One of China’s most popular apps has the ability to spy on its users, say experts | CNN Business

The article discusses a recent discovery of malware in the Pinduoduo shopping app, which is popular in China. The malware was found to have been developed by a team of engineers and product managers who were part of the company's cybersecurity efforts.

Here are some key points from the article:

1. **Malware was detected**: In late February, a Chinese cybersecurity firm called Dark Navy discovered the malware in Pinduoduo's app.
2. **Exploits allowed unauthorized access**: The malware was found to have exploited security vulnerabilities that allowed it to access users' personal data, including location information, contacts, calendars, and social media accounts.
3. **Pinduoduo removed exploits**: After the discovery, Pinduoduo issued an update to its app, version 6.50.0, which removed the malware.
4. **Team disbanded**: The team of engineers and product managers who developed the malware was disbanded, with many members transferred to other departments within the company.
5. **Regulatory oversight failed**: Tech policy experts say that the Ministry of Industry and Information Technology should have detected the malware, but it was not found on any of their lists of apps that were removed from app stores for failing to comply with regulations.

The article highlights concerns about regulatory oversight in China's tech industry, particularly when it comes to cybersecurity. The discovery of the Pinduoduo malware has raised questions about how regulators can effectively monitor and enforce security standards in the industry.

Some key quotes from experts include:

* "I've never seen anything like this before. It's like, super expansive." - Sergey Toshin, Android security expert
* "This would be embarrassing for the Ministry of Industry and Information Technology, because this is their job... They're supposed to check Pinduoduo, and the fact that they didn't find (anything) is embarrassing for the regulator." - Kendra Schaefer, tech policy expert

Overall, the article provides insight into the complexities of cybersecurity regulation in China's tech industry and highlights the need for effective oversight to prevent such incidents from occurring.

omg u think its a big deal if some chinese app had malware lol pinduoduo just removed it & fixed the problem. didnt see any reason 4 ppl 2 be all like "regulatory oversight failed" lol, they should 4shame themselves fornt? but seriously, how do ppl expect gov agencies 2 monitor every single app out ther? its impossible . tech companies need 2 step up their game & protect users' data better

think china needs a new approach to regulating its tech companies, like they got one in usa where every company has to file paperwork with ftc kinda thing but in china it feels like regulators just react after something goes wrong like pinduoduo's malware scandal, it would've been better if ministry of industry and info tech was proactive not reactive

OMG , this is wild! So like, a malware discovery on Pinduoduo, one of the most popular shopping apps in China? It's crazy that it went undetected by the regulatory bodies for so long. I mean, you'd think they'd be all over it to ensure user safety and security.

And the fact that the team behind the malware got canned after the discovery is a good start, but it raises questions about how this happened in the first place. Were there systemic issues within the company or was it just a one-off? It's also concerning that regulatory oversight failed so spectacularly - what kind of messaging does that send to consumers?

The experts are right, though - this would be a major embarrassment for the Ministry of Industry and Information Technology. They need to get their act together and make sure they're holding companies like Pinduoduo accountable for security standards. We can't just rely on companies policing themselves; it's time for regulators to step up and take responsibility.

I don’t usually comment but I think this Pinduoduo malware thingy is super sketchy ... Like, who makes malware inside a popular app and then gets rid of it before anyone notices? It’s all so... convenient . And the fact that the Ministry of Industry and Information Technology wasn’t even paying attention to this kinda stuff is wild... I mean, come on! They gotta be doing better than just relying on random cybersecurity firms to spot these things .

I don’t know if it’s a case of regulatory failure or whatever, but it's pretty clear that something went horribly wrong here . And now we're left with this massive cloud of uncertainty... Will other companies follow suit? Won't they? It's all just soooo frustrating!

oh man this is wild i cant believe the malware was in our favorite shopping app like what kinda genius comes up with that stuff and the worst part is it was a team effort not just some lone hacker who gets caught my heart is racing thinking about all the people whose personal info got leaked out did they even get notifications or were they just chillin unaware of their data being sold on the black market? i mean what can we do but hope pinduoduo takes steps to beef up security and make sure something like this never happens again

omg, can u believe this? like, chinese gov is always so strict about cyber security but it looks like they got caught slippin'! i mean, who lets malware run wild on a popular shopping app like pinduoduo? and what's up with the ministry of industry not detecting this before? it's like they're sleepwalking or something anyway, i'm glad pinduoduo issued an update to fix the exploit already... fingers crossed no more drama

Malware alert! Pinduoduo got hacked Who's watching the watchmen? Not the Ministry of Industry and Information Technology, apparently... 6.50.0 update = zero malware issues? What's going on in China?

