

I'm so worried about my phone ! I had no idea that Pinduoduo's app was hiding malware that could access all my personal info. It's crazy how the company can just keep developing stuff like this and nobody does anything about it . I mean, I get that China's data protection laws are a thing, but come on! If the regulators don't know what they're doing, how are we supposed to trust them? And now Pinduoduo's team has been disbanded? Not enough, if you ask me . This is just a huge breach of trust and it's going to take a long time for people like me to feel safe using their app again .

omg can u believe this?? i was just thinking about my niece's birthday party last week she had a huge cake with candles and everything... anyway back to pinduoduo - it's just crazy that chinese regulators dont know anything about tech like what even is coding? idk how they cant figure out if some app is malware or not i mean, i'm no expert but its just basic stuff right? lol and oh yeah, did u see that new movie with the cool cars?

I'm super worried about these types of malware attacks on our personal info . I mean, who wants their location and social media accounts compromised? It's crazy that the regulators in China didn't take action sooner, especially since it's a clear breach of data protection laws . I think we need better tech literacy among regulatory officials so they can keep up with these types of threats . Pinduoduo's decision to disband their team was a good start, but what if someone else creates something similar? We gotta stay vigilant and expect more scrutiny from regulators . The question is, will China revamp its regulatory framework to better protect user data? Only time will tell...

I think regulators in China got it right not taking action against Pinduoduo. I mean, who needs more scrutiny on their coding skills when the company is just following industry trends? It's not like anyone's going to take a stand and call out bad practices now because of one rogue app . And let's be real, if they did take action, it'd be a PR nightmare for Pinduoduo. They'd probably lose all their users and business anyway. The experts who said regulators don't understand tech are just blowing smoke. It's not that hard to spot malware when you've got decent resources. The fact that they didn't is more about the company's own negligence than anything else

the fact that the devs thought it was okay to just leave malware out there is super sketchy... I mean, if your team of engineers and product managers can't even get a simple app right, how do you expect people to trust them with their data? China's regulatory framework needs a serious overhaul. I'm all for learning and growth, but this just shows a lack of basic understanding of tech principles. It's not that hard to code or understand how an app works... especially when it comes to something as simple as malware detection.

omg thats so messed up like who lets malware out in the wild? i'm all for innovation and stuff, but not when it puts people's sensitive info at risk . i feel bad for those chinese devs who got caught up in this mess, but it's a clear case of negligence on the part of the regulators . how can u regulate something u don't even understand?

anyway, its good that pinduoduo took swift action to remove the malware and make changes, but like, what about the people who got affected in the first place? did they get any compensation or support? . chinese gov needs to step up their game when it comes to tech regulation, like, seriously .

and omg, the fact that this happened because regulators dont understand tech is just wild . i mean, come on! if u cant even check for malware, how do u expect people to trust ur apps? . china's got some catching up to do when it comes to data protection and cyber security

I was really surprised when I heard that Pinduoduo got away with malware in their app . Like, I know tech companies can make mistakes, but a major one? It's just mind-boggling that the Chinese regulators didn't take action sooner. I mean, how hard is it to understand coding and tech these days? A cybersecurity expert saying they don't get it is like saying "I don't get why my kid won't eat broccoli" - not entirely believable .

But seriously, this whole thing raises so many questions about China's regulatory framework. Are they just not doing their job or is it really that hard for them to keep up? I think Pinduoduo got lucky in the end, but what if other companies take advantage of this lack of oversight?

I'm glad the company cleaned house after this incident, but it's also a wake-up call for all of us. We need to be more vigilant about our online security and hold companies accountable when they mess up .

omg can you believe this? some ppl think chinese gov is clueless about tech but i think it's more complicated than that... the problem is the lack of transparency and accountability in the industry. if regulators can't even check apps properly then how do we expect them to protect users' data? pinduoduo's mistake was a huge one, but what about all the other companies out there who might be doing similar things behind closed doors? we need better systems in place for reporting and investigating these kinds of threats. this whole thing just highlights how vulnerable our personal info is when it comes to cyber threats... i'm still trying to wrap my head around why pinduoduo didn't get shut down sooner, given the severity of the issue

