Arizona Attorney General sues Temu(Online Shopping Platform) over malware, data exfiltration activities and more
Arizona Attorney General sues Temu(Online Shopping Platform) over malware, data exfiltration activities and more
Attorney General Mayes Sues Online Shopping Platform Temu for Stealing Arizonans’ Data and Misleading Consumers | Attorney General's Office
The complaint alleges that Temu does much more than provide Arizonans access to cheap goods. Modeled after an earlier Chinese app, Pinduoduo, the Temu app is allegedly designed to harvest sensitive user data without users’ knowledge or consent and to evade detection.
Temu allegedly collects an alarming amount of sensitive user data and personally identifiable information (PII) that goes far beyond what is necessary for a typical online shopping app. According to the lawsuit, the app secretly infiltrates users’ devices to access and harvest sensitive information, including the user’s precise physical location, the phone’s microphone and camera, and the user’s private activity on other apps installed on the phone, all without their knowledge or consent.
A review of the Temu app’s code allegedly shows that it is purposely designed to evade front-end security review, using multiple layers of encryption to shield its processes from forensic inspection. The app is even able to edit its own code once downloaded to a consumer’s phone, potentially allowing it to exploit users’ PII and other data—or otherwise control the device—in unknown and unknowable ways. These serious privacy risks are compounded by the fact that Temu is wholly owned by a Chinese company and subject to Chinese law, including laws that mandate secret cooperation with the Chinese Communist Party’s intelligence apparatus.
In addition to the alleged privacy violations, the complaint also alleges that Temu has engaged in deceptive and unfair trade practices in the offer and sale of products and in the resolution of consumer complaints, including:
- Advertising items that look nothing like the items that eventually arrive;
- Faking customer reviews;
- Using consumer payment information to order items the consumer never asked for;
- Misappropriating the intellectual property of U.S.-owned companies, including some of Arizona’s most iconic brands including the Arizona Cardinals, Fender Guitars, the University of Arizona, Arizona State University, and Northern Arizona University;
- Charging for goods not ordered or not delivered;
- Using bait and switch signup schemes to lure users to invite their friends to the app in exchange for the promise of prizes and rewards that never arrive; and
- Using forced labor in clear violation of U.S. trade policies.