Which and how much data we reveal about ourselves is an important decision that is sometimes made too quickly for us by apps on our cell phones. Some software is downright nosy and demands access to data that shouldn’t be their business.
Shopping apps in particular are crazy about collecting. Name, address, bank details, preferences: all of this is stored, primarily to improve the shopping experience. In addition, China is repeatedly accused of espionage, most recently with its e-commerce app Pinduoduo, which was banned from the Google Play Store.
But what about Temu? Does the app collect more than it should? And above all: what data about you is this?
We have summarized for you what Temu actually is and whether you can basically trust the cheap shopping app:
Temu requires access to a lot of data
Under the subheading
Personal information we collect and retain there is a whole list of points, 22 in number. These include, among others:
- contact details such as names, email addresses and telephone numbers
- Demographic information such as gender, birthday and place of residence
- Profile data such as biographical information, social media accounts and interests
Temu also states that it collects data from third parties. For example, the app sees which network you are connected to, device performance logs, browser type, CPU usage and more.
In addition, the software stores data about websites you have visited, as well as how long the access and browsing times were.
Is that unusual? No, many apps collect third-party data. In addition, Temu discloses what personal information is stored via data protection regulations. By creating an account you agree to this. Of course that doesn’t make it any better.
The data protection measures of Shein, Wish and Amazon read very similarly. It is common practice to harvest and exploit the personal information of its buyers, which neither excuses nor makes it more viable.
What do experts say about this?
According to a report by CNBC, Temu has already been accused of privacy risks. The reason: The sister app Pinduoduo from the same company (PDD Holdings) was removed from the Google Play Store in March.
The malware in Pinduoduo was found to exploit specific vulnerabilities of Android phones to bypass user security permissions, access private messages, change settings, view data from other apps and prevent uninstallation.
Pinduoduo requested no fewer than 83 permissions, almost four times more than Temu. Google then identified them as
malicious app and asked users to uninstall it. The Chinese online retailer denied the claims.
Experts like Sean Duca, vice president of cybersecurity company Palo Alto Networks, view the collecting frenzy with suspicion.
Personally, I wouldn’t want my biometric data to be stored anywhere other than on my device […] Biometric data is much more valuable than anything else because, unlike passwords, I can’t easily change my fingerprint.
Duca, vice president of cybersecurity company Palo Alto Networks
He also looks critically at information about the network. The company does not need this and information about it can be very lucrative for criminals. So why should the app store such data?
Nevertheless, experts are waving the Temu app through. Daniel Thanos, vice president and head of Arctic Wolf Labs, the threat analysis division of the cybersecurity company Arctic Wolf, makes a clear statement:
There are no reports of malicious features said to be present in the official Play, App Store or third-party versions of Temu. The keys used in the Pinduoduo malware are not the same ones used to sign the Temu app.
Daniel Thanos, vice president and head of Arctic Wolf Labs, the threat intelligence division of cybersecurity company Arctic Wolf
One analyst in the CNBC article even stated that he generally views social media platforms more critically than shopping apps.
How careful should you be?
Personal data is always a delicate matter. Many other people think so too, which is why a class action lawsuit was filed against Temu in the USA two days ago. This is what Top Class Action, a news site about law in the United States of America, writes.
The plaintiff alleges that Temu relaxed its security policies, enabling or at least facilitating the systematic theft of its customers’ personal and financial information.
That’s consistent with a statement from CNN that Pinduoduo dismantled a team of developers and product managers after Google removed the app from its Play Store. That was back in March 2023.
A large part of the team has been transferred and is now working on Temu.
We therefore recommend keeping an eye on changes to data protection measures if you use the app regularly.
First and foremost, Temu is no more data hungry than other (shopping) apps. By creating your account and agreeing to the data protection measures, you accept the company’s approach. This is standard for us today, but it should always be questioned.
With its 22 points in the data protection guidelines, Temu does not stand out negatively – or at least no more negative than shops like Shein, Wish or Amazon. Experts deny that the e-commerce platform poses a specific threat, but question the data collection of apps as such.
Personal information can provide a resource for cybercriminals who use personal information against its owners to harm them.
Although Temu is not the focus, a class action lawsuit has been filed against the platform regarding its handling of personal data, the outcome of which is still unclear.
If you consider that Google’s sister app Pinduoduo was banned from the Play Store, you’re left with a bad taste.
Therefore, as always: Be careful who you trust with your data.
As cheap as Temu’s offerings may be, nothing comes without a price. What about greenwashing and human rights in cheap shopping apps?
We talked to psychologist Jolina Bering about the perfidious tricks of these apps and how you can defend yourself.
It turns out that Temu doesn’t store any more personal information than other apps of the same ilk. However, that doesn’t make the data collection craze as such any better. How do you handle your personal data? Do you accept cookies in the browser or do you keep everything under lock and key?