I'M SO DISGUSTED THAT CHINA'S REGULATORS KNEW ABOUT THIS MALWARE BACK IN FEBRUARY BUT DID NOTHING TO STOP IT! IT'S LIKE THEY JUST WAITED FOR EVERYONE ELSE TO FIND OUT BEFORE TAKING ACTION. THE THING IS, IT'S NOT JUST ABOUT PINDUODUO - IT COULD HAPPEN TO ANY OTHER COMPANY WITH A LOT OF USERS IN CHINA. AND IF THE REGULATORS CAN'T EVEN UNDERSTAND BASIC TECHNOLOGY THEN HOW ARE THEY SUPPOSED TO PROTECT US? IT'S TIME FOR SOME SERIOUS OVERHAUL OF THEIR DATA PROTECTION LAWS AND ENFORCEMENT SYSTEMS.

I'm so over platforms like Pinduoduo thinking they can just sneak around a lack of regulation . I mean, come on, a company as big as that has some serious skin in the game if they're caught exploiting users' info and violating data protection laws... but instead of getting shut down, their team gets disbanded and people get transferred to other projects? Weak sauce . And now we're left wondering how regulators can't even comprehend the basics of coding and tech . It's like, don't they watch any cybersecurity videos or take online courses? Get it together, China! This isn't just about Pinduoduo, it's about a system that doesn't prioritize user safety and security... and it's super frustrating to see platforms like this get away with it .

man this is so messed up pinduoduo got away with some major malpractice and no one's held accountable... it's like they thought the law didn't apply or something . and now we're just supposed to take regulators at their word that they'll do better next time? come on , this is what happens when tech and law don't mesh. chinese gov needs to step up its game and make sure these kinds of threats are taken seriously . pinduoduo's just a symptom of a bigger problem - the fact that chinese regulators can be so clueless about tech .

I'm really disappointed in how Pinduoduo handled this malware issue . I mean, come on, it's not that hard to understand how a piece of code works! If regulators can't even grasp the basics of coding, what do you expect them to do? They're like trying to fix a car engine with a hammer and chisel... not gonna work!

And don't even get me started on how they let this malware go unchecked for so long. It's like they were just waiting for someone to find it and then they could say "oh, we knew it was coming!" The fact that Pinduoduo's team of engineers developed the malware in the first place is a huge red flag, and I'm surprised no one took action sooner!

It's not just about Pinduoduo either... this raises some bigger questions about China's regulatory framework for tech companies. Are they just too scared to take on the big players? Or are there real issues with how tech is being regulated in this country that we don't know about yet? One thing's for sure, I'm not holding my breath waiting for answers...

man this is crazy ... i cant believe chinese regulators didnt take action against pinduoduo when the malware was discovered in february its not just about tech skills, it's about having a basic understanding of whats going on online and protecting users. cybersecurity experts are saying the same thing, that regulatory officials need to get educated on tech so they can spot these threats before they become a big issue

and now pinduoduos engineers who created the malware are in limbo its not just about punishing people, its about holding companies accountable for their actions. china needs to take this seriously and update its regulatory framework to protect user data

Wow , can't believe this happened! Interesting how some Chinese regulators don't seem to know the basics of tech & coding , it's no wonder stuff like this goes unchecked. Like, what kind of monitoring system do they have in place? Should've been flagged months ago!

Umm i dont get why chinese regulators didnt do anything about pinduoduo malware ... like isnt that a big deal? so many people use that app and its vulnerable to all sorts of stuff... i mean, tech experts say its because they dont understand coding and stuff, but like isn't that just an excuse? shouldn't there be some way to know if somethin is sketchy? and what about the people who made this malware? did they get in trouble?

This is so messed up . I mean, who lets malware go wild on their app? It's like they just shrug it off and hope no one notices . And to make matters worse, the regulators in China just sit back and do nothing about it . Like, what even is the point of having laws if you're not gonna enforce them?

I'm all for giving people a second chance, but this time Pinduoduo needs to get their act together . They should be working day and night to fix this problem and make sure it never happens again . And what about the users who got affected by this malware? Have they even been offered any kind of compensation or support?

China's regulatory framework is supposed to protect user data, but honestly, I'm not seeing that happening here . It's like they're just too slow to respond to these types of threats . We need better oversight and more transparency in the tech industry . Otherwise, we'll never get ahead of these cyber threats .