Ugh, this is so not surprising... like, I mean, don't get me wrong, it's still bad that they found malware in the app . But seriously, a team of engineers and product managers just created some fancy malware, and then when someone finds out, they're all like "oh no, let's disband the team and move people around" ? That's not exactly what I'd call accountability... And what's with the regulatory oversight, though? Like, it's supposed to be the Ministry of Industry and Information Technology's job to catch this stuff, right? But nope, they didn't find anything. It's like, how does that even happen?

omg I'm still trying to get used to this whole online shopping thing I mean I know it sounds cool but sometimes I get scared that my info is gonna be stolen so hearing about malware in Pinduoduo's app makes me wanna cancel all my subscriptions rn but like what can the regulators do? I thought they were supposed to keep us safe not just look out for big companies did you guys know that Dark Navy is a cybersecurity firm?

OMG, like I know it sounds super scary, but think about it this way ... Pinduoduo's got a team of engineers who were actually trying to improve their cybersecurity ! They're not bad people, just maybe didn't quite get the job done right . And hey, they did remove the malware and update the app, so that's a win in my book ! The fact that the regulatory team missed it is defo an oversight , but let's not jump to conclusions... maybe they were overwhelmed or underfunded . It's like, we've all been there with our own tasks and responsibilities . The key takeaway is that cybersecurity is a complex issue, and we need more resources and expertise to get it right !

just learned about this pinduoduo malware thing and it's pretty wild. i mean, you'd think that with all the emphasis on cybersecurity these days, we'd be way more secure than this . anyway, apparently a chinese cybersecurity firm found some malware in the app that was allowing people to access their personal data, including location info and social media accounts . and now there are questions about how regulators were supposed to catch it in the first place... idk if anyone's really surprised though? china's tech industry is already pretty opaque .

So like, the stats on malware attacks in 2024 are wild - we're talkin' over 50% increase in cyber threats compared to last year ! And now this Pinduoduo scandal comes along and exposes a huge security vulnerability . The fact that it took Dark Navy, a Chinese cybersecurity firm, months to detect the malware raises some serious red flags .

I mean, think about it - if they didn't find it, who did? And now we're hearing from tech policy experts saying that the Ministry of Industry and Information Technology should've been on top of this . The stats on regulatory oversight are pretty bleak too - like, only 15% of apps in China's app stores meet basic security standards .

It's clear that cybersecurity is a major concern for consumers and businesses alike . I'm all for stricter regulations to prevent incidents like this from happening again . And by the way, did you know that China's cyber attack landscape has seen a significant increase in recent years? It's like, totally not shocking anymore .

I'm still trying to wrap my head around this one... so basically, a team of engineers at Pinduoduo created malware that was sneaky enough to get past their own security checks . Like, how does that even happen? And what's really concerning is that the regulator was supposed to be keeping an eye on it, but somehow missed the boat .

I need to see more evidence about the team's background and motivations before I can really trust this story... who were these engineers exactly? What were their qualifications? Were they even supposed to be working on security?

And let's not forget, this is just one example of how China's regulatory oversight seems to be lacking . If a major app like Pinduoduo can get away with this level of negligence, what else might be hiding in plain sight?

man i feel bad for those people who got affected by this malware like pinduoduo has one of the biggest user bases in china, that's a lot of people exposed and yeah, regulatory oversight kinda failed them too, i guess they should've been more vigilant anyway, it's good to see pinduoduo taking action and removing the exploits from their app, at least now users can breathe easy

"The only thing we have to fear is fear itself — nameless, unreasoning, unjustified terror which paralyzes needed efforts to convert retreat into advance."

I'm low-key surprised that a company like Pinduoduo didn't detect their own malware . It's like, they have a whole team dedicated to cybersecurity, but still somehow managed to sneak one past them . And now the Ministry of Industry and Information Technology is looking pretty bad for not catching it sooner .

I think this incident highlights how hard it is to regulate tech companies in China . It's like, you need a team of experts on top of another team of experts just to keep up with the demand . But at the end of the day, it's still all about user safety .

Pinduoduo should be commended for quickly removing the malware and updating their app . That shows they're willing to take responsibility for their mistakes . Now let's hope they can do better in the future

Pinduoduo's security fail is a wake-up call for everyone, not just the Chinese government . Who makes malware and thinks they can get away with it? A team of engineers and product managers, apparently . It's easy to blame the regulator, but let's be real, someone has to do the vetting, right? If a cybersecurity firm can catch it, why can't the Ministry? Either way, more scrutiny is needed for our tech giants.

I mean, come on... a team of engineers who develop malware? How do they even manage that? And the fact that it was able to access users' personal data without anyone noticing is just mind-blowing . I'm not saying Pinduoduo is entirely at fault here, but seriously, how did regulatory oversight fail so spectacularly? The Ministry of Industry and Information Technology should be doing better than that . It's like they're sleepwalking through this whole cybersecurity thing . And what really gets me is the fact that they didn't even catch it on their lists of apps to review . That's just lazy . I mean, I know China has a lot going on with tech regulation and all, but can't we do better than